CVE-2006-3628

Properties

Published:
20.07.2006
Updated:
25.07.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Wireshark: Wireshark
Wireshark: Wireshark
Wireshark: Wireshark
Wireshark: Wireshark
Wireshark: Wireshark
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal
Ethereal Group: Ethereal

Vulnerability description

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

References:

WIRESHARK: http://www.wireshark.org/security/wnpa-sec-2006-01.html
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/440576/100/0/threaded
MANDRIVA: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:128
BID: http://www.securityfocus.com/bid/19051
FRSIRT: http://www.frsirt.com/english/advisories/2006/2850
SECUNIA: http://secunia.com/advisories/21078
SECUNIA: http://secunia.com/advisories/21107