Vulnerabilities > CVE-2006-3628 - Use of Externally-Controlled Format String vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0602.NASL
    descriptionNew Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal
    last seen2020-06-01
    modified2020-06-02
    plugin id22238
    published2006-08-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22238
    titleCentOS 3 / 4 : wireshark (CESA-2006:0602)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0602 and 
    # CentOS Errata and Security Advisory 2006:0602 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22238);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-3627", "CVE-2006-3628", "CVE-2006-3629", "CVE-2006-3630", "CVE-2006-3631", "CVE-2006-3632");
      script_bugtraq_id(19051);
      script_xref(name:"RHSA", value:"2006:0602");
    
      script_name(english:"CentOS 3 / 4 : wireshark (CESA-2006:0602)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Wireshark packages that fix various security vulnerabilities in
    Ethereal are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Ethereal is a program for monitoring network traffic.
    
    In May 2006, Ethereal changed its name to Wireshark. This update
    deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3,
    and 4 in favor of the supported Wireshark packages.
    
    Several denial of service bugs were found in Ethereal's protocol
    dissectors. It was possible for Ethereal to crash or stop responding
    if it read a malformed packet off the network. (CVE-2006-3627,
    CVE-2006-3629, CVE-2006-3631)
    
    Several buffer overflow bugs were found in Ethereal's ANSI MAP, NCP
    NMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash
    or execute arbitrary code if it read a malformed packet off the
    network. (CVE-2006-3630, CVE-2006-3632)
    
    Several format string bugs were found in Ethereal's Checkpoint FW-1,
    MQ, XML, and NTP dissectors. It was possible for Ethereal to crash or
    execute arbitrary code if it read a malformed packet off the network.
    (CVE-2006-3628)
    
    Users of Ethereal should upgrade to these updated packages containing
    Wireshark version 0.99.2, which is not vulnerable to these issues"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013137.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0ef238d3"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013138.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4ed9c366"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013155.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?97b6879f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013156.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f87d8c49"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"wireshark-0.99.2-EL3.1")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"wireshark-0.99.2-EL3.1")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"wireshark-gnome-0.99.2-EL3.1")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"wireshark-gnome-0.99.2-EL3.1")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-0.99.2-EL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-0.99.2-EL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-gnome-0.99.2-EL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-gnome-0.99.2-EL4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-860.NASL
    descriptionVersions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities : - The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627 Ilja van Sprundel discovered the following vulnerabilities : - The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628 - The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628 - The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628 - The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629 - The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630 - The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631 - The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632 Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24160
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24160
    titleFedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-860.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24160);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2006-3627");
      script_xref(name:"FEDORA", value:"2006-860");
    
      script_name(english:"Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Versions affected: 0.8.16 up to and including 0.99.0 Details
    Description Wireshark 0.99.2 fixes the following vulnerabilities :
    
      - The GSM BSSMAP dissector could crash. Versions affected:
        0.10.11. CVE: CVE-2006-3627
    
    Ilja van Sprundel discovered the following vulnerabilities :
    
      - The ANSI MAP dissector was vulnerable to a format string
        overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628
    
      - The Checkpoint FW-1 dissector was vulnerable to a format
        string overflow. Versions affected: 0.10.10. CVE:
        CVE-2006-3628
    
      - The MQ dissector was vulnerable to a format string
        overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628
    
      - The XML dissector was vulnerable to a format string
        overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
    
      - The MOUNT dissector could attempt to allocate large
        amounts of memory. Versions affected: 0.9.4. CVE:
        CVE-2006-3629
    
      - The NCP NMAS and NDPS dissectors were susceptible to
        off-by-one errors. Versions affected: 0.9.7. CVE:
        CVE-2006-3630
    
      - The NTP dissector was vulnerable to a format string
        overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
    
      - The SSH dissector was vulnerable to an infinite loop.
        Versions affected: 0.9.10. CVE: CVE-2006-3631
    
      - The NFS dissector may have been susceptible to a buffer
        overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632
    
