Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5238

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-5238
Last Modified 02 Nov 2013 11:28:04
Published 04 Oct 2012 03:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5238

Summary

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.

Vulnerable Systems

Application

  • Wireshark 1.8.0

  • Wireshark 1.8.1

  • Wireshark 1.8.2


References

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2012-27.html

CONFIRM - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688

CONFIRM - http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989

CONFIRM - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688

CONFIRM - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989

XF - wireshark-ppp-dissector-dos(79010)

OSVDB - 85883

SECTRACK - 1027604

BID - 55754


Last Updated: 27 May 2016 10:56:40