Vulnerability Note VU#723736
Wireshark contains an unspecified vulnerability in the XOT dissector
OverviewWireshark contains a vulnerability in the XOT dissector that may cause the application to crash.
I. DescriptionWireshark contains a vulnerability in the XOT dissector that may allow the application to allocate a large amount of memory and cause the application to crash. This vulnerability may be exploited when a remote attacker sends a specially crafted, malformed packet or by convincing the user to read a malformed packet trace file.
Wireshark states that Wireshark version 0.99.3 is affected by this vulnerability.
Note: Ethereal has changed its name to Wireshark.
II. ImpactA remote attacker may be able to cause a denial-of-service condition.
III. SolutionUpdate
Wireshark has released an updated product version (Wireshark 0.99.4).
Workaround
Wireshark provides a workaround in security document wnpa-sec-2006-03.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Wireshark | Vulnerable | 6-Nov-2006 |
References
http://www.wireshark.org/security/wnpa-sec-2006-03.html
http://www.securityfocus.com/bid/20762
http://secunia.com/advisories/22590
http://secunia.com/advisories/22659/
http://secunia.com/advisories/22672/
http://secunia.com/advisories/22692/
http://secunia.com/advisories/22797/
http://secunia.com/advisories/22841/
http://secunia.com/advisories/22929/
Credit
This vulnerability was reported in Wireshark document wnpa-sec-2006-03.
This document was written by Katie Steiner.
Other Information
| Date Public | 10/27/2006 |
| Date First Published | 11/30/2006 04:26:57 PM |
| Date Last Updated | 12/20/2006 |
| CERT Advisory | |
| CVE Name | CVE-2006-4805 |
| Metric | 0.00 |
| Document Revision | 18 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
