Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1592

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1592
Last Modified 13 Aug 2012 11:26:23
Published 29 Apr 2011 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1592

Summary

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.

Vulnerable Systems

Application

  • Wireshark 1.4.0

  • Wireshark 1.4.1

  • Wireshark 1.4.2

  • Wireshark 1.4.3

  • Wireshark 1.4.4


References

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209

MLIST - [oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5

MLIST - [oss-security] 20110418 Wireshark 1.2.16 / 1.4.5

CONFIRM - http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision

XF - wireshark-nfs-dos(66833)

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2011-06.html

VUPEN - ADV-2011-1022

OSVDB - 71847

MANDRIVA - MDVSA-2011:083

SECUNIA - 44172


Last Updated: 27 May 2016 10:56:23