[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

Notification of New Vulnerabilties to Windows Systems Fixlet Messages winvulns-announcements at bigmail.bigfix.com
Fri Feb 15 05:21:51 PST 2013 

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 331	Published: Thu, 14 Feb 2013 20:23:18  GMT

New Fixlets:
============

***************************************************************
Title: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of servic
Severity: Low
Fixlet ID: 1604801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16048.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1586
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

***************************************************************
Title: The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of ser
Severity: Low
Fixlet ID: 1645001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16450.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1576
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

More information about the WinVulns-Announcements mailing list