漏洞信息详情

Wireshark MIME协议解析器拒绝服务攻击漏洞

  • CNNVD编号:CNNVD-200610-501
  • 危害等级: 中危
  • CVE编号: CVE-2006-4574
  • 漏洞类型: 资料不足
  • 发布时间: 2006-10-27
  • 威胁类型: 远程
  • 更新时间: 2006-10-31
  • 厂        商: wireshark
  • 漏洞来源: Wireshark※http://w...

漏洞简介

Wireshark以前名为Ethereal,是一款非常流行的网络协议分析工具。

Wireshark的MIME的协议解析器存在漏洞,Wireshark在处理相关协议的畸形报文时会消耗大量内存,导致拒绝服务。有关机构表明这个漏洞和未明的长度值有关。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:

Debian已经为此发布了一个安全公告(DSA-1201-1)以及相应补丁:

DSA-1201-1:New ethereal packages fix denial of service

链接:

http://www.debian.org/security/2005/dsa-1201

Debian GNU/Linux 3.1 (sarge)

Source:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb

ARM:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_

参考网址

来源: www.wireshark.org

链接:http://www.wireshark.org/security/wnpa-sec-2006-03.html

来源: BID

名称: 20762

链接:http://www.securityfocus.com/bid/20762

来源: SECUNIA

名称: 22590

链接:http://secunia.com/advisories/22590

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-746

来源: XF

名称: wireshark-mime-dos(29844)

链接:http://xforce.iss.net/xforce/xfdb/29844

来源: DEBIAN

名称: DSA-1201

链接:http://www.us.debian.org/security/2006/dsa-1201

来源: BUGTRAQ

名称: 20061101 rPSA-2006-0202-1 tshark wireshark

链接:http://www.securityfocus.com/archive/1/archive/1/450307/100/0/threaded

来源: REDHAT

名称: RHSA-2006:0726

链接:http://www.redhat.com/support/errata/RHSA-2006-0726.html

来源: SUSE

名称: SUSE-SA:2006:065

链接:http://www.novell.com/linux/security/advisories/2006_65_ethereal.html

来源: MANDRIVA

名称: MDKSA-2006:195

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:195

来源: VUPEN

名称: ADV-2006-4220

链接:http://www.frsirt.com/english/advisories/2006/4220

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm

来源: SECTRACK

名称: 1017129

链接:http://securitytracker.com/id?1017129

来源: SECUNIA

名称: 23096

链接:http://secunia.com/advisories/23096

来源: SECUNIA

名称: 22929

链接:http://secunia.com/advisories/22929

来源: SECUNIA

名称: 22841

链接:http://secunia.com/advisories/22841

来源: SECUNIA

名称: 22797

链接:http://secunia.com/advisories/22797

来源: SECUNIA

名称: 22692

链接:http://secunia.com/advisories/22692

来源: SECUNIA

名称: 22672

链接:http://secunia.com/advisories/22672

来源: SECUNIA

名称: 22659

链接:http://secunia.com/advisories/22659

来源: SGI

名称: 20061101-01-P

链接:ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多