Vulnerabilities > CVE-2006-4333 - Resource Management Errors vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-2028.NASL description A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. - If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. (CVE-2006-4333) The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases. last seen 2020-06-01 modified 2020-06-02 plugin id 29419 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29419 title SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29419); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4333"); script_name(english:"SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. - If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. (CVE-2006-4333) The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4330.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4331.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4332.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4333.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2028."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"ethereal-0.10.14-16.8")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"ethereal-0.10.14-16.8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0658.NASL description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 22344 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22344 title RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0658. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(22344); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-4330", "CVE-2006-4331", "CVE-2006-4333"); script_xref(name:"RHSA", value:"2006:0658"); script_name(english:"RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4330" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4331" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-4333" ); # http://www.wireshark.org/security/wnpa-sec-2006-02.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2006-02.html" ); # http://www.wireshark.org/faq.html#q1.2 script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/faq.html#q1.2" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0658" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark and / or wireshark-gnome packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0658"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wireshark-0.99.3-AS21.4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wireshark-gnome-0.99.3-AS21.4")) flag++; if (rpm_check(release:"RHEL3", reference:"wireshark-0.99.3-EL3.2")) flag++; if (rpm_check(release:"RHEL3", reference:"wireshark-gnome-0.99.3-EL3.2")) flag++; if (rpm_check(release:"RHEL4", reference:"wireshark-0.99.3-EL4.2")) flag++; if (rpm_check(release:"RHEL4", reference:"wireshark-gnome-0.99.3-EL4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1171.NASL description Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4333 It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3241 It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3242 It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption. - CVE-2005-3243 It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows. - CVE-2005-3244 It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop. - CVE-2005-3246 It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a NULL pointer dereference. - CVE-2005-3248 It was discovered that the X11 dissector is vulnerable to denial of service caused by a division through zero. This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which was introduced in a previous DSA. last seen 2020-06-01 modified 2020-06-02 plugin id 22713 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22713 title Debian DSA-1171-1 : ethereal - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1171. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22713); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-3241", "CVE-2005-3242", "CVE-2005-3243", "CVE-2005-3244", "CVE-2005-3246", "CVE-2005-3248", "CVE-2006-4333"); script_xref(name:"DSA", value:"1171"); script_name(english:"Debian DSA-1171-1 : ethereal - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4333 It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3241 It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3242 It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption. - CVE-2005-3243 It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows. - CVE-2005-3244 It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop. - CVE-2005-3246 It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a NULL pointer dereference. - CVE-2005-3248 It was discovered that the X11 dissector is vulnerable to denial of service caused by a division through zero. This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which was introduced in a previous DSA." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384528" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334880" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4333" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3241" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3242" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3243" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3244" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3246" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3248" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1171" ); script_set_attribute( attribute:"solution", value: "Upgrade the ethereal packages. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ethereal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"ethereal", reference:"0.10.10-2sarge8")) flag++; if (deb_check(release:"3.1", prefix:"ethereal-common", reference:"0.10.10-2sarge8")) flag++; if (deb_check(release:"3.1", prefix:"ethereal-dev", reference:"0.10.10-2sarge8")) flag++; if (deb_check(release:"3.1", prefix:"tethereal", reference:"0.10.10-2sarge8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2006-936.NASL description CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24173 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24173 title Fedora Core 5 : wireshark-0.99.3-fc5.1 (2006-936) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-936. # include("compat.inc"); if (description) { script_id(24173); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-936"); script_name(english:"Fedora Core 5 : wireshark-0.99.3-fc5.1 (2006-936)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-August/000566.