CVE-2006-3627
CVSS5.0
发布时间 :2006-07-21 10:03:00
修订时间 :2011-03-29 00:00:00
NMCOPS    

[原文]Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.


[CNNVD]Wireshark GSM BSSMAP分析器未明攻击漏洞(CNNVD-200607-357)

         Wireshark (又称Ethereal) 0.9.4到0.99.0中的GSM BSSMAP分析器存在未明漏洞。远程攻击者可以借助未明向量,引起拒绝服务(崩溃) 。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:wireshark:wireshark:0.10.14
cpe:/a:wireshark:wireshark:0.99.0
cpe:/a:wireshark:wireshark:0.10.11
cpe:/a:wireshark:wireshark:0.10.13
cpe:/a:wireshark:wireshark:0.10.12
cpe:/a:wireshark:wireshark:0.99

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11307Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denia...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3627
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3627
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-357
(官方数据源) CNNVD

- 其它链接及资源

http://www.wireshark.org/security/wnpa-sec-2006-01.html
(VENDOR_ADVISORY)  CONFIRM  http://www.wireshark.org/security/wnpa-sec-2006-01.html
http://www.securityfocus.com/bid/19051
(PATCH)  BID  19051
http://secunia.com/advisories/21107
(VENDOR_ADVISORY)  SECUNIA  21107
http://secunia.com/advisories/21078
(VENDOR_ADVISORY)  SECUNIA  21078
https://issues.rpath.com/browse/RPL-512
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-512
http://xforce.iss.net/xforce/xfdb/27821
(UNKNOWN)  XF  wireshark-gsm-bssmap-dos(27821)
http://www.vupen.com/english/advisories/2006/2850
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2850
http://www.securityfocus.com/archive/1/archive/1/440576/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060719 rPSA-2006-0132-1 tshark wireshark
http://www.novell.com/linux/security/advisories/2006_20_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:020
http://www.mandriva.com/security/advisories?name=MDKSA-2006:128
(UNKNOWN)  MANDRIVA  MDKSA-2006:128
http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm
http://security.gentoo.org/glsa/glsa-200607-09.xml
(UNKNOWN)  GENTOO  GLSA-200607-09
http://secunia.com/advisories/22089
(VENDOR_ADVISORY)  SECUNIA  22089
http://secunia.com/advisories/21598
(VENDOR_ADVISORY)  SECUNIA  21598
http://secunia.com/advisories/21488
(VENDOR_ADVISORY)  SECUNIA  21488
http://secunia.com/advisories/21467
(VENDOR_ADVISORY)  SECUNIA  21467
http://secunia.com/advisories/21204
(VENDOR_ADVISORY)  SECUNIA  21204
http://secunia.com/advisories/21121
(VENDOR_ADVISORY)  SECUNIA  21121
http://rhn.redhat.com/errata/RHSA-2006-0602.html
(UNKNOWN)  REDHAT  RHSA-2006:0602
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
(UNKNOWN)  SGI  20060801-01-P

- 漏洞信息

Wireshark GSM BSSMAP分析器未明攻击漏洞
中危 资料不足
2006-07-21 00:00:00 2007-06-27 00:00:00
远程  
         Wireshark (又称Ethereal) 0.9.4到0.99.0中的GSM BSSMAP分析器存在未明漏洞。远程攻击者可以借助未明向量,引起拒绝服务(崩溃) 。

- 公告与补丁

        
        
        Ethereal Group Ethereal 0.10.10
        

- 漏洞信息 (F48440)

rPSA-2006-0132-1.txt (PacketStormID:F48440)
2006-07-24 00:00:00
 
advisory,root,vulnerability
CVE-2006-3627,CVE-2006-3628,CVE-2006-3629,CVE-2006-3630,CVE-2006-3631,CVE-2006-3632
[点击下载]

rPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.

rPath Security Advisory: 2006-0132-1
Published: 2006-07-19
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Remote Root Deterministic Unauthorized Access
Updated Versions:
    wireshark=/conary.rpath.com@rpl:devel//1/0.99.2-2.2-1
    tshark=/conary.rpath.com@rpl:devel//1/0.99.2-2.2-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3627
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3628
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3629
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3630
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3631
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3632
    http://www.wireshark.org/security/wnpa-sec-2006-01.html

Description:
    All versions of the ethereal and tethereal packages contain
    vulnerabilities in packet dissector modules, which may allow various
    attacks including subverting the user who is running ethereal.
    Since ethereal is generally run as root to view network traffic
    directly, this may allow complete access to the vulnerable system.
    
    The fixes are available only as part of the wireshark package.
    Development of the ethereal program has ceased under the ethereal
    name and continued under the wireshark name, due to restrictions
    on the use of the "ethereal" trademark.  The latest version of the
    ethereal and tethereal packages in rPath Linux 1 are now redirects
    to the wireshark and tshark packages.  The command "conary update
    ethereal tethereal" will cause the ethereal and tethereal packages
    on the system to be replaced by wireshark and tshark, respectively.
    The "conary updateall" command will also appropriately migrate the
    system from ethereal to wireshark.
    
    The fix for this vulnerability is available in the wireshark and
    tshark packages.  rPath strongly recommends that you update to
    the wireshark and/or tshark packages, and that you not use the
    affected ethereal and tethereal packages, particularly not on
    untrusted networks or trace files.
    

- 漏洞信息 (F48411)

Mandriva Linux Security Advisory 2006.128 (PacketStormID:F48411)
2006-07-20 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-3627,CVE-2006-3628,CVE-2006-3629,CVE-2006-3630,CVE-2006-3631,CVE-2006-3632
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-128 - A number of vulnerabilities have been discovered in the Wireshark (formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:128
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : wireshark
 Date    : July 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities have been discovered in the Wireshark
 (formerly Ethereal) network analyzer.  These issues have been corrected
 in Wireshark version 0.99.2 which is provided with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3627
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3628
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3629
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3630
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3631
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3632
 http://www.wireshark.org/security/wnpa-sec-2006-01.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 19db98ffa6a1cfb9cc5470abc643f72a  2006.0/RPMS/libwireshark0-0.99.2-0.2.20060mdk.i586.rpm
 e4574371aa3f0bc1845d82a130bf6f4b  2006.0/RPMS/tshark-0.99.2-0.2.20060mdk.i586.rpm
 54b30ad47d17134a6891c6b7c1810b18  2006.0/RPMS/wireshark-0.99.2-0.2.20060mdk.i586.rpm
 03c7673e7f4efd24854c4d51dff87cab  2006.0/RPMS/wireshark-tools-0.99.2-0.2.20060mdk.i586.rpm
 14c59524c2a536634385791902ef53a4  2006.0/SRPMS/wireshark-0.99.2-0.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 18dbc67899b2c023af06524a67b2d07a  x86_64/2006.0/RPMS/lib64wireshark0-0.99.2-0.2.20060mdk.x86_64.rpm
 b5187418a5f9ab70a59eddb3611f0b15  x86_64/2006.0/RPMS/tshark-0.99.2-0.2.20060mdk.x86_64.rpm
 f98f5805acf0756ce762e6b10af81506  x86_64/2006.0/RPMS/wireshark-0.99.2-0.2.20060mdk.x86_64.rpm
 da05fcb2a00bf682c85da21159fd3af0  x86_64/2006.0/RPMS/wireshark-tools-0.99.2-0.2.20060mdk.x86_64.rpm
 14c59524c2a536634385791902ef53a4  x86_64/2006.0/SRPMS/wireshark-0.99.2-0.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVp1mqjQ0CJFipgRAqpxAJ9fAQNXIFh65twMu3Q9c1jK5XUCJACZAeLX
M3e2Dpv4v3glOdT6hIB2HqI=
=SKwo
-----END PGP SIGNATURE-----

    

- 漏洞信息

27360
Wireshark GSM BSSMAP Dissector Unspecified DoS
Local / Remote Denial of Service
Loss of Availability Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

The Wireshark GSM BSSMAP dissector contains a flaw that may allow a remote denial of service. The issue is triggered when by a malformed packet or trace file, and will result in loss of availability for the application.

- 时间线

2006-07-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.99.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Wireshark Protocol Dissectors Multiple Vulnerabilities
Unknown 19051
Yes No
2006-07-18 12:00:00 2006-09-26 04:41:00
The vendor credits Ilja van Sprundel with the discovery of some of these issues.

- 受影响的程序版本

Wireshark Wireshark 0.99.1
Wireshark Wireshark 0.99
Wireshark Wireshark 0.10.13
Wireshark Wireshark 0.10.4
Wireshark Wireshark 0.10
Wireshark Wireshark 0.9.10
Wireshark Wireshark 0.8.16
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop version 4
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Gentoo Linux
Ethereal Group Ethereal 0.10.10
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8500 0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya Converged Communications Server 2.0
Wireshark Wireshark 0.99.2

- 不受影响的程序版本

Wireshark Wireshark 0.99.2

- 漏洞讨论

Wireshark is prone to multiple vulnerabilities:

- A format-string vulnerability.
- An off-by-one vulnerability.
- An infinite-loop vulnerability.
- A memory-allocation vulnerability.

These may permit attackers to execute arbitrary code, which can facilitate a compromise of an affected computer or cause a denial-of-service condition to legitimate users of the application.

- 漏洞利用

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

Some of these issues may not require an exploit.

- 解决方案

The vendor has released updates to address these issues.

Please see the referenced advisories for more information.


Ethereal Group Ethereal 0.10.10

Wireshark Wireshark 0.8.16

Wireshark Wireshark 0.99

Wireshark Wireshark 0.99.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站