U-250: Wireshark DRDA Dissector Flaw Lets Remote Users Deny Service

September 4, 2012 - 6:00am

PROBLEM:

Wireshark DRDA Dissector Flaw Lets Remote Users Deny Service

PLATFORM:

Version: 1.8.2

ABSTRACT:

Wireshark is prone to a denial-of-service vulnerability.

reference LINKS:

Wireshark Homepage (Wireshark)
Wireshark Bug Database – Bug 7666
SecurityTracker Alert ID: 1027464
Bugtraq ID: 55284
Red Hat Bugzilla – Bug 849926
CVE-2012-3548

IMPACT ASSESSMENT:

Medium

Discussion:

An attacker can leverage this issue to cause an affected application to consume excessive amount of CPU time and enter an infinite loop which may cause denial-of-service conditions.

Impact:

A remote user can consume excessive CPU resources on the target system.

Solution:

The vendor has issued a fix.

JC3 Contact:

Voice:Hotline at 1-866-941-2472

World Wide Web: http://energy.gov/cio/services/incident-management

E-mail: circ@jc3.doe.gov

JC3 services are available to JC3-Joint Cybersecurity Coordination Center, and JC3 Contractors.

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here