漏洞信息详情
Wireshark HTTP的协议解析器拒绝服务漏洞
- CNNVD编号:CNNVD-200610-513
- 危害等级: 低危
- CVE编号: CVE-2006-5468
- 漏洞类型: 资料不足
- 发布时间: 2006-10-27
- 威胁类型: 远程
- 更新时间: 2006-11-01
- 厂 商: wireshark
- 漏洞来源: Wireshark※http://w...
漏洞简介
Wireshark以前名为Ethereal,是一款非常流行的网络协议分析工具。
Wireshark的HTTP的协议解析器存在漏洞,Wireshark在处理相关协议的畸形报文时会消耗大量内存,导致拒绝服务。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Debian已经为此发布了一个安全公告(DSA-1201-1)以及相应补丁:
DSA-1201-1:New ethereal packages fix denial of service
链接:
http://www.debian.org/security/2005/dsa-1201
Debian GNU/Linux 3.1 (sarge)
Source:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_
参考网址
来源: VU#363992
名称: VU#363992
链接:http://www.kb.cert.org/vuls/id/363992
来源: www.wireshark.org
链接:http://www.wireshark.org/security/wnpa-sec-2006-03.HTML
来源: BID
名称: 20762
链接:http://www.securityfocus.com/bid/20762
来源: SECUNIA
名称: 22590
链接:http://secunia.com/advisories/22590
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-746
来源: XF
名称: wireshark-http-dos(29840)
链接:http://xforce.iss.net/xforce/xfdb/29840
来源: BUGTRAQ
名称: 20061101 rPSA-2006-0202-1 tshark wireshark
链接:http://www.securityfocus.com/archive/1/archive/1/450307/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0726
链接:http://www.redhat.com/support/errata/RHSA-2006-0726.HTML
来源: SUSE
名称: SUSE-SA:2006:065
链接:http://www.novell.com/linux/security/advisories/2006_65_ethereal.HTML
来源: MANDRIVA
名称: MDKSA-2006:195
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:195
来源: VUPEN
名称: ADV-2006-4220
链接:http://www.frsirt.com/english/advisories/2006/4220
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm
来源: SECTRACK
名称: 1017129
链接:http://securitytracker.com/id?1017129
来源: SECUNIA
名称: 23096
链接:http://secunia.com/advisories/23096
来源: SECUNIA
名称: 22929
链接:http://secunia.com/advisories/22929
来源: SECUNIA
名称: 22841
链接:http://secunia.com/advisories/22841
来源: SECUNIA
名称: 22797
链接:http://secunia.com/advisories/22797
来源: SECUNIA
名称: 22692
链接:http://secunia.com/advisories/22692
来源: SECUNIA
名称: 22672
链接:http://secunia.com/advisories/22672
来源: SGI
名称: 20061101-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
受影响实体
- Wireshark Wireshark:0.99.3
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论