Vulnerability Name: | CVE-2007-6115 (CCN-38741) |
Assigned: | 2007-11-22 |
Published: | 2007-11-22 |
Updated: | 2018-10-15 |
Summary: | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. |
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: MISC Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=199958
Source: CCN Type: Wireshark Bugzilla Bug 1844 Wireshark crashes when opening capture file
Source: MITRE Type: CNA CVE-2007-6115
Source: SUSE Type: UNKNOWN SUSE-SR:2008:004
Source: CCN Type: RHSA-2008-0058 Moderate: wireshark security update
Source: CCN Type: RHSA-2008-0059 Moderate: wireshark security update
Source: CCN Type: SA27777 Wireshark Multiple Denial of Service Vulnerabilities
Source: SECUNIA Type: Vendor Advisory 27777
Source: SECUNIA Type: Vendor Advisory 28197
Source: SECUNIA Type: Vendor Advisory 28207
Source: SECUNIA Type: Vendor Advisory 28288
Source: SECUNIA Type: Vendor Advisory 28304
Source: SECUNIA Type: Vendor Advisory 28325
Source: SECUNIA Type: Vendor Advisory 28564
Source: SECUNIA Type: Vendor Advisory 28583
Source: SECUNIA Type: UNKNOWN 29048
Source: GENTOO Type: UNKNOWN GLSA-200712-23
Source: CCN Type: SECTRACK ID: 1018988 Wireshark Wireshark MP3, DNP, SSL, ANSI MAP, Firebird/Interbase, NCP, HTTP, MEGACO, DCP ETSI, OS/400, PPP, Bluetooth SDP, and RPC Portmap Bugs Let Remote Users Deny Service
Source: SECTRACK Type: UNKNOWN 1018988
Source: CCN Type: ASA-2008-034 wireshark security update (RHSA-2008-0059)
Source: CCN Type: ASA-2008-093 wireshark security update (RHSA-2008-0058)
Source: CONFIRM Type: UNKNOWN http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
Source: CCN Type: GLSA-200712-23 Wireshark: Multiple vulnerabilities
Source: MANDRIVA Type: UNKNOWN MDVSA-2008:001
Source: MANDRIVA Type: UNKNOWN MDVSA-2008:1
Source: REDHAT Type: UNKNOWN RHSA-2008:0058
Source: REDHAT Type: UNKNOWN RHSA-2008:0059
Source: BUGTRAQ Type: UNKNOWN 20080103 rPSA-2008-0004-1 tshark wireshark
Source: BID Type: Patch 26532
Source: CCN Type: BID-26532 Wireshark 0.99.6 Multiple Remote Vulnerabilities
Source: VUPEN Type: UNKNOWN ADV-2007-3956
Source: CCN Type: Wireshark Web site Wireshark: Download
Source: CCN Type: wnpa-sec-2007-03 Multiple problems in Wireshark® (formerly Ethereal®) versions 0.8.16 to 0.99.5
Source: CONFIRM Type: Patch http://www.wireshark.org/security/wnpa-sec-2007-03.html
Source: XF Type: UNKNOWN wireshark-ansimap-dissector-bo(38741)
Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1975
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:14578
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9726
Source: FEDORA Type: UNKNOWN FEDORA-2007-4590
Source: FEDORA Type: UNKNOWN FEDORA-2007-4690
Source: SUSE Type: SUSE-SR:2008:004 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5: cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7: cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1: cpe:/a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*AND cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*OR cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora_core:-:*:*:*:*:*:*:*OR cpe:/a:rpath:rpath_linux:1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
wireshark wireshark 0.99.5
wireshark wireshark 0.99.6
wireshark wireshark 0.99.6
wireshark wireshark 0.99.5
freebsd freebsd *
netbsd netbsd *
debian debian linux *
gentoo linux *
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux *
fedoraproject fedora core -
rpath rpath linux 1
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
microsoft windows vista *
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2007.1
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandrakesoft mandrake linux 2007.1
redhat enterprise linux 4.6.z ga
redhat enterprise linux 4.6.z ga