Original Issue Date: November 12, 2009
Severity Rating: Medium
Wireshark versions 0.10.10 through 1.2.2
Multiple vulnerabilities have been reported in Wireshark network Protocol
Analyzer which could be exploited by attackers to cause a denial of service
condition on the systems installed with affected version of application.
These vulnerabilities are caused due to errors in the RADIUS
(CVE-2009-2560), DCERPC/NT (CVE-2009-3550), Paltalk
(CVE-2009-3549) and SMB (CVE-2009-3551) dissectors while processing
specially crafted packets or data. This could be exploited by attackers to
crash an affected application or exhaust all available memory resources
thus creating a Denial of Service condition.
Upgrade to Wireshark version 1.2.3 or 1.0.10:
The information provided herein is on “as is” basis, without warranty of