Vulnerabilities > CVE-2007-0459 - Protocol Denial of Service vulnerability in Wireshark 0.99.2/0.99.3/0.99.4

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
wireshark
nessus

Summary

packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.

Vulnerable Configurations

Part Description Count
Application
Wireshark
3

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-207.NASL
    description - multiple security issues fixed (#227140) - CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets - CVE-2007-0459 - The HTTP dissector could crash. - CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. - CVE-2007-0456 - On some systems, the LLT dissector could crash. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24303
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24303
    titleFedora Core 5 : wireshark-0.99.5-1.fc5 (2007-207)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-207.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24303);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2006-5740", "CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
      script_xref(name:"FEDORA", value:"2007-207");
    
      script_name(english:"Fedora Core 5 : wireshark-0.99.5-1.fc5 (2007-207)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - multiple security issues fixed (#227140)
    
        - CVE-2007-0459 - The TCP dissector could hang or crash
          while reassembling HTTP packets
    
      - CVE-2007-0459 - The HTTP dissector could crash.
    
        - CVE-2007-0457 - On some systems, the IEEE 802.11
          dissector could crash.
    
      - CVE-2007-0456 - On some systems, the LLT dissector could
        crash.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-February/001377.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ba67002f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected wireshark, wireshark-debuginfo and / or
    wireshark-gnome packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"wireshark-0.99.5-1.fc5")) flag++;
    if (rpm_check(release:"FC5", reference:"wireshark-debuginfo-0.99.5-1.fc5")) flag++;
    if (rpm_check(release:"FC5", reference:"wireshark-gnome-0.99.5-1.fc5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-2638.NASL
    descriptionWireshark 0.99.5 fixes four vulnerabilities : - CVE-2007-0459 The TCP dissector could hang or crash - CVE-2007-0458 The HTTP dissector could crash - CVE-2007-0457 The IEEE 802.11 dissector could crash - CVE-2007-0456 The LLT dissector could crash
    last seen2020-06-01
    modified2020-06-02
    plugin id27477
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27477
    titleopenSUSE 10 Security Update : wireshark (wireshark-2638)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update wireshark-2638.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27477);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
    
      script_name(english:"openSUSE 10 Security Update : wireshark (wireshark-2638)");
      script_summary(english:"Check for the wireshark-2638 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wireshark 0.99.5 fixes four vulnerabilities :
    
      - CVE-2007-0459 The TCP dissector could hang or crash
    
      - CVE-2007-0458 The HTTP dissector could crash
    
      - CVE-2007-0457 The IEEE 802.11 dissector could crash
    
      - CVE-2007-0456 The LLT dissector could crash"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"wireshark-0.99.5-5.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"wireshark-devel-0.99.5-5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0066.NASL
    descriptionFrom Red Hat Security Advisory 2007:0066 : New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark
    last seen2020-06-01
    modified2020-06-02
    plugin id67449
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67449
    titleOracle Linux 3 / 4 / 5 : wireshark (ELSA-2007-0066)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0066 and 
    # Oracle Linux Security Advisory ELSA-2007-0066 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67449);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
      script_xref(name:"RHSA", value:"2007:0066");
    
      script_name(english:"Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2007-0066)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0066 :
    
    New Wireshark packages that fix various security vulnerabilities are
    now available. Wireshark was previously known as Ethereal.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    Wireshark is a program for monitoring network traffic.
    
    Several denial of service bugs were found in Wireshark's LLT, IEEE
    802.11, http, and tcp protocol dissectors. It was possible for
    Wireshark to crash or stop responding if it read a malformed packet
    off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458,
    CVE-2007-0459)
    
    Users of Wireshark should upgrade to these updated packages containing
    Wireshark version 0.99.5, which is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000238.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000068.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000070.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"wireshark-0.99.5-EL3.1.0.1")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"wireshark-0.99.5-EL3.1.0.1")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"wireshark-gnome-0.99.5-EL3.1.0.1")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"wireshark-gnome-0.99.5-EL3.1.0.1")) flag++;
    
    if (rpm_check(release:"EL4", cpu:"i386", reference:"wireshark-0.99.5-EL4.1.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"wireshark-0.99.5-EL4.1.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"wireshark-gnome-0.99.5-EL4.1.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"wireshark-gnome-0.99.5-EL4.1.0.1")) flag++;
    
