vulnerability CVE-2012-4048 CVE-2012-4049
Wireshark: two denials of service
Synthesis of the vulnerability
Two vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.Impacted products:
Debian, MBS, MES, Mandriva Linux, openSUSE, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
BID-54649, CERTA-2012-AVI-401, CVE-2012-4048, CVE-2012-4049, DSA 2590-1, MDVSA-2012:125, MDVSA-2013:055, openSUSE-SU-2012:0930-1, SUSE-SU-2012:1168-1, VIGILANCE-VUL-11790, wnpa-sec-2012-11, wnpa-sec-2012-12.
Description of the vulnerability
The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.
An attacker can send a malicious PPP packet, in order to force Wireshark to use an invalid memory address. [severity:1/4; CVE-2012-4048, wnpa-sec-2012-11]
An attacker can send a NFS packet, in order to generate a large loop in Wireshark. [severity:1/4; CVE-2012-4049, wnpa-sec-2012-12]Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability announce
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.