The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2017-6467 CVE-2017-6468 CVE-2017-6469

Wireshark: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Wireshark.
Severity: 1/4.
Creation date: 06/03/2017.
Identifiers: bulletinapr2017, CERTFR-2017-AVI-065, CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474, DLA-858-1, DSA-3811-1, FEDORA-2017-6c91c98b33, openSUSE-SU-2017:0664-1, VIGILANCE-VUL-22019, wnpa-sec-2017-03, wnpa-sec-2017-04, wnpa-sec-2017-05, wnpa-sec-2017-06, wnpa-sec-2017-07, wnpa-sec-2017-08, wnpa-sec-2017-09, wnpa-sec-2017-10, wnpa-sec-2017-11.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send malicious LDSS packets, in order to trigger a denial of service. [severity:1/4; CVE-2017-6469, wnpa-sec-2017-03]

An attacker can generate an infinite loop via RTMPT, in order to trigger a denial of service. [severity:1/4; CVE-2017-6472, wnpa-sec-2017-04]

An attacker can generate an infinite loop via WSP, in order to trigger a denial of service. [severity:1/4; CVE-2017-6471, wnpa-sec-2017-05]

An attacker can generate an infinite loop via STANAG 4607, in order to trigger a denial of service. [severity:1/4; wnpa-sec-2017-06]

An attacker can generate an infinite loop via NetScaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6467, wnpa-sec-2017-07]

An attacker can trigger a fatal error via NetScaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6468, wnpa-sec-2017-08]

An attacker can trigger a fatal error via K12, in order to trigger a denial of service. [severity:1/4; CVE-2017-6473, wnpa-sec-2017-09]

An attacker can generate an infinite loop via IAX2, in order to trigger a denial of service. [severity:1/4; CVE-2017-6470, wnpa-sec-2017-10]

An attacker can generate an infinite loop via Netscaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6474, wnpa-sec-2017-11]
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities analysis. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.