    if (rpm_check(release:"EL5", reference:"wireshark-0.99.5-1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"wireshark-gnome-0.99.5-1.el5.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-216.NASL
    description - multiple security issues fixed (#227140) - CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets - CVE-2007-0459 - The HTTP dissector could crash. - CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. - CVE-2007-0456 - On some systems, the LLT dissector could crash. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24304
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24304
    titleFedora Core 6 : wireshark-0.99.5-1.fc6 (2007-216)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-216.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24304);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_xref(name:"FEDORA", value:"2007-216");
    
      script_name(english:"Fedora Core 6 : wireshark-0.99.5-1.fc6 (2007-216)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - multiple security issues fixed (#227140)
    
        - CVE-2007-0459 - The TCP dissector could hang or crash
          while reassembling HTTP packets
    
      - CVE-2007-0459 - The HTTP dissector could crash.
    
        - CVE-2007-0457 - On some systems, the IEEE 802.11
          dissector could crash.
    
      - CVE-2007-0456 - On some systems, the LLT dissector could
        crash.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-February/001387.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1a4d106e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected wireshark, wireshark-debuginfo and / or
    wireshark-gnome packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"wireshark-0.99.5-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"wireshark-debuginfo-0.99.5-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"wireshark-gnome-0.99.5-1.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0066.NASL
    descriptionNew Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark
    last seen2020-06-01
    modified2020-06-02
    plugin id24818
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24818
    titleCentOS 3 / 4 : wireshark (CESA-2007:0066)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0066 and 
    # CentOS Errata and Security Advisory 2007:0066 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24818);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
      script_xref(name:"RHSA", value:"2007:0066");
    
      script_name(english:"CentOS 3 / 4 : wireshark (CESA-2007:0066)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Wireshark packages that fix various security vulnerabilities are
    now available. Wireshark was previously known as Ethereal.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    Wireshark is a program for monitoring network traffic.
    
    Several denial of service bugs were found in Wireshark's LLT, IEEE
    802.11, http, and tcp protocol dissectors. It was possible for
    Wireshark to crash or stop responding if it read a malformed packet
    off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458,
    CVE-2007-0459)
    
    Users of Wireshark should upgrade to these updated packages containing
    Wireshark version 0.99.5, which is not vulnerable to these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013618.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9033929d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013619.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4761b3ab"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013620.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4629ad61"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013621.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b7f3ef51"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013622.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?10aa4b5f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-March/013623.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3aa6656"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"wireshark-0.99.5-EL3.1")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"wireshark-gnome-0.99.5-EL3.1")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"wireshark-0.99.5-EL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"wireshark-gnome-0.99.5-EL4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-033.NASL
    descriptionVulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were discovered in versions of wireshark less than 0.99.5, as well as various other bugs. This updated provides wireshark 0.99.5 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24646
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24646
    titleMandrake Linux Security Advisory : wireshark (MDKSA-2007:033)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:033. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24646);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
      script_xref(name:"MDKSA", value:"2007:033");
    
      script_name(english:"Mandrake Linux Security Advisory : wireshark (MDKSA-2007:033)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were
    discovered in versions of wireshark less than 0.99.5, as well as
    various other bugs.
    
    This updated provides wireshark 0.99.5 which is not vulnerable to
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2007-01.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64wireshark0-0.99.5-0.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libwireshark0-0.99.5-0.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"tshark-0.99.5-0.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"wireshark-0.99.5-0.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"wireshark-tools-0.99.5-0.1mdv2007.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0066.NASL
    descriptionNew Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark
    last seen2020-06-01
    modified2020-06-02
    plugin id24833
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24833
    titleRHEL 2.1 / 3 / 4 / 5 : wireshark (RHSA-2007:0066)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0066. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24833);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0458", "CVE-2007-0459");
      script_xref(name:"RHSA", value:"2007:0066");
    
      script_name(english:"RHEL 2.1 / 3 / 4 / 5 : wireshark (RHSA-2007:0066)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Wireshark packages that fix various security vulnerabilities are
    now available. Wireshark was previously known as Ethereal.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    Wireshark is a program for monitoring network traffic.
    
