CVE-2008-0058
published 2008-03-18CVE-2008-0058: Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code…
medium5.8CVSS 3.1
AVNACMAuNCNIPAP
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-6441 wireshark WiMAX dissector possible crash
bugzilla·2008-01-02·CVSS 3.3
CVE-2007-6441 [LOW] CVE-2007-6441 wireshark WiMAX dissector possible crash
CVE-2007-6441 wireshark WiMAX dissector possible crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6441 to the following vulnerability:
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Bugzilla
CVE-2007-6438 wireshark SMB dissector crash
bugzilla·2008-01-02·CVSS 7.1
CVE-2007-6438 [HIGH] CVE-2007-6438 wireshark SMB dissector crash
CVE-2007-6438 wireshark SMB dissector crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6438 to the following vulnerability:
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Bugzilla
CVE-2007-6439 wireshark IPv6 and USB dissector crash
bugzilla·2008-01-02·CVSS 5.0
CVE-2007-6439 [MEDIUM] CVE-2007-6439 wireshark IPv6 and USB dissector crash
CVE-2007-6439 wireshark IPv6 and USB dissector crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6439 to the following vulnerability:
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Bugzilla
CVE-2007-6450 wireshark RPL dissector crash
bugzilla·2008-01-02·CVSS 5.0
CVE-2007-6450 [MEDIUM] CVE-2007-6450 wireshark RPL dissector crash
CVE-2007-6450 wireshark RPL dissector crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6450 to the following vulnerability:
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
Bugzilla
CVE-2007-6451 wireshark CIP dissector crash
bugzilla·2008-01-02·CVSS 4.3
CVE-2007-6451 [MEDIUM] CVE-2007-6451 wireshark CIP dissector crash
CVE-2007-6451 wireshark CIP dissector crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6451 to the following vulnerability:
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
Bugzilla
CVE-2007-6119 wireshark DCP ETSI dissector flaws
bugzilla·2007-11-23·CVSS 7.8
CVE-2007-6119 [HIGH] CVE-2007-6119 wireshark DCP ETSI dissector flaws
CVE-2007-6119 wireshark DCP ETSI dissector flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6119 to the following vulnerability:
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows
remote attackers to cause a denial of service (long loop and resource
consumption) via unknown vectors.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Fedora:
https://admin.fedoraproject.org/updates/F
Bugzilla
CVE-2007-6121 wireshark RPC Portmap flaws
bugzilla·2007-11-23·CVSS 5.0
CVE-2007-6121 [MEDIUM] CVE-2007-6121 wireshark RPC Portmap flaws
CVE-2007-6121 wireshark RPC Portmap flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6121 to the following vulnerability:
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers
to cause a denial of service (crash) via a malformed RPC Portmap
packet.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
Fedora:
https://admin.fedoraproject.o
Bugzilla
CVE-2007-6112 wireshark ppp flaws
bugzilla·2007-11-23·CVSS 10.0
CVE-2007-6112 [CRITICAL] CVE-2007-6112 wireshark ppp flaws
CVE-2007-6112 wireshark ppp flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6112 to the following vulnerability:
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via unknown vectors.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Fedora:
https://admin.fedoraproject.org/update
Bugzilla
CVE-2007-6116 wireshark firebird/interbase flaws
bugzilla·2007-11-23·CVSS 5.0
CVE-2007-6116 [MEDIUM] CVE-2007-6116 wireshark firebird/interbase flaws
CVE-2007-6116 wireshark firebird/interbase flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6116 to the following vulnerability:
The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (infinite
loop or crash) via unknown vectors.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Fedora:
https://admin.fedoraproject.org/updates/F8/
Bugzilla
CVE-2007-6111 wireshark mp3 and ncp flaws
bugzilla·2007-11-23·CVSS 7.1
CVE-2007-6111 [HIGH] CVE-2007-6111 wireshark mp3 and ncp flaws
CVE-2007-6111 wireshark mp3 and ncp flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6111 to the following vulnerability:
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)
allow remote attackers to cause a denial of service (crash) via (1) a
crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Fedora:
https://admin.fe
Bugzilla
CVE-2007-6117 wireshark HTTP dissector flaws
bugzilla·2007-11-23·CVSS 5.0
CVE-2007-6117 [MEDIUM] CVE-2007-6117 wireshark HTTP dissector flaws
CVE-2007-6117 wireshark HTTP dissector flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6117 to the following vulnerability:
Unspecified vulnerability in the HTTP dissector for Wireshark
(formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
attack vectors related to chunked messages.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
Fedo
Bugzilla
CVE-2007-6118 wireshark MEGACO dissector flaws
bugzilla·2007-11-23·CVSS 7.8
CVE-2007-6118 [HIGH] CVE-2007-6118 wireshark MEGACO dissector flaws
CVE-2007-6118 wireshark MEGACO dissector flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6118 to the following vulnerability:
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6
allows remote attackers to cause a denial of service (long loop and
resource consumption) via unknown vectors.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.
Bugzilla
CVE-2007-6113 wireshark DNP3 flaws
bugzilla·2007-11-23·CVSS 4.3
CVE-2007-6113 [MEDIUM] CVE-2007-6113 wireshark DNP3 flaws
CVE-2007-6113 wireshark DNP3 flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6113 to the following vulnerability:
Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
attackers to cause a denial of service (long loop) via a malformed DNP
packet.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
*** Bug 280821 has been marked as a duplicate of this bug. ***
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata
Bugzilla
CVE-2007-6120 wireshark Bluetooth SDP dissector flaws
bugzilla·2007-11-23·CVSS 5.0
CVE-2007-6120 [MEDIUM] CVE-2007-6120 wireshark Bluetooth SDP dissector flaws
CVE-2007-6120 wireshark Bluetooth SDP dissector flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6120 to the following vulnerability:
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to
0.99.6 allows remote attackers to cause a denial of service (infinite
loop) via unknown vectors.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
Fedo
http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/29420http://www.securityfocus.com/bid/28304http://www.securityfocus.com/bid/28359http://www.securitytracker.com/id?1019650http://www.us-cert.gov/cas/techalerts/TA08-079A.htmlhttp://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41297http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/29420http://www.securityfocus.com/bid/28304http://www.securityfocus.com/bid/28359http://www.securitytracker.com/id?1019650http://www.us-cert.gov/cas/techalerts/TA08-079A.htmlhttp://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41297
2008-03-18
Published