Vulnerabilities > CVE-2006-4805 - Protocol Dissectors Denial of Service vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. Update to version 0.99.4.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0726.NASL description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 67418 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67418 title Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602) NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-2246.NASL description Various problems have been fixed in the network analyzer Ethereal, most leading to crashes of the ethereal program. CVE-2006-5740: A unspecified vulnerability in the LDAP dissector could be used to crash Ethereal. CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low. CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal. CVE-2006-5469: The WBXML dissector could be used to crash ethereal. CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal. last seen 2020-06-01 modified 2020-06-02 plugin id 27207 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27207 title openSUSE 10 Security Update : ethereal (ethereal-2246) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0726.NASL description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several flaws were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 23677 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23677 title RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0726) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1140.NASL description - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-1 - upgrade to 0.99.4-1, fixes multiple security issues - CVE-2006-5468 - The HTTP dissector could dereference a NULL pointer. - CVE-2006-5469 - The WBXML dissector could crash. - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash. - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a large amount of memory and crash. - CVE-2006-4574 - Single byte \0 overflow written onto the heap - Tue Oct 10 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-0.pre1 - upgrade to 0.99.4-0.pre1 - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.3-1 - upgrade to 0.99.3 - Wireshark 0.99.3 fixes the following vulnerabilities : - the SCSI dissector could crash. Versions affected: CVE-2006-4330 - the IPsec ESP preference parser was susceptible to off-by-one errors. CVE-2006-4331 - a malformed packet could make the Q.2931 dissector use up available memory. CVE-2006-4333 - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-1 - upgrade to 0.99.2 - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.99.2-0.pre1.1 - rebuild - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com> 0.99.1-0.pre1 - spec file changes - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com> 0.99.1pre1-1 - initial build for Fedora Core Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24040 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24040 title Fedora Core 6 : wireshark-0.99.4-1.fc6 (2006-1140) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-195.NASL description Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors were discovered in versions of wireshark less than 0.99.4, as well as various other bugs. This updated provides wireshark 0.99.4 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24580 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24580 title Mandrake Linux Security Advisory : wireshark (MDKSA-2006:195) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_065.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal). Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program. CVE-2006-5740: An unspecified vulnerability in the LDAP dissector could be used to crash Ethereal. CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low. CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal. CVE-2006-5469: The WBXML dissector could be used to crash ethereal. CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal. last seen 2019-10-28 modified 2007-02-18 plugin id 24442 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24442 title SUSE-SA:2006:065: ethereal NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1201.NASL description Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4574 It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one overflow. - CVE-2006-4805 It was discovered that the XOT dissector is vulnerable to denial of service caused by memory corruption. last seen 2020-06-01 modified 2020-06-02 plugin id 22931 published 2006-11-01 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22931 title Debian DSA-1201-1 : ethereal - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0726.NASL description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several flaws were found in Wireshark last seen 2020-06-01 modified 2020-06-02 plugin id 36335 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36335 title CentOS 3 / 4 : wireshark (CESA-2006:0726) NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-2248.NASL description Various problems have been fixed in the network analyzer Ethereal, most leading to crashes of the ethereal program. - A unspecified vulnerability in the LDAP dissector could be used to crash Ethereal. (CVE-2006-5740) - A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low. (CVE-2006-4574) - A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal. (CVE-2006-4805) - The WBXML dissector could be used to crash ethereal. (CVE-2006-5469) - A NULL pointer dereference in the HTTP dissector could crash ethereal. (CVE-2006-5468) last seen 2020-06-01 modified 2020-06-02 plugin id 29420 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29420 title SuSE 10 Security Update : ethereal (ZYPP Patch Number 2248) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1141.NASL description - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com> 0.99.4-1.fc5 - upgrade to 0.99.4, fixes multiple security issues - use dist tag - CVE-2006-5468 - The HTTP dissector could dereference a NULL pointer. - CVE-2006-5469 - The WBXML dissector could crash. - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash. - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a large amount of memory and crash. - CVE-2006-4574 - Single byte \0 overflow written onto the heap - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.3-fc5.1 - upgrade to 0.99.3-1 - CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331) - Wed Jul 26 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-fc5.2 - fix BuildRequires - Tue Jul 25 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-fc5.1 - build for FC5 - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-1 - upgrade to 0.99.2 - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.99.2-0.pre1.1 - rebuild - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com> 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com> 0.99.1-0.pre1 - spec file changes - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com> 0.99.1pre1-1 - initial build for Fedora Core Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24041 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24041 title Fedora Core 5 : wireshark-0.99.4-1.fc5 (2006-1141)
Oval
accepted | 2013-04-29T04:03:21.540-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10199 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
- http://secunia.com/advisories/22590
- http://secunia.com/advisories/22659
- http://secunia.com/advisories/22672
- http://secunia.com/advisories/22692
- http://secunia.com/advisories/22797
- http://secunia.com/advisories/22841
- http://secunia.com/advisories/22929
- http://secunia.com/advisories/23096
- http://securitytracker.com/id?1017129
- http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm
- http://www.kb.cert.org/vuls/id/723736
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:195
- http://www.novell.com/linux/security/advisories/2006_65_ethereal.html
- http://www.redhat.com/support/errata/RHSA-2006-0726.html
- http://www.securityfocus.com/archive/1/450307/100/0/threaded
- http://www.securityfocus.com/bid/20762
- http://www.us.debian.org/security/2006/dsa-1201
- http://www.vupen.com/english/advisories/2006/4220
- http://www.wireshark.org/security/wnpa-sec-2006-03.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29843
- https://issues.rpath.com/browse/RPL-746
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199