    Several denial of service bugs were found in Wireshark's LLT, IEEE
    802.11, http, and tcp protocol dissectors. It was possible for
    Wireshark to crash or stop responding if it read a malformed packet
    off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458,
    CVE-2007-0459)
    
    Users of Wireshark should upgrade to these updated packages containing
    Wireshark version 0.99.5, which is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0458"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0066"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark and / or wireshark-gnome packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0066";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wireshark-0.99.5-AS21.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wireshark-gnome-0.99.5-AS21.3")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"wireshark-0.99.5-EL3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"wireshark-gnome-0.99.5-EL3.1")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"wireshark-0.99.5-EL4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"wireshark-gnome-0.99.5-EL4.1")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"wireshark-0.99.5-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"wireshark-0.99.5-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"wireshark-0.99.5-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"wireshark-gnome-0.99.5-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"wireshark-gnome-0.99.5-1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"wireshark-gnome-0.99.5-1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
      }
    }
    

Oval

  • accepted2013-04-29T04:05:54.169-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionpacket-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
    familyunix
    idoval:org.mitre.oval:def:10465
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titlepacket-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
    version27
  • accepted2013-08-19T04:00:41.551-04:00
    classvulnerability
    contributors
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    definition_extensions
    commentWireshark is installed on the system.
    ovaloval:org.mitre.oval:def:6589
    descriptionpacket-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
    familywindows
    idoval:org.mitre.oval:def:14875
    statusaccepted
    submitted2012-02-27T15:34:33.178-04:00
    titleTCP dissector vulnerability in Wireshark 0.99.2 to 0.99.4
    version8

Redhat

advisories
bugzilla
id225781
titleCVE-2007-0456 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentwireshark is earlier than 0:0.99.5-EL4.1
          ovaloval:com.redhat.rhsa:tst:20070066001
        • commentwireshark is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060602004
      • AND
        • commentwireshark-gnome is earlier than 0:0.99.5-EL4.1
          ovaloval:com.redhat.rhsa:tst:20070066003
        • commentwireshark-gnome is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060602002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentwireshark-gnome is earlier than 0:0.99.5-1.el5
          ovaloval:com.redhat.rhsa:tst:20070066006
        • commentwireshark-gnome is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070066007
      • AND
        • commentwireshark is earlier than 0:0.99.5-1.el5
          ovaloval:com.redhat.rhsa:tst:20070066008
        • commentwireshark is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070066009
rhsa
idRHSA-2007:0066
released2007-03-14
severityLow
titleRHSA-2007:0066: wireshark security update (Low)
rpms
  • wireshark-0:0.99.5-1.el5
  • wireshark-0:0.99.5-AS21.3
  • wireshark-0:0.99.5-EL3.1
  • wireshark-0:0.99.5-EL4.1
  • wireshark-debuginfo-0:0.99.5-1.el5
  • wireshark-debuginfo-0:0.99.5-EL3.1
  • wireshark-debuginfo-0:0.99.5-EL4.1
  • wireshark-gnome-0:0.99.5-1.el5
  • wireshark-gnome-0:0.99.5-AS21.3
  • wireshark-gnome-0:0.99.5-EL3.1
  • wireshark-gnome-0:0.99.5-EL4.1

Seebug

bulletinFamilyexploit
descriptionWireshark是一款功能强大的协议分析程序。 Wireshark存在多个安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 CVE-2007-0459:TCP解析器在重组HTTP包时存在问题可导致应用程序挂起或者崩溃。 CVE-2007-0458:HTTP解析器存在安全问题可导致应用程序崩溃。 CVE-2007-0457:在部分系统上IEEE 802.11解析器存在安全问题可导致应用程序崩溃。 CVE-2007-0456:在部分系统上LLT解析器存在安全问题可导致应用程序崩溃。 Wireshark Wireshark 0.99.4 Wireshark Wireshark 0.99.3 Wireshark Wireshark 0.99.2 Wireshark Wireshark 0.99.1 Wireshark Wireshark 0.99 Wireshark Wireshark 0.10.13 Wireshark Wireshark 0.10.4 Wireshark Wireshark 0.10 Wireshark Wireshark 0.9.10 Wireshark Wireshark 0.8.16 Wireshark Wireshark 0.7.9 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 升级到Wireshark 0.99.5: <a href="http://www.wireshark.org/" target="_blank">http://www.wireshark.org/</a>
idSSV:1393
last seen2017-11-19
modified2007-02-09
published2007-02-09
reporterRoot
titleWireshark多个协议拒绝服务漏洞