FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6113

This CVE name corresponds to:

Entered Topic
2007-12-19 wireshark -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6113 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-6113
Phase Assigned(20071123)

Description

Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.

References

Source Reference
BUGTRAQ 20070904 Wireshark DNP3 Dissector Infinite Loop Vulnerability
BUGTRAQ 20080103 rPSA-2008-0004-1 tshark wireshark
MILW0RM 4347
MISC http://www.securiteam.com/securitynews/5LP0V00MAI.html
MISC http://bugs.gentoo.org/show_bug.cgi?id=199958
CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-03.html
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
CONFIRM https://issues.rpath.com/browse/RPL-1975
FEDORA FEDORA-2007-4590
FEDORA FEDORA-2007-4690
GENTOO GLSA-200712-23
MANDRIVA MDVSA-2008:001
MANDRIVA MDVSA-2008:1
REDHAT RHSA-2008:0058
REDHAT RHSA-2008:0059
SUSE SUSE-SR:2008:004
BID 26532
FRSIRT ADV-2007-3956
SECTRACK 1018988
SECTRACK 1018635
SECUNIA 27777
SECUNIA 28197
SECUNIA 28288
SECUNIA 28304
SECUNIA 28207
SECUNIA 28325
SECUNIA 28564
SECUNIA 28583
SECUNIA 29048
SREASON 3095
XF wireshark-dnp3-dos(36392)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.