Rapid7 Vulnerability & Exploit Database

CESA-2008:0058: RHSA-2008:0058

Back to Search

CESA-2008:0058: RHSA-2008:0058

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
11/23/2007
Created
07/25/2018
Added
03/12/2010
Modified
08/29/2017

Description

Moderate: wireshark security updateWireshark is a program for monitoring network traffic. Wireshark waspreviously known as Ethereal.Several flaws were found in Wireshark. Wireshark could crash or possiblyexecute arbitrary code as the user running Wireshark if it read a malformedpacket off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,CVE-2007-6117)Several denial of service bugs were found in Wireshark. Wireshark couldcrash or stop responding if it read a malformed packet off the network.(CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,CVE-2007-6450, CVE-2007-6451)As well, Wireshark switched from using net-snmp to libsmi, which isincluded in this errata.Users of wireshark should upgrade to these updated packages, which containWireshark version 0.99.7, and resolve these issues.

Solution(s)

  • centos-upgrade-libsmi
  • centos-upgrade-libsmi-devel
  • centos-upgrade-wireshark
  • centos-upgrade-wireshark-gnome

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;