Vulnerability Note VU#808832
Wireshark contains an unspecified vulnerability in the SCSI dissector
OverviewWireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition.
I. DescriptionThe SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.
Wireshark states that Wireshark version 0.99.2 is vulnerable.
Note: Ethereal has changed its name to Wireshark.
II. ImpactA remote attacker may be able to cause a denial-of-service condition.
III. SolutionUpdate
Wireshark has released an updated product version (Wireshark 0.99.3).
Workaround
Wireshark provides a workaround in security document wnpa-sec-2006-02.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Wireshark | Vulnerable | 24-Oct-2006 |
References
http://www.wireshark.org/security/wnpa-sec-2006-02.html
http://www.securityfocus.com/bid/19690
http://www.frsirt.com/english/advisories/2006/3370
http://securitytracker.com/id?1016736
http://secunia.com/advisories/21597
http://secunia.com/advisories/21649
http://secunia.com/advisories/21619
http://secunia.com/advisories/21682
http://secunia.com/advisories/21885
http://xforce.iss.net/xforce/xfdb/28550
http://xforce.iss.net/xforce/xfdb/28553
https://issues.rpath.com/browse/RPL-597
http://secunia.com/advisories/22378/
Credit
This vulnerability was reported in Wireshark document wnpa-sec-2006-02.
This document was written by Katie Steiner.
Other Information
| Date Public | 08/24/2006 |
| Date First Published | 10/25/2006 10:23:31 AM |
| Date Last Updated | 12/20/2006 |
| CERT Advisory | |
| CVE Name | CVE-2006-4330 |
| US-CERT Technical Alerts | |
| Metric | 0.00 |
| Document Revision | 14 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader