7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.028 Low
EPSS
Percentile
90.7%
CentOS Errata and Security Advisory CESA-2007:0709
Wireshark is a program for monitoring network traffic.
Several denial of service bugs were found in Wiresharkโs HTTP, iSeries, DCP
ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for
Wireshark to crash or stop responding if it read a malformed packet off the
network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,
CVE-2007-3393)
Wireshark would interpret certain completion codes incorrectly when
dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported
as malformed IPMI traffic.
Users of Wireshark should upgrade to these updated packages containing
Wireshark version 0.99.6, which correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-November/076588.html
https://lists.centos.org/pipermail/centos-announce/2007-November/076617.html
Affected packages:
wireshark
wireshark-gnome
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0709
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | wireshark | <ย 0.99.6-EL4.1 | wireshark-0.99.6-EL4.1.ia64.rpm |
CentOS | 4 | ia64 | wireshark-gnome | <ย 0.99.6-EL4.1 | wireshark-gnome-0.99.6-EL4.1.ia64.rpm |
CentOS | 4 | s390 | wireshark | <ย 0.99.6-EL4.1 | wireshark-0.99.6-EL4.1.s390.rpm |
CentOS | 4 | s390 | wireshark-gnome | <ย 0.99.6-EL4.1 | wireshark-gnome-0.99.6-EL4.1.s390.rpm |
CentOS | 4 | s390x | wireshark | <ย 0.99.6-EL4.1 | wireshark-0.99.6-EL4.1.s390x.rpm |
CentOS | 4 | s390x | wireshark-gnome | <ย 0.99.6-EL4.1 | wireshark-gnome-0.99.6-EL4.1.s390x.rpm |