SB2016092603 - Arch Linux update for wireshark-cli

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016092603

SB2016092603 - Arch Linux update for wireshark-cli

Published: September 26, 2016

Security Bulletin ID SB2016092603
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 vulnerabilities.


1) Denial of service (CVE-ID: CVE-2016-7175)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the QNX6 QNET dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.


2) Denial of service (CVE-ID: CVE-2016-7176)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the H.225 dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.

3) (CVE-ID: CVE-2016-7177)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the Catapult DCT2000 dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.



4) Denial of service (CVE-ID: CVE-2016-7178)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the UMTS FP dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.


5) Denial of service (CVE-ID: CVE-2016-7179)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the Catapult DCT2000 dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.



6) Denial of service (CVE-ID: CVE-2016-7180)

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the IPMI Trace dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.



Remediation

Install update from vendor's website.

References