FreeBSD : wireshark -- multiple vulnerabilities (8a835235-ae84-11dc-a5f9-001a4d49522b)
Critical Nessus Plugin ID 29772
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Wireshark team reports of multiple vulnerabilities :
- Wireshark could crash when reading an MP3 file.
- Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
- Stefan Esser discovered a buffer overflow in the SSL dissector.
- The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.
- The Firebird/Interbase dissector could go into an infinite loop or crash.
- The NCP dissector could cause a crash.
- The HTTP dissector could crash on some systems while decoding chunked messages.
- The MEGACO dissector could enter a large loop and consume system resources.
- The DCP ETSI dissector could enter a large loop and consume system resources.
- Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.
- The PPP dissector could overflow a buffer.
- The Bluetooth SDP dissector could go into an infinite loop.
- A malformed RPC Portmap packet could cause a crash.
- The IPv6 dissector could loop excessively.
- The USB dissector could loop excessively or crash.
- The SMB dissector could crash.
- The RPL dissector could go into an infinite loop.
- The WiMAX dissector could crash due to unaligned access on some platforms.
- The CIP dissector could attempt to allocate a huge amount of memory and crash. Impact It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
SolutionUpdate the affected packages.