Vulnerabilities > CVE-2009-2561 - Multiple vulnerability in Wireshark 1.2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
wireshark
nessus
NVD
Published: 2009-07-21
Updated: 2017-09-19

Summary

Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Wireshark
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7998.NASL
    descriptionRebased to 1.2.x, fixing several security flaws, see the security advisory for details: http://www.wireshark.org/security/wnpa-sec-2009-04.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43015
    published2009-12-07
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43015
    titleFedora 10 : wireshark-1.2.1-1.fc10 (2009-7998)
  • NASL familyWindows
    NASL idWIRESHARK_1_2_1.NASL
    descriptionThe installed version of Wireshark or Ethereal is affected by multiple issues : - The IPMI dissector could overrun a buffer. (Bug 3559) - The AFS dissector could crash. (Bug 3564) - The Infiniband dissector could crash on some platforms. - The Bluetooth L2CAP dissector could crash. (Bug 3572) - The RADIUS dissector could crash. (Bug 3578) - The MIOP dissector could crash. (Bug 3652) - The sFlow dissector could use excessive CPU and memory. (Bug 3570) These vulnerabilities could result in a denial of service, or possibly arbitrary code execution. A remote attacker could exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues could be exploited remotely (from the same network segment).
    last seen2020-06-01
    modified2020-06-02
    plugin id40335
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40335
    titleWireshark / Ethereal 0.9.2 to 1.2.0 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200909-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200909-16 (Wireshark: Denial of Service) Multiple vulnerabilities were discovered in Wireshark: A buffer overflow in the IPMI dissector related to an array index error (CVE-2009-2559). Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560). An unspecified vulnerability in the sFlow dissector (CVE-2009-2561). An unspecified vulnerability in the AFS dissector (CVE-2009-2562). An unspecified vulnerability in the Infiniband dissector when running on unspecified platforms (CVE-2009-2563). Impact : A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file to cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id40963
    published2009-09-14
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40963
    titleGLSA-200909-16 : Wireshark: Denial of Service
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9837.NASL
    descriptionUpdate to Wireshark 1.2.2 fixing multiple security issues: http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0 - The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0 * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0 * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0 * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0 (Issues from wnpa-sec-2009-04 does not affect users of Wireshark 1.2.1 packages from updates-testing.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42387
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42387
    titleFedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)

Oval

accepted2013-08-19T04:05:01.876-04:00
classvulnerability
contributors
  • namePrabhu.S.A
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionUnspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:5795
statusaccepted
submitted2009-09-24T15:11:12
titleDOS vulnerability in the sFlow dissector in Wireshark.
version7

Statements

contributorTomas Hoger
lastmodified2009-08-12
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References