FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6439

This CVE name corresponds to:

Entered Topic
2007-12-19 wireshark -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-6439
Phase Assigned(20071219)

Description

Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.

References

Source Reference
BUGTRAQ 20080103 rPSA-2008-0004-1 tshark wireshark
MISC http://bugs.gentoo.org/show_bug.cgi?id=199958
CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-03.html
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
CONFIRM https://issues.rpath.com/browse/RPL-1975
GENTOO GLSA-200712-23
MANDRIVA MDVSA-2008:001
MANDRIVA MDVSA-2008:1
REDHAT RHSA-2008:0058
SUSE SUSE-SR:2008:004
BID 27071
OVAL oval:org.mitre.oval:def:10331
OVAL oval:org.mitre.oval:def:15002
SECUNIA 28288
SECUNIA 27777
SECUNIA 28304
SECUNIA 28325
SECUNIA 28564
SECUNIA 29048
XF wireshark-ipv6-dissector-dos(39180)
XF wireshark-usb-dissector-dos(39181)