漏洞信息详情

Wireshark分析器IPMI多个未明拒绝服务攻击漏洞

• CNNVD编号：CNNVD-200907-311
• 危害等级： 中危
  
• CVE编号： CVE-2009-2560
• 漏洞类型： 资料不足
• 发布时间： 2009-07-21
• 威胁类型： 远程
• 更新时间： 2009-10-31
• 厂        商： wireshark
• 漏洞来源： Wireshark http://w...

漏洞简介

Wireshark之前名为Ethereal，是一款非常流行的网络协议分析工具。 Wireshark的Bluetooth L2CAP、RADIUS、MIOP协议解析模块中存在拒绝服务漏洞。如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话，就会导致解析模块崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian Linux 5.0 ia-64

Debian tshark_1.0.2-3+lenny7_ia64.deb

http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2- 3+lenny7_ia64.deb

Debian wireshark-common_1.0.2-3+lenny7_ia64.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_1.0.2-3+lenny7_ia64.deb

Debian wireshark-dev_1.0.2-3+lenny7_ia64.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _1.0.2-3+lenny7_ia64.deb

Debian wireshark_1.0.2-3+lenny7_ia64.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0 .2-3+lenny7_ia64.deb

Debian Linux 5.0 alpha

Debian tshark_1.0.2-3+lenny7_alpha.deb

http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2- 3+lenny7_alpha.deb

Debian wireshark-common_1.0.2-3+lenny7_alpha.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_1.0.2-3+lenny7_alpha.deb

Debian wireshark-dev_1.0.2-3+lenny7_alpha.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _1.0.2-3+lenny7_alpha.deb

Debian wireshark_1.0.2-3+lenny7_alpha.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0 .2-3+lenny7_alpha.deb

MandrakeSoft Linux Mandrake 2008.0 x86_64

Mandriva dumpcap-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva rawshark-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva tshark-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva wireshark-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.0.10-0.1mdv2008.0.x86_64.rpm

http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.0

Mandriva dumpcap-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva rawshark-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva tshark-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva wireshark-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.0.10-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Debian Linux 5.0 mipsel

Debian tshark_1.0.2-3+lenny7_mipsel.deb

http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2- 3+lenny7_mipsel.deb

Debian wireshark-common_1.0.2-3+lenny7_mipsel.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_1.0.2-3+lenny7_mipsel.deb

Debian wireshark-dev_1.0.2-3+lenny7_mipsel.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _1.0.2-3+lenny7_mipsel.deb

Debian wireshark_1.0.2-3+lenny7_mipsel.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0 .2-3+lenny7_mipsel.deb

Debian Linux 4.0 amd64

Debian ethereal-common_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.4_amd64.deb

Debian ethereal-dev_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.4_amd64.deb

Debian ethereal_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.4_amd64.deb

Debian tethereal_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.4_amd64.deb

Debian tshark_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.4_amd64.deb

Debian wireshark-common_0.99.4-5.etch.4_amd64.deb

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.4_amd64.deb

Debian wireshark-dev_0.99.4-5.etch.4_amd64.deb

http://security.de

参考网址

来源: www.wireshark.org

链接:http://www.wireshark.org/security/wnpa-sec-2009-04.HTML

来源: BID

名称: 35748

链接:http://www.securityfocus.com/bid/35748

来源: XF

名称: wireshark-radius-dissector-dos(54019)

链接:http://xforce.iss.net/xforce/xfdb/54019

来源: www.wireshark.org

链接:http://www.wireshark.org/security/wnpa-sec-2009-08.HTML

来源: www.wireshark.org

链接:http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.HTML

来源: VUPEN

名称: ADV-2009-3061

链接:http://www.vupen.com/english/advisories/2009/3061

来源: VUPEN

名称: ADV-2009-1970

链接:http://www.vupen.com/english/advisories/2009/1970

来源: BID

名称: 36846

链接:http://www.securityfocus.com/bid/36846

来源: MLIST

名称: [oss-security] 20090722 Re: CVE request: Wireshark <1.2.1 multiple="">

链接:http://www.openwall.com/lists/oss-security/2009/07/22/2

来源: MANDRIVA

名称: MDVSA-2009:194

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:194

来源: SECUNIA

名称: 37175

链接:http://secunia.com/advisories/37175

来源: SECUNIA

名称: 35884

链接:http://secunia.com/advisories/35884

受影响实体

• Wireshark Wireshark:1.0.0  
• Wireshark Wireshark:1.0.3  
• Wireshark Wireshark:1.0.2  
• Wireshark Wireshark:1.0.9  
• Wireshark Wireshark:1.0.7  

补丁

暂无