    Impact It may be possible to make Ethereal crash, use up available
    memory, or run arbitrary code by injecting a purposefully malformed
    packet onto the wire or by convincing someone to read a malformed
    packet trace file. Resolution Upgrade to Wireshark 0.99.2.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000461.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4e595c9e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected wireshark, wireshark-debuginfo and / or
    wireshark-gnome packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"wireshark-0.99.2-fc5.2")) flag++;
    if (rpm_check(release:"FC5", reference:"wireshark-debuginfo-0.99.2-fc5.2")) flag++;
    if (rpm_check(release:"FC5", reference:"wireshark-gnome-0.99.2-fc5.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ETHEREAL-1930.NASL
    descriptionThis update fixes several security related bugs ranging from crashes to arbitrary code execution. (CVE-2006-3627 / CVE-2006-3628 / CVE-2006-3629 / CVE-2006-3630 / CVE-2006-3631 / CVE-2006-3632)
    last seen2020-06-01
    modified2020-06-02
    plugin id29418
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29418
    titleSuSE 10 Security Update : ethereal (ZYPP Patch Number 1930)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29418);
      script_version ("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-3627", "CVE-2006-3628", "CVE-2006-3629", "CVE-2006-3630", "CVE-2006-3631", "CVE-2006-3632");
    
      script_name(english:"SuSE 10 Security Update : ethereal (ZYPP Patch Number 1930)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several security related bugs ranging from crashes
    to arbitrary code execution. (CVE-2006-3627 / CVE-2006-3628 /
    CVE-2006-3629 / CVE-2006-3630 / CVE-2006-3631 / CVE-2006-3632)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3627.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3628.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3629.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3630.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3631.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3632.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1930.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"ethereal-0.10.14-16.5")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"ethereal-0.10.14-16.5")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"ethereal-devel-0.10.14-16.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0726.NASL
    descriptionNew Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark
    last seen2020-06-01
    modified2020-06-02
    plugin id67418
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67418
    titleOracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0602.NASL
    descriptionNew Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal
    last seen2020-06-01
    modified2020-06-02
    plugin id22243
    published2006-08-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22243
    titleRHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0602)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1127.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3628 Ilja van Sprundel discovered that the FW-1 and MQ dissectors are vulnerable to format string attacks. - CVE-2006-3629 Ilja van Sprundel discovered that the MOUNT dissector is vulnerable to denial of service through memory exhaustion. - CVE-2006-3630 Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and NDPS dissectors. - CVE-2006-3631 Ilja van Sprundel discovered a buffer overflow in the NFS dissector. - CVE-2006-3632 Ilja van Sprundel discovered that the SSH dissector is vulnerable to denial of service through an infinite loop.
    last seen2020-06-01
    modified2020-06-02
    plugin id22669
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22669
    titleDebian DSA-1127-1 : ethereal - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ETHEREAL-1932.NASL
    descriptionThis update fixes several security related bugs ranging from crashes to arbitrary code execution. (CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632)
    last seen2020-06-01
    modified2020-06-02
    plugin id27205
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27205
    titleopenSUSE 10 Security Update : ethereal (ethereal-1932)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200607-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200607-09 (Wireshark: Multiple vulnerabilities) Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact : Running an affected version of Wireshark or Ethereal could allow for a remote attacker to execute arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id22107
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22107
    titleGLSA-200607-09 : Wireshark: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-128.NASL
    descriptionA number of vulnerabilities have been discovered in the Wireshark (formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2 which is provided with this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id23879
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23879
    titleMandrake Linux Security Advisory : wireshark (MDKSA-2006:128)

Oval

accepted2013-04-29T04:18:25.479-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMultiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
familyunix
idoval:org.mitre.oval:def:9175
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
version26

Redhat

advisories
rhsa
idRHSA-2006:0602
rpms
  • wireshark-0:0.99.2-EL3.1
  • wireshark-0:0.99.2-EL4.1
  • wireshark-debuginfo-0:0.99.2-EL3.1
  • wireshark-debuginfo-0:0.99.2-EL4.1
  • wireshark-gnome-0:0.99.2-EL3.1
  • wireshark-gnome-0:0.99.2-EL4.1

References