ID CVE-2007-0457
Summary Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.10.2
    cpe:2.3:a:wireshark:wireshark:0.10.2
  • cpe:2.3:a:wireshark:wireshark:0.10.3
    cpe:2.3:a:wireshark:wireshark:0.10.3
  • cpe:2.3:a:wireshark:wireshark:0.10.4
    cpe:2.3:a:wireshark:wireshark:0.10.4
  • cpe:2.3:a:wireshark:wireshark:0.10.5
    cpe:2.3:a:wireshark:wireshark:0.10.5
  • cpe:2.3:a:wireshark:wireshark:0.10.6
    cpe:2.3:a:wireshark:wireshark:0.10.6
  • cpe:2.3:a:wireshark:wireshark:0.10.7
    cpe:2.3:a:wireshark:wireshark:0.10.7
  • cpe:2.3:a:wireshark:wireshark:0.10.8
    cpe:2.3:a:wireshark:wireshark:0.10.8
  • cpe:2.3:a:wireshark:wireshark:0.10.9
    cpe:2.3:a:wireshark:wireshark:0.10.9
  • cpe:2.3:a:wireshark:wireshark:0.10.14
    cpe:2.3:a:wireshark:wireshark:0.10.14
  • cpe:2.3:a:wireshark:wireshark:0.99.0
    cpe:2.3:a:wireshark:wireshark:0.99.0
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
  • Wireshark 0.99.3
    cpe:2.3:a:wireshark:wireshark:0.99.3
  • Wireshark 0.99.4
    cpe:2.3:a:wireshark:wireshark:0.99.4
CVSS
Base: 4.3 (as of 02-02-2007 - 16:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-033.NASL
    description Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were discovered in versions of wireshark less than 0.99.5, as well as various other bugs. This updated provides wireshark 0.99.5 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24646
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24646
    title Mandrake Linux Security Advisory : wireshark (MDKSA-2007:033)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-207.NASL
    description - multiple security issues fixed (#227140) - CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets - CVE-2007-0459 - The HTTP dissector could crash. - CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. - CVE-2007-0456 - On some systems, the LLT dissector could crash. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24303
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24303
    title Fedora Core 5 : wireshark-0.99.5-1.fc5 (2007-207)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0066.NASL
    description From Red Hat Security Advisory 2007:0066 : New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67449
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67449
    title Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2007-0066)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0066.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24818
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24818
    title CentOS 3 / 4 : wireshark (CESA-2007:0066)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WIRESHARK-2638.NASL
    description Wireshark 0.99.5 fixes four vulnerabilities : - CVE-2007-0459 The TCP dissector could hang or crash - CVE-2007-0458 The HTTP dissector could crash - CVE-2007-0457 The IEEE 802.11 dissector could crash - CVE-2007-0456 The LLT dissector could crash
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 27477
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27477
    title openSUSE 10 Security Update : wireshark (wireshark-2638)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0066.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24833
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24833
    title RHEL 2.1 / 3 / 4 / 5 : wireshark (RHSA-2007:0066)
oval via4
accepted 2013-04-29T04:10:37.273-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
family unix
id oval:org.mitre.oval:def:11003
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
version 24
redhat via4
advisories
rhsa
id RHSA-2007:0066
rpms
  • wireshark-0:0.99.5-EL3.1
  • wireshark-gnome-0:0.99.5-EL3.1
  • wireshark-0:0.99.5-EL4.1
  • wireshark-gnome-0:0.99.5-EL4.1
  • wireshark-0:0.99.5-1.el5
  • wireshark-gnome-0:0.99.5-1.el5
refmap via4
bid 22352
confirm
fedora FEDORA-2007-207
mandriva MDKSA-2007:033
osvdb 33074
sectrack 1017581
secunia
  • 24011
  • 24016
  • 24025
  • 24084
  • 24515
  • 24650
  • 24970
sgi 20070301-01-P
vupen ADV-2007-0443
xf wireshark-ieeedissector-dos(32055)
Last major update 07-03-2011 - 21:49
Published 02-02-2007 - 15:28
Last modified 10-10-2017 - 21:31
Back to Top