Wireshark syslog解析模块拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115586 漏洞类型
发布时间 2008-06-30 更新时间 2008-09-17
CVE编号 CVE-2008-3140 CNNVD-ID CNNVD-200807-197
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/32006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-197
|漏洞详情
Wireshark之前名为Ethereal,是一款非常流行的网络协议分析工具。syslog协议解析模块中的漏洞可能允许通过不完整的SS7MSUsyslog封装报文导致崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/30020/info

Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.

Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.5 up to and including 1.0.0. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32006-1.pcap
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32006-2.pcap
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32006-3.pcap
|参考资料

来源:XF
名称:wireshark-syslog-dos(43518)
链接:http://xforce.iss.net/xforce/xfdb/43518
来源:www.wireshark.org
链接:http://www.wireshark.org/security/wnpa-sec-2008-03.html
来源:BID
名称:30020
链接:http://www.securityfocus.com/bid/30020
来源:VUPEN
名称:ADV-2008-1982
链接:http://www.frsirt.com/english/advisories/2008/1982/references
来源:GENTOO
名称:GLSA-200808-04
链接:http://security.gentoo.org/glsa/glsa-200808-04.xml
来源:SECUNIA
名称:31687
链接:http://secunia.com/advisories/31687
来源:SECUNIA
名称:31378
链接:http://secunia.com/advisories/31378
来源:SECUNIA
名称:30886
链接:http://secunia.com/advisories/30886
来源:SUSE
名称:SUSE-SR:2008:017
链接:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html