ID CVE-2007-0458
Summary Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
References
Vulnerable Configurations
  • Wireshark 0.99.3
    cpe:2.3:a:wireshark:wireshark:0.99.3
  • Wireshark 0.99.4
    cpe:2.3:a:wireshark:wireshark:0.99.4
CVSS
Base: 4.3 (as of 02-02-2007 - 16:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-033.NASL
    description Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were discovered in versions of wireshark less than 0.99.5, as well as various other bugs. This updated provides wireshark 0.99.5 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24646
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24646
    title Mandrake Linux Security Advisory : wireshark (MDKSA-2007:033)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-207.NASL
    description - multiple security issues fixed (#227140) - CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets - CVE-2007-0459 - The HTTP dissector could crash. - CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. - CVE-2007-0456 - On some systems, the LLT dissector could crash. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24303
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24303
    title Fedora Core 5 : wireshark-0.99.5-1.fc5 (2007-207)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0066.NASL
    description From Red Hat Security Advisory 2007:0066 : New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67449
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67449
    title Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2007-0066)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0066.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24818
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24818
    title CentOS 3 / 4 : wireshark (CESA-2007:0066)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WIRESHARK-2638.NASL
    description Wireshark 0.99.5 fixes four vulnerabilities : - CVE-2007-0459 The TCP dissector could hang or crash - CVE-2007-0458 The HTTP dissector could crash - CVE-2007-0457 The IEEE 802.11 dissector could crash - CVE-2007-0456 The LLT dissector could crash
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 27477
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27477
    title openSUSE 10 Security Update : wireshark (wireshark-2638)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0066.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24833
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24833
    title RHEL 2.1 / 3 / 4 / 5 : wireshark (RHSA-2007:0066)
oval via4
  • accepted 2013-04-29T04:10:19.380-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
    family unix
    id oval:org.mitre.oval:def:10966
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
    version 24
  • accepted 2013-08-19T04:00:39.612-04:00
    class vulnerability
    contributors
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    comment Wireshark is installed on the system.
    oval oval:org.mitre.oval:def:6589
    description Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
    family windows
    id oval:org.mitre.oval:def:14836
    status accepted
    submitted 2012-02-27T15:34:33.178-04:00
    title HTTP dissector vulnerability in Wireshark 0.99.3 and 0.99.4
    version 8
redhat via4
advisories
rhsa
id RHSA-2007:0066
rpms
  • wireshark-0:0.99.5-EL3.1
  • wireshark-gnome-0:0.99.5-EL3.1
  • wireshark-0:0.99.5-EL4.1
  • wireshark-gnome-0:0.99.5-EL4.1
  • wireshark-0:0.99.5-1.el5
  • wireshark-gnome-0:0.99.5-1.el5
refmap via4
bid 22352
confirm
fedora FEDORA-2007-207
mandriva MDKSA-2007:033
osvdb 33075
sectrack 1017581
secunia
  • 24011
  • 24016
  • 24025
  • 24084
  • 24515
  • 24650
  • 24970
sgi 20070301-01-P
vupen ADV-2007-0443
xf wireshark-httpdissector-dos(32054)
Last major update 13-08-2012 - 22:14
Published 02-02-2007 - 15:28
Last modified 10-10-2017 - 21:31
Back to Top