| Vulnerability Name: | CVE-2007-6121 (CCN-38750) |
| Assigned: | 2007-11-22 |
| Published: | 2007-11-22 |
| Updated: | 2018-10-15 |
| Summary: | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. |
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-20
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MISC
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=199958
Source: CCN
Type: Wireshark Bugzilla Bug 1998
Missing bounds check in packet-portmap.c can cause segv
Source: MITRE
Type: CNA
CVE-2007-6121
Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:004
Source: CCN
Type: RHSA-2008-0058
Moderate: wireshark security update
Source: CCN
Type: RHSA-2008-0059
Moderate: wireshark security update
Source: CCN
Type: SA27777
Wireshark Multiple Denial of Service Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
27777
Source: SECUNIA
Type: Vendor Advisory
27817
Source: SECUNIA
Type: Vendor Advisory
28197
Source: SECUNIA
Type: Vendor Advisory
28207
Source: SECUNIA
Type: Vendor Advisory
28288
Source: SECUNIA
Type: UNKNOWN
28304
Source: SECUNIA
Type: Vendor Advisory
28325
Source: SECUNIA
Type: Vendor Advisory
28564
Source: SECUNIA
Type: Vendor Advisory
28583
Source: SECUNIA
Type: Vendor Advisory
29048
Source: GENTOO
Type: UNKNOWN
GLSA-200712-23
Source: CCN
Type: SECTRACK ID: 1018988
Wireshark Wireshark MP3, DNP, SSL, ANSI MAP, Firebird/Interbase, NCP, HTTP, MEGACO, DCP ETSI, OS/400, PPP, Bluetooth SDP, and RPC Portmap Bugs Let Remote Users Deny Service
Source: SECTRACK
Type: UNKNOWN
1018988
Source: CCN
Type: ASA-2008-034
wireshark security update (RHSA-2008-0059)
Source: CCN
Type: ASA-2008-093
wireshark security update (RHSA-2008-0058)
Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
Source: DEBIAN
Type: UNKNOWN
DSA-1414
Source: DEBIAN
Type: DSA-1414
wireshark -- several vulnerabilities
Source: CCN
Type: GLSA-200712-23
Wireshark: Multiple vulnerabilities
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:001
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:1
Source: REDHAT
Type: UNKNOWN
RHSA-2008:0058
Source: REDHAT
Type: UNKNOWN
RHSA-2008:0059
Source: BUGTRAQ
Type: UNKNOWN
20080103 rPSA-2008-0004-1 tshark wireshark
Source: BID
Type: Patch
26532
Source: CCN
Type: BID-26532
Wireshark 0.99.6 Multiple Remote Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2007-3956
Source: CCN
Type: Wireshark Web site
Wireshark: Download
Source: CCN
Type: wnpa-sec-2007-03
Multiple problems in Wireshark® (formerly Ethereal®) versions 0.8.16 to 0.99.5
Source: CONFIRM
Type: Patch
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Source: XF
Type: UNKNOWN
wireshark-rpc-portmap-dos(38750)
Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1975
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11374
Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4590
Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4690
Source: SUSE
Type: SUSE-SR:2008:004
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ethereal_group:ethereal:0.8.16:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.8.17:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.8.17a:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.8.20:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*OR cpe:/a:ethereal_group:ethereal:0.99.0:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*OR cpe:/a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
Configuration RedHat 2:
cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
Configuration RedHat 5:
cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
Configuration RedHat 6:
cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Configuration RedHat 7:
cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
Configuration RedHat 8:
cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
Configuration RedHat 9:
cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |
ethereal_group ethereal 0.8.16
ethereal_group ethereal 0.8.17
ethereal_group ethereal 0.8.17a
ethereal_group ethereal 0.8.18
ethereal_group ethereal 0.8.19
ethereal_group ethereal 0.8.20
ethereal_group ethereal 0.9
ethereal_group ethereal 0.9.0
ethereal_group ethereal 0.9.1
ethereal_group ethereal 0.9.2
ethereal_group ethereal 0.9.3
ethereal_group ethereal 0.9.4
ethereal_group ethereal 0.9.5
ethereal_group ethereal 0.9.6
ethereal_group ethereal 0.9.7
ethereal_group ethereal 0.9.8
ethereal_group ethereal 0.9.9
ethereal_group ethereal 0.9.10
ethereal_group ethereal 0.9.11
ethereal_group ethereal 0.9.12
ethereal_group ethereal 0.9.13
ethereal_group ethereal 0.9.14
ethereal_group ethereal 0.9.15
ethereal_group ethereal 0.9.16
ethereal_group ethereal 0.10
ethereal_group ethereal 0.10.0
ethereal_group ethereal 0.10.0a
ethereal_group ethereal 0.10.1
ethereal_group ethereal 0.10.2
ethereal_group ethereal 0.10.3
ethereal_group ethereal 0.10.4
ethereal_group ethereal 0.10.5
ethereal_group ethereal 0.10.6
ethereal_group ethereal 0.10.7
ethereal_group ethereal 0.10.8
ethereal_group ethereal 0.10.9
ethereal_group ethereal 0.10.10
ethereal_group ethereal 0.10.11
ethereal_group ethereal 0.10.12
ethereal_group ethereal 0.10.13
ethereal_group ethereal 0.10.14
ethereal_group ethereal 0.99.0
wireshark wireshark 0.8.16
wireshark wireshark 0.9.8
wireshark wireshark 0.9.10
wireshark wireshark 0.99
wireshark wireshark 0.99.0
wireshark wireshark 0.99.1
wireshark wireshark 0.99.2
wireshark wireshark 0.99.3
wireshark wireshark 0.99.4
wireshark wireshark 0.99.5
wireshark wireshark 0.99.6