|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4663 CVE : CVE-2008-5285 CWE : CWE-399 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : No Credit : Bach Khoa Internetwork Security Center Published : 03.12.2008
Advisory Content : Vulnerability in WireShark 1.0.4 for DoS Attack 1. General Information On Nov 2008, Security Vulnerability Research Team of Bkis (SVRT-Bkis) has detected a vulnerability underlying WireShark 1.0.4 (lastest version). The flaw is in the function processing SMTP protocol and enables hacker to perform a DoS attack by sending a SMTP request with large content to port 25. The application then enter a large loop and cannot do anything else. We have contacted the vendor of Wireshark. They fixed this vulnerability for Wireshark 1.0.5 but they haven't released the official version yet. Details is here : http://wiki.wireshark.org/Development/Roadmap SVRT Advisory : SVRT-04-08 Initial vendor notification : 11-14-2008 Release Date : 11-22-2008 Update Date : 11-22-2008 Discovered by : SVRT-Bkis Security Rating : Less Critical Impact : DoS Affected Software :Wireshark 1.0.4 (prev is vulnerable) 2. Solution Althrough the official version for this vulnerability hasn't been released yet, the vendor has updated the fix in the prerelease Wireshark 1.0.5. Download the prerelease version of Wireshark 1.0.5 here: http://www.wireshark.org/download/prerelease/ ---------------------------------------------------------------- Bach Khoa Internetwork Security Center (BKIS) Hanoi University of Technology (Vietnam) Office : 5th Floor, Hitech building - 1A Dai Co Viet, Hanoi Email : svrt[at]bkav.com.vn Website : www.bkav.com.vn WebBlog : security.bkis.vn ---------------------------------------------------------------- References : http://secunia.com/advisories/32840
https://bugzilla.redhat.com/show_bug.cgi?id=472737
http://www.securitytracker.com/id?1021275
http://www.securityfocus.com/archive/1/archive/1/498562/100/0/threaded
http://www.openwall.com/lists/oss-security/2008/11/24/1
http://www.frsirt.com/english/advisories/2008/3231
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |