Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Wireshark 1.0.3 released

Published: 2008-09-04
Last Updated: 2008-09-04 18:18:29 UTC
by Chris Carboni (Version: 1)
0 comment(s)

Wireshark 1.0.3 has been released and fixes several vulnerabilities that affect versions 0.9.7 to 1.0.2 inclusive.

The NCP dissector was susceptible to a number of problems, including buffer overflows and an infinite loop.
Versions affected: 0.9.7 to 1.0.2

Wireshark could crash while uncompressing zlib-compressed packet data.
Versions affected: 0.10.14 to 1.0.2

Wireshark could crash while reading a Tektronix .rf5 file.
Versions affected: 0.99.6 to 1.0.2

Wireshark's full announcement is available here and can be downloaded from here

Keywords: wireshark
0 comment(s)

Cisco Vulnerabilities

Published: 2008-09-04
Last Updated: 2008-09-04 18:07:25 UTC
by Chris Carboni (Version: 1)
0 comment(s)

Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability

A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS.

The full text is available here


Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information.

The full details are available here

 

Keywords: cisco
0 comment(s)
Diary Archives