Vulnerability Name:

CVE-2008-3139 (CCN-43517)

Assigned:2008-06-30
Published:2008-06-30
Updated:2018-10-11
Summary:The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Note: this might be due to a use-after-free error.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-200
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-3139

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:017

Source: CCN
Type: SA30886
Wireshark Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30886

Source: SECUNIA
Type: UNKNOWN
30942

Source: SECUNIA
Type: UNKNOWN
31085

Source: SECUNIA
Type: UNKNOWN
31378

Source: SECUNIA
Type: UNKNOWN
31687

Source: GENTOO
Type: UNKNOWN
GLSA-200808-04

Source: CCN
Type: SECTRACK ID: 1020404
Wireshark GSM SMS, PANA, KISMET, RTMPT, and syslog Dissector Bugs Let Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1020404

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212

Source: CCN
Type: GLSA-200808-04
Wireshark: Denial of Service

Source: CCN
Type: OSVDB ID: 46649
Wireshark RTMPT Dissector Unspecified DoS

Source: BUGTRAQ
Type: UNKNOWN
20080703 rPSA-2008-0212-1 tshark wireshark

Source: BID
Type: UNKNOWN
30020

Source: CCN
Type: BID-30020
Wireshark 1.0.0 Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-1982

Source: CCN
Type: wnpa-sec-2008-03
Multiple problems in Wireshark versions 0.9.5 to 1.0.0

Source: CONFIRM
Type: UNKNOWN
http://www.wireshark.org/security/wnpa-sec-2008-03.html

Source: XF
Type: UNKNOWN
wireshark-rtmpt-dos(43517)

Source: XF
Type: UNKNOWN
wireshark-rtmpt-dos(43517)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14682

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-6440

Source: SUSE
Type: SUSE-SR:2008:017
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rpath:rpath_linux:1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20083139
    V
    		CVE-2008-3139
    2017-09-27
    oval:org.mitre.oval:def:14682
    V
    		RTMPT dissector vulnerability in Wireshark 0.99.8 through 1.0.0
    2013-08-19
    BACK
    rpath rpath linux 1
    wireshark wireshark 0.9.5
    wireshark wireshark 0.99.2
    wireshark wireshark 0.99.3
    wireshark wireshark 0.99.4
    wireshark wireshark 0.99.5
    wireshark wireshark 0.99.6
    wireshark wireshark 0.99.7
    wireshark wireshark 0.99.8
    wireshark wireshark 1.0
    wireshark wireshark 1.0.0
    wireshark wireshark 0.99.8
    wireshark wireshark 1.0.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.1