Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Arch Linux ASA-201609-15 Low Severity: tcpdump-CLI Denial Of Service

Calendar Aug 27, 2016 User Avatar LinuxSecurity Advisories
2 - 4 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service low severity Arch Linux wireshark-cli
The package wireshark-cli before version 2.0.5-1 is vulnerable to denial of service. 
Arch Linux Security Advisory ASA-201608-20
=========================================
Severity: Low
Date    : 2016-08-27
CVE-ID  : CVE-2016-6505 CVE-2016-6506 CVE-2016-6508 CVE-2016-6509 
          CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513
Package : wireshark-cli
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package wireshark-cli before version 2.0.5-1 is vulnerable to denial
of service.

Resolution
=========
Upgrade to 2.0.5-1.

# pacman -Syu "wireshark-cli>=2.0.5-1"

The problem has been fixed upstream in version 2.0.5.

Workaround
=========
None.

Description
==========
- CVE-2016-6505 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6506 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6508 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6509 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6510 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6511 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6512 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6513 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

Impact
=====
A remote attacker is able to crash or make wireshark consume excessive
CPU resources by injecting a malformed packet or convincing someone to
read a malformed packet trace.

References
=========
https://access.redhat.com/security/cve/CVE-2016-6505
https://access.redhat.com/security/cve/CVE-2016-6506
https://access.redhat.com/security/cve/CVE-2016-6508
https://access.redhat.com/security/cve/CVE-2016-6509
https://access.redhat.com/security/cve/CVE-2016-6510
https://access.redhat.com/security/cve/CVE-2016-6511
https://access.redhat.com/security/cve/CVE-2016-6512
https://access.redhat.com/security/cve/CVE-2016-6513
https://www.wireshark.org/security/wnpa-sec-2016-41.html
https://gitlab.com/wireshark/wireshark/-/issues/12577
;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://gitlab.com/wireshark/wireshark/-/issues/12594
;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://gitlab.com/wireshark/wireshark/-/issues/12660
;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://gitlab.com/wireshark/wireshark/-/issues/12662
;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://gitlab.com/wireshark/wireshark/-/issues/12664
;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://gitlab.com/wireshark/wireshark/-/issues/12659
;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://gitlab.com/wireshark/wireshark/-/issues/12661
;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://gitlab.com/wireshark/wireshark/-/issues/12663
;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72

Related News

Your message here