ID CVE-2008-3141
Summary Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 11-10-2018 - 20:47)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:N/A:N
oval via4
accepted 2013-04-29T04:13:15.294-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
family unix
id oval:org.mitre.oval:def:11324
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
version 24
redhat via4
advisories
rhsa
id RHSA-2008:0890
rpms
  • wireshark-0:1.0.3-EL3.3
  • wireshark-gnome-0:1.0.3-EL3.3
  • wireshark-0:1.0.3-3.el4_7
  • wireshark-gnome-0:1.0.3-3.el4_7
  • wireshark-0:1.0.3-4.el5_2
  • wireshark-gnome-0:1.0.3-4.el5_2
refmap via4
bid 30020
bugtraq 20080703 rPSA-2008-0212-1 tshark wireshark
confirm
debian DSA-1673
fedora FEDORA-2008-6440
gentoo GLSA-200808-04
sectrack 1020404
secunia
  • 30886
  • 30942
  • 31085
  • 31378
  • 31687
  • 32091
  • 32944
suse SUSE-SR:2008:017
vupen
  • ADV-2008-1982
  • ADV-2008-2773
xf wireshark-rmi-information-disclosure(43520)
statements via4
contributor Tomas Hoger
lastmodified 2008-10-17
organization Red Hat
statement The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
Last major update 11-10-2018 - 20:47
Published 10-07-2008 - 23:41
Back to Top