Vulnerability Name:

CVE-2007-6121 (CCN-38750)

Assigned:2007-11-22
Published:2007-11-22
Updated:2018-10-15
Summary:Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MISC
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=199958

Source: CCN
Type: Wireshark Bugzilla Bug 1998
Missing bounds check in packet-portmap.c can cause segv

Source: MITRE
Type: CNA
CVE-2007-6121

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:004

Source: CCN
Type: RHSA-2008-0058
Moderate: wireshark security update

Source: CCN
Type: RHSA-2008-0059
Moderate: wireshark security update

Source: CCN
Type: SA27777
Wireshark Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27777

Source: SECUNIA
Type: Vendor Advisory
27817

Source: SECUNIA
Type: Vendor Advisory
28197

Source: SECUNIA
Type: Vendor Advisory
28207

Source: SECUNIA
Type: Vendor Advisory
28288

Source: SECUNIA
Type: UNKNOWN
28304

Source: SECUNIA
Type: Vendor Advisory
28325

Source: SECUNIA
Type: Vendor Advisory
28564

Source: SECUNIA
Type: Vendor Advisory
28583

Source: SECUNIA
Type: Vendor Advisory
29048

Source: GENTOO
Type: UNKNOWN
GLSA-200712-23

Source: CCN
Type: SECTRACK ID: 1018988
Wireshark Wireshark MP3, DNP, SSL, ANSI MAP, Firebird/Interbase, NCP, HTTP, MEGACO, DCP ETSI, OS/400, PPP, Bluetooth SDP, and RPC Portmap Bugs Let Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1018988

Source: CCN
Type: ASA-2008-034
wireshark security update (RHSA-2008-0059)

Source: CCN
Type: ASA-2008-093
wireshark security update (RHSA-2008-0058)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004

Source: DEBIAN
Type: UNKNOWN
DSA-1414

Source: DEBIAN
Type: DSA-1414
wireshark -- several vulnerabilities

Source: CCN
Type: GLSA-200712-23
Wireshark: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:001

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:1

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0058

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0059

Source: BUGTRAQ
Type: UNKNOWN
20080103 rPSA-2008-0004-1 tshark wireshark

Source: BID
Type: Patch
26532

Source: CCN
Type: BID-26532
Wireshark 0.99.6 Multiple Remote Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-3956

Source: CCN
Type: Wireshark Web site
Wireshark: Download

Source: CCN
Type: wnpa-sec-2007-03
Multiple problems in Wireshark® (formerly Ethereal®) versions 0.8.16 to 0.99.5

Source: CONFIRM
Type: Patch
http://www.wireshark.org/security/wnpa-sec-2007-03.html

Source: XF
Type: UNKNOWN
wireshark-rpc-portmap-dos(38750)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1975

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11374

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4590

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4690

Source: SUSE
Type: SUSE-SR:2008:004
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ethereal_group:ethereal:0.8.16:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.17:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.17a:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.20:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.99.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

  • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20076121
    V
    CVE-2007-6121
    2015-11-16
    oval:org.mitre.oval:def:18331
    P
    DSA-1414-1 wireshark - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22589
    P
    ELSA-2008:0058: wireshark security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11374
    V
    Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
    2013-04-29
    oval:com.redhat.rhsa:def:20080058
    P
    RHSA-2008:0058: wireshark security update (Moderate)
    2008-01-28
    oval:com.redhat.rhsa:def:20080059
    P
    RHSA-2008:0059: wireshark security update (Moderate)
    2008-01-28
    oval:org.debian:def:1414
    V
    several vulnerabilities
    2007-11-27
    BACK
    ethereal_group ethereal 0.8.16
    ethereal_group ethereal 0.8.17
    ethereal_group ethereal 0.8.17a
    ethereal_group ethereal 0.8.18
    ethereal_group ethereal 0.8.19
    ethereal_group ethereal 0.8.20
    ethereal_group ethereal 0.9
    ethereal_group ethereal 0.9.0
    ethereal_group ethereal 0.9.1
    ethereal_group ethereal 0.9.2
    ethereal_group ethereal 0.9.3
    ethereal_group ethereal 0.9.4
    ethereal_group ethereal 0.9.5
    ethereal_group ethereal 0.9.6
    ethereal_group ethereal 0.9.7
    ethereal_group ethereal 0.9.8
    ethereal_group ethereal 0.9.9
    ethereal_group ethereal 0.9.10
    ethereal_group ethereal 0.9.11
    ethereal_group ethereal 0.9.12
    ethereal_group ethereal 0.9.13
    ethereal_group ethereal 0.9.14
    ethereal_group ethereal 0.9.15
    ethereal_group ethereal 0.9.16
    ethereal_group ethereal 0.10
    ethereal_group ethereal 0.10.0
    ethereal_group ethereal 0.10.0a
    ethereal_group ethereal 0.10.1
    ethereal_group ethereal 0.10.2
    ethereal_group ethereal 0.10.3
    ethereal_group ethereal 0.10.4
    ethereal_group ethereal 0.10.5
    ethereal_group ethereal 0.10.6
    ethereal_group ethereal 0.10.7
    ethereal_group ethereal 0.10.8
    ethereal_group ethereal 0.10.9
    ethereal_group ethereal 0.10.10
    ethereal_group ethereal 0.10.11
    ethereal_group ethereal 0.10.12
    ethereal_group ethereal 0.10.13
    ethereal_group ethereal 0.10.14
    ethereal_group ethereal 0.99.0
    wireshark wireshark 0.8.16
    wireshark wireshark 0.9.8
    wireshark wireshark 0.9.10
    wireshark wireshark 0.99
    wireshark wireshark 0.99.0
    wireshark wireshark 0.99.1
    wireshark wireshark 0.99.2
    wireshark wireshark 0.99.3
    wireshark wireshark 0.99.4
    wireshark wireshark 0.99.5
    wireshark wireshark 0.99.6