CVE-2008-3138

Summary

CVE	CVE-2008-3138
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-07-10 23:41:00 UTC
Updated	2018-10-11 20:47:00 UTC
Description	The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

Risk And Classification

Problem Types: CWE-200 | NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rpath	Rpath Linux	1	All	All	All
Application	Rpath	Rpath Linux	1	All	All	All
Application	Wireshark	Wireshark	0.9.5	All	All	All
Application	Wireshark	Wireshark	0.99.2	All	All	All
Application	Wireshark	Wireshark	0.99.3	All	All	All
Application	Wireshark	Wireshark	0.99.4	All	All	All
Application	Wireshark	Wireshark	0.99.5	All	All	All
Application	Wireshark	Wireshark	0.99.6	All	All	All
Application	Wireshark	Wireshark	0.99.7	All	All	All
Application	Wireshark	Wireshark	0.99.8	All	All	All
Application	Wireshark	Wireshark	1.0	All	All	All
Application	Wireshark	Wireshark	1.0.0	All	All	All
Application	Wireshark	Wireshark	0.9.5	All	All	All
Application	Wireshark	Wireshark	0.99.2	All	All	All
Application	Wireshark	Wireshark	0.99.3	All	All	All
Application	Wireshark	Wireshark	0.99.4	All	All	All
Application	Wireshark	Wireshark	0.99.5	All	All	All
Application	Wireshark	Wireshark	0.99.6	All	All	All
Application	Wireshark	Wireshark	0.99.7	All	All	All
Application	Wireshark	Wireshark	0.99.8	All	All	All
Application	Wireshark	Wireshark	1.0	All	All	All
Application	Wireshark	Wireshark	1.0.0	All	All	All

References

Reference	Source	Link	Tags
Red Hat update for wireshark - Advisories - Community	SECUNIA	secunia.com
ASA-2008-392 (RHSA-2008-0890)	CONFIRM	support.avaya.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Wireshark GSM SMS, PANA, KISMET, RTMPT, and syslog Dissector Bugs Let Remote Users Deny Service - SecurityTracker	SECTRACK	securitytracker.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017	SUSE	lists.opensuse.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
Wireshark 1.0.0 Multiple Vulnerabilities	BID	www.securityfocus.com
Fedora update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
[SECURITY] Fedora 9 Update: wireshark-1.0.2-1.fc9	FEDORA	www.redhat.com
Wireshark Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Gentoo update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Wireshark: Denial of Service — Gentoo Linux Documentation	GENTOO	security.gentoo.org
rPath update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Debian -- Security Information -- DSA-1673-1 wireshark	DEBIAN	www.debian.org
Debian update for wireshark - Secunia.com	SECUNIA	secunia.com
Webmail - OVH	VUPEN	www.vupen.com
Support	REDHAT	www.redhat.com
Wireshark: wnpa-sec-2008-03	CONFIRM	www.wireshark.org
Advisories:rPSA-2008-0212 - rPath Wiki	CONFIRM	wiki.rpath.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2008-10-17	Tomas Hoger	The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html

There are currently no legacy QID mappings associated with this CVE.