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a0a023f6" ); script_set_attribute( attribute:"solution", value: "Update the affected wireshark, wireshark-debuginfo and / or wireshark-gnome packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"wireshark-0.99.3-fc5.1")) flag++; if (rpm_check(release:"FC5", reference:"wireshark-debuginfo-0.99.3-fc5.1")) flag++; if (rpm_check(release:"FC5", reference:"wireshark-gnome-0.99.3-fc5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0726.NASL description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 67418 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67418 title Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1140.NASL description - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-1 - upgrade to 0.99.4-1, fixes multiple security issues - CVE-2006-5468 - The HTTP dissector could dereference a NULL pointer. - CVE-2006-5469 - The WBXML dissector could crash. - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash. - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a large amount of memory and crash. - CVE-2006-4574 - Single byte \0 overflow written onto the heap - Tue Oct 10 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-0.pre1 - upgrade to 0.99.4-0.pre1 - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.3-1 - upgrade to 0.99.3 - Wireshark 0.99.3 fixes the following vulnerabilities : - the SCSI dissector could crash. Versions affected: CVE-2006-4330 - the IPsec ESP preference parser was susceptible to off-by-one errors. CVE-2006-4331 - a malformed packet could make the Q.2931 dissector use up available memory. CVE-2006-4333 - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-1 - upgrade to 0.99.2 - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.99.2-0.pre1.1 - rebuild - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com> 0.99.1-0.pre1 - spec file changes - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com> 0.99.1pre1-1 - initial build for Fedora Core Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24040 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24040 title Fedora Core 6 : wireshark-0.99.4-1.fc6 (2006-1140) NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-2029.NASL description A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. CVE-2006-4333: If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases. last seen 2020-06-01 modified 2020-06-02 plugin id 27206 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27206 title openSUSE 10 Security Update : ethereal (ethereal-2029) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-152.NASL description Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were discovered in versions of wireshark less than 0.99.3, as well as an off-by-one error in the IPsec ESP preference parser if compiled with ESP decryption support. This updated provides wireshark 0.99.3a which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23898 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23898 title Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-26.NASL description The remote host is affected by the vulnerability described in GLSA-200608-26 (Wireshark: Multiple vulnerabilities) The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact : An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround : Disable the SCSI and Q.2931 dissectors with the last seen 2020-06-01 modified 2020-06-02 plugin id 22288 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22288 title GLSA-200608-26 : Wireshark: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0658.NASL description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 22337 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22337 title CentOS 3 / 4 : wireshark (CESA-2006:0658) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1141.NASL description - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-1.fc5 - upgrade to 0.99.4, fixes multiple security issues - use dist tag - CVE-2006-5468 - The HTTP dissector could dereference a NULL pointer. - CVE-2006-5469 - The WBXML dissector could crash. - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash. - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a large amount of memory and crash. - CVE-2006-4574 - Single byte \0 overflow written onto the heap - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.3-fc5.1 - upgrade to 0.99.3-1 - CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331) - Wed Jul 26 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-fc5.2 - fix BuildRequires - Tue Jul 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-fc5.1 - build for FC5 - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-1 - upgrade to 0.99.2 - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.99.2-0.pre1.1 - rebuild - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com> 0.99.1-0.pre1 - spec file changes - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com> 0.99.1pre1-1 - initial build for Fedora Core Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24041 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24041 title Fedora Core 5 : wireshark-0.99.4-1.fc5 (2006-1141)
Oval
| accepted | 2013-04-29T04:15:48.444-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11801 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/21597
- http://secunia.com/advisories/21619
- http://secunia.com/advisories/21649
- http://secunia.com/advisories/21682
- http://secunia.com/advisories/21813
- http://secunia.com/advisories/21885
- http://secunia.com/advisories/22378
- http://security.gentoo.org/glsa/glsa-200608-26.xml
- http://securitytracker.com/id?1016736
- http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm
- http://www.debian.org/security/2006/dsa-1171
- http://www.kb.cert.org/vuls/id/696896
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:152
- http://www.redhat.com/support/errata/RHSA-2006-0658.html
- http://www.securityfocus.com/archive/1/444323/100/0/threaded
- http://www.securityfocus.com/bid/19690
- http://www.vupen.com/english/advisories/2006/3370
- http://www.wireshark.org/security/wnpa-sec-2006-02.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28556
- https://issues.rpath.com/browse/RPL-597
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11801