SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

Wireshark 1.0.x Malformed .ncf packet capture Local Denial of Service


Arrow  SecurityAlert : 4462
Arrow  CVE : CVE-2008-4682
Arrow  CWE : CWE-20
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : Yes
Arrow  Credit : Shinnok
Arrow  Published : 23.10.2008

Arrow  Affected Software : wireshark:wireshark:0.99.7
wireshark:wireshark:0.99.8
wireshark:wireshark:1.0
wireshark:wireshark:1.0.0
wireshark:wireshark:1.0.1
wireshark:wireshark:1.0.2
wireshark:wireshark:1.0.3



Arrow  Advisory Content :  

Wireshark 1.0.x .ncf local denial of service
author: Shinnok

Description

Wireshark 1.0.x crashes as a result of a failed assertion when dealing
with a malformed Tamosoft CommView .ncf packet capture:
Err file wtap.c: line 620 (wtap_read): assertion failed:
(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET)




Arrow  References :

http://www.securityfocus.com/bid/31838
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2926
http://www.wireshark.org/security/wnpa-sec-2008-06.html
http://www.milw0rm.com/exploits/6622
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisories/32355




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.