diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-12-19 23:03:56 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-12-19 23:03:56 +0000 |
| commit | 19a8a2ec339772a805b5fb6ff0cfb1a6d41c3aee (patch) | |
| tree | 84bc957472614bc69638edff8de0c8fe157d42da | |
| parent | 144178aadc66965640ee8ff04f28c815335d1b3f (diff) | |
| download | ports-19a8a2ec339772a805b5fb6ff0cfb1a6d41c3aee.tar.gz ports-19a8a2ec339772a805b5fb6ff0cfb1a6d41c3aee.zip | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e55f24047120..54e8a520c35f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,89 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8a835235-ae84-11dc-a5f9-001a4d49522b"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wireshark</name> + <name>wireshark-lite</name> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <range><ge>0.8.16</ge><lt>0.99.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Wireshark team reports of multiple vulnerabilities:</p> + <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2007-03.html"> + <ul> + <li>Wireshark could crash when reading an MP3 file.</li> + <li>Beyond Security discovered that Wireshark could loop + excessively while reading a malformed DNP packet.</li> + <li>Stefan Esser discovered a buffer overflow in the SSL + dissector.</li> + <li>The ANSI MAP dissector could be susceptible to a + buffer overflow on some platforms.</li> + <li>The Firebird/Interbase dissector could go into an + infinite loop or crash.</li> + <li>The NCP dissector could cause a crash.</li> + <li>The HTTP dissector could crash on some systems while + decoding chunked messages.</li> + <li>The MEGACO dissector could enter a large loop and + consume system resources.</li> + <li>The DCP ETSI dissector could enter a large loop and + consume system resources.</li> + <li>Fabiodds discovered a buffer overflow in the iSeries + (OS/400) Communication trace file parser.</li> + <li>The PPP dissector could overflow a buffer.</li> + <li>The Bluetooth SDP dissector could go into an infinite + loop.</li> + <li>A malformed RPC Portmap packet could cause a + crash.</li> + <li>The IPv6 dissector could loop excessively.</li> + <li>The USB dissector could loop excessively or crash.</li> + <li>The SMB dissector could crash.</li> + <li>The RPL dissector could go into an infinite loop.</li> + <li>The WiMAX dissector could crash due to unaligned + access on some platforms.</li> + <li>The CIP dissector could attempt to allocate a huge + amount of memory and crash.</li> + </ul> + + <h2>Impact</h2> + + <p>It may be possible to make Wireshark or Ethereal crash or + use up available memory by injecting a purposefully + malformed packet onto the wire or by convincing someone to + read a malformed packet trace file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-6438</cvename> + <cvename>CVE-2007-6439</cvename> + <cvename>CVE-2007-6440</cvename> + <cvename>CVE-2007-6441</cvename> + <cvename>CVE-2007-6442</cvename> + <cvename>CVE-2007-6443</cvename> + <cvename>CVE-2007-6444</cvename> + <cvename>CVE-2007-6445</cvename> + <cvename>CVE-2007-6446</cvename> + <cvename>CVE-2007-6447</cvename> + <cvename>CVE-2007-6448</cvename> + <cvename>CVE-2007-6449</cvename> + <cvename>CVE-2007-6450</cvename> + <cvename>CVE-2007-6451</cvename> + <url>http://www.wireshark.org/security/wnpa-sec-2007-03.html</url> + </references> + <dates> + <discovery>2007-12-19</discovery> + <entry>2007-12-19</entry> + </dates> + </vuln> + <vuln vid="31b045e7-ae75-11dc-a5f9-001a4d49522b"> <topic>opera -- multiple vulnerabilities</topic> <affects> |