First published: Mon Nov 24 2008(Updated: )
A security flaw was found in the Wireshark's SMTP dissector -- routines for SMTP packet disassembly. A remote attacker could use this flaw to cause a denial of service (infinite loop) via sending a large SMTP request to port 25. References: <a href="http://packetstormsecurity.org/0811-advisories/wireshark104-dos.txt">http://packetstormsecurity.org/0811-advisories/wireshark104-dos.txt</a> <a href="http://www.securityfocus.com/archive/1/498562/30/0/threaded">http://www.securityfocus.com/archive/1/498562/30/0/threaded</a> <a href="http://www.nabble.com/-SVRT-04-08--Vulnerability-in-WireShark-1.0.4-for-DoS-Attack-td20640164.html">http://www.nabble.com/-SVRT-04-08--Vulnerability-in-WireShark-1.0.4-for-DoS-Attack-td20640164.html</a> Proposed upstream patches: <a href="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24989&r2=24988&pathrev=24989&view=patch">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24989&r2=24988&pathrev=24989&view=patch</a> <a href="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24994&r2=24993&pathrev=24994&view=patch">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24994&r2=24993&pathrev=24994&view=patch</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wireshark Wireshark | =0.99.8 | |
Wireshark Wireshark | =0.10.3 | |
Wireshark Wireshark | =0.9.10 | |
Wireshark Wireshark | =0.99.3 | |
Wireshark Wireshark | =0.9.14 | |
Wireshark Wireshark | =0.10.6 | |
Wireshark Wireshark | =0.99.0 | |
Wireshark Wireshark | =0.10.4 | |
Wireshark Wireshark | =0.8.16 | |
Wireshark Wireshark | =0.10 | |
Wireshark Wireshark | =1.0.1 | |
Wireshark Wireshark | =0.10.14 | |
Wireshark Wireshark | =0.9.8 | |
Wireshark Wireshark | =0.8.19 | |
Wireshark Wireshark | =0.9.5 | |
Wireshark Wireshark | =0.10.1 | |
Wireshark Wireshark | =0.10.9 | |
Wireshark Wireshark | =0.10.7 | |
Wireshark Wireshark | <=1.0.4 | |
Wireshark Wireshark | =1.0 | |
Wireshark Wireshark | =0.10.8 | |
Wireshark Wireshark | =0.99.6 | |
Wireshark Wireshark | =1.0.2 | |
Wireshark Wireshark | =0.99.2 | |
Wireshark Wireshark | =0.99.1 | |
Wireshark Wireshark | =1.0.3 | |
Wireshark Wireshark | =0.10.2 | |
Wireshark Wireshark | =0.10.13 | |
Wireshark Wireshark | =0.10.12 | |
Wireshark Wireshark | =0.10.10 | |
Wireshark Wireshark | =0.10.5 | |
Wireshark Wireshark | =0.99.5 | |
Wireshark Wireshark | =0.10.11 | |
Wireshark Wireshark | =0.7.9 | |
Wireshark Wireshark | =0.99.4 | |
Wireshark Wireshark | =1.0.0 | |
Wireshark Wireshark | =0.99.6a | |
Wireshark Wireshark | =0.99 | |
Wireshark Wireshark | =0.99.7 | |
Wireshark Wireshark | =0.6 | |
Wireshark Wireshark | =0.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.