Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability note CVE-2010-2284 CVE-2010-2287 CVE-2010-2994

Wireshark 1.0: two vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Severity: 2/4.
Creation date: 30/07/2010.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can generate a buffer overflow in SigComp Universal Decompressor Virtual Machine. [severity:2/4; CVE-2010-2287, CVE-2010-2995, >]

An attacker can generate a buffer overflow in the ASN.1 BER dissector. [severity:2/4; CVE-2010-2284, CVE-2010-2994, >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Wireshark 1.0: two vulnerabilities.
Keywords: ASN BER Decompressor Machine SigComp Universal Virtual Wireshark vulnerabilities.
Identifiers: BID-42618, CVE-2010-2284, CVE-2010-2287, CVE-2010-2994, CVE-2010-2995, DSA 2101-1, FEDORA-2010-13416, FEDORA-2010-13427, MDVSA-2010:144, RHSA-2010:0625-01, VIGILANCE-VUL-9799.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : SigComp Universal Decompressor Virtual Machine

An attacker can generate a buffer overflow in SigComp Universal Decompressor Virtual Machine.
Severity: 2/4.
Identifiers: CVE-2010-2287, CVE-2010-2995.

Vulnerability : ASN.1 BER

An attacker can generate a buffer overflow in the ASN.1 BER dissector.
Severity: 2/4.
Identifiers: CVE-2010-2284, CVE-2010-2994.

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Technology watch team on vulnerabilities



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française