Vulnerabilities > CVE-2006-3628 - Use of Externally-Controlled Format String vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0602.NASL description New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal last seen 2020-06-01 modified 2020-06-02 plugin id 22238 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22238 title CentOS 3 / 4 : wireshark (CESA-2006:0602) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0602 and # CentOS Errata and Security Advisory 2006:0602 respectively. # include("compat.inc"); if (description) { script_id(22238); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-3627", "CVE-2006-3628", "CVE-2006-3629", "CVE-2006-3630", "CVE-2006-3631", "CVE-2006-3632"); script_bugtraq_id(19051); script_xref(name:"RHSA", value:"2006:0602"); script_name(english:"CentOS 3 / 4 : wireshark (CESA-2006:0602)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal's protocol dissectors. It was possible for Ethereal to crash or stop responding if it read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629, CVE-2006-3631) Several buffer overflow bugs were found in Ethereal's ANSI MAP, NCP NMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3630, CVE-2006-3632) Several format string bugs were found in Ethereal's Checkpoint FW-1, MQ, XML, and NTP dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3628) Users of Ethereal should upgrade to these updated packages containing Wireshark version 0.99.2, which is not vulnerable to these issues" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013137.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0ef238d3" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013138.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4ed9c366" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013155.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97b6879f" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013156.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f87d8c49" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/21"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"wireshark-0.99.2-EL3.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"wireshark-0.99.2-EL3.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"wireshark-gnome-0.99.2-EL3.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"wireshark-gnome-0.99.2-EL3.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-0.99.2-EL4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-0.99.2-EL4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-gnome-0.99.2-EL4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-gnome-0.99.2-EL4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2006-860.NASL description Versions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities : - The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627 Ilja van Sprundel discovered the following vulnerabilities : - The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628 - The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628 - The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628 - The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629 - The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630 - The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631 - The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632 Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24160 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24160 title Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-860. # include("compat.inc"); if (description) { script_id(24160); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2006-3627"); script_xref(name:"FEDORA", value:"2006-860"); script_name(english:"Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Versions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities : - The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627 Ilja van Sprundel discovered the following vulnerabilities : - The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628 - The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628 - The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628 - The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629 - The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630 - The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 - The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631 - The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632 Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000461.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4e595c9e" ); script_set_attribute( attribute:"solution", value: "Update the affected wireshark, wireshark-debuginfo and / or wireshark-gnome packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"wireshark-0.99.2-fc5.2")) flag++; if (rpm_check(release:"FC5", reference:"wireshark-debuginfo-0.99.2-fc5.2")) flag++; if (rpm_check(release:"FC5", reference:"wireshark-gnome-0.99.2-fc5.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome"); }
NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-1930.NASL description This update fixes several security related bugs ranging from crashes to arbitrary code execution. (CVE-2006-3627 / CVE-2006-3628 / CVE-2006-3629 / CVE-2006-3630 / CVE-2006-3631 / CVE-2006-3632) last seen 2020-06-01 modified 2020-06-02 plugin id 29418 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29418 title SuSE 10 Security Update : ethereal (ZYPP Patch Number 1930) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(29418); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-3627", "CVE-2006-3628", "CVE-2006-3629", "CVE-2006-3630", "CVE-2006-3631", "CVE-2006-3632"); script_name(english:"SuSE 10 Security Update : ethereal (ZYPP Patch Number 1930)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes several security related bugs ranging from crashes to arbitrary code execution. (CVE-2006-3627 / CVE-2006-3628 / CVE-2006-3629 / CVE-2006-3630 / CVE-2006-3631 / CVE-2006-3632)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3627.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3628.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3629.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3630.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3631.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3632.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1930."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"ethereal-0.10.14-16.5")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"ethereal-0.10.14-16.5")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"ethereal-devel-0.10.14-16.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0726.NASL description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 67418 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67418 title Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0602.NASL description New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal last seen 2020-06-01 modified 2020-06-02 plugin id 22243 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22243 title RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0602) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1127.NASL description Several remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3628 Ilja van Sprundel discovered that the FW-1 and MQ dissectors are vulnerable to format string attacks. - CVE-2006-3629 Ilja van Sprundel discovered that the MOUNT dissector is vulnerable to denial of service through memory exhaustion. - CVE-2006-3630 Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and NDPS dissectors. - CVE-2006-3631 Ilja van Sprundel discovered a buffer overflow in the NFS dissector. - CVE-2006-3632 Ilja van Sprundel discovered that the SSH dissector is vulnerable to denial of service through an infinite loop. last seen 2020-06-01 modified 2020-06-02 plugin id 22669 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22669 title Debian DSA-1127-1 : ethereal - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-1932.NASL description This update fixes several security related bugs ranging from crashes to arbitrary code execution. (CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632) last seen 2020-06-01 modified 2020-06-02 plugin id 27205 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27205 title openSUSE 10 Security Update : ethereal (ethereal-1932) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200607-09.NASL description The remote host is affected by the vulnerability described in GLSA-200607-09 (Wireshark: Multiple vulnerabilities) Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact : Running an affected version of Wireshark or Ethereal could allow for a remote attacker to execute arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 22107 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22107 title GLSA-200607-09 : Wireshark: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-128.NASL description A number of vulnerabilities have been discovered in the Wireshark (formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2 which is provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 23879 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23879 title Mandrake Linux Security Advisory : wireshark (MDKSA-2006:128)
Oval
accepted | 2013-04-29T04:18:25.479-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:9175 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.wireshark.org/security/wnpa-sec-2006-01.html
- http://www.securityfocus.com/bid/19051
- http://secunia.com/advisories/21078
- http://secunia.com/advisories/21107
- http://security.gentoo.org/glsa/glsa-200607-09.xml
- http://secunia.com/advisories/21121
- http://secunia.com/advisories/21204
- https://issues.rpath.com/browse/RPL-512
- http://www.debian.org/security/2006/dsa-1127
- http://securitytracker.com/id?1016532
- http://secunia.com/advisories/21249
- http://rhn.redhat.com/errata/RHSA-2006-0602.html
- http://www.novell.com/linux/security/advisories/2006_20_sr.html
- http://secunia.com/advisories/21488
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- http://secunia.com/advisories/21598
- http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm
- http://secunia.com/advisories/22089
- http://secunia.com/advisories/21467
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:128
- http://www.osvdb.org/27369
- http://www.osvdb.org/27363
- http://www.osvdb.org/27364
- http://www.osvdb.org/27362
- http://www.vupen.com/english/advisories/2006/2850
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27825
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27823
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27822
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175
- http://www.securityfocus.com/archive/1/440576/100/0/threaded