Vulnerabilities > CVE-2009-2562 - Unspecified vulnerability in Wireshark

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
wireshark
nessus

Summary

Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7998.NASL
    descriptionRebased to 1.2.x, fixing several security flaws, see the security advisory for details: http://www.wireshark.org/security/wnpa-sec-2009-04.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43015
    published2009-12-07
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43015
    titleFedora 10 : wireshark-1.2.1-1.fc10 (2009-7998)
  • NASL familyWindows
    NASL idWIRESHARK_1_2_1.NASL
    descriptionThe installed version of Wireshark or Ethereal is affected by multiple issues : - The IPMI dissector could overrun a buffer. (Bug 3559) - The AFS dissector could crash. (Bug 3564) - The Infiniband dissector could crash on some platforms. - The Bluetooth L2CAP dissector could crash. (Bug 3572) - The RADIUS dissector could crash. (Bug 3578) - The MIOP dissector could crash. (Bug 3652) - The sFlow dissector could use excessive CPU and memory. (Bug 3570) These vulnerabilities could result in a denial of service, or possibly arbitrary code execution. A remote attacker could exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues could be exploited remotely (from the same network segment).
    last seen2020-06-01
    modified2020-06-02
    plugin id40335
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40335
    titleWireshark / Ethereal 0.9.2 to 1.2.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ETHEREAL-6443.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash ethereal via specially crafted network traffic. (CVE-2009-2562)
    last seen2020-06-01
    modified2020-06-02
    plugin id41507
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41507
    titleSuSE 10 Security Update : ethereal (ZYPP Patch Number 6443)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0360.NASL
    descriptionUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id46301
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46301
    titleRHEL 3 / 4 / 5 : wireshark (RHSA-2010:0360)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_WIRESHARK-090818.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic (CVE-2009-2562).
    last seen2020-06-01
    modified2020-06-02
    plugin id40843
    published2009-09-02
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40843
    titleopenSUSE Security Update : wireshark (wireshark-1229)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0360.NASL
    descriptionFrom Red Hat Security Advisory 2010:0360 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68032
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68032
    titleOracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0360)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1942.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. - CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. - CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241 ), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included.
    last seen2020-06-01
    modified2020-06-02
    plugin id44807
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44807
    titleDebian DSA-1942-1 : wireshark - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ETHEREAL-090818.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic. (CVE-2009-2562)
    last seen2020-06-01
    modified2020-06-02
    plugin id41385
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41385
    titleSuSE 11 Security Update : ethereal and wireshark (SAT Patch Number 1231)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-194.NASL
    descriptionVulnerabilities have been discovered in wireshark package, which could lead to application crash via radius, infiniband and afs dissectors (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563). This update provides a fix for those vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id40498
    published2009-08-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40498
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2009:194)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_WIRESHARK-090818.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic (CVE-2009-2562).
    last seen2020-06-01
    modified2020-06-02
    plugin id40847
    published2009-09-02
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40847
    titleopenSUSE Security Update : wireshark (wireshark-1229)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12485.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash ethereal via specially crafted network traffic have been fixed. (CVE-2009-2562)
    last seen2020-06-01
    modified2020-06-02
    plugin id41321
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41321
    titleSuSE9 Security Update : ethereal (YOU Patch Number 12485)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0360.NASL
    descriptionUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id45594
    published2010-04-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45594
    titleCentOS 3 / 4 / 5 : wireshark (CESA-2010:0360)
  • NASL familyWindows
    NASL idWIRESHARK_1_0_9.NASL
    descriptionThe installed version of Wireshark or Ethereal is affected by multiple issues : - The AFS dissector could crash. (Bug 3564) - The infiniband dissector could crash on some platforms. (CVE-2009-2563) - The OpcUa dissector could use excessive CPU and memory. (Bug 3986) These vulnerabilities could result in a denial of service. A remote attacker could exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues could be exploited remotely (from the same network segment).
    last seen2020-06-01
    modified2020-06-02
    plugin id41029
    published2009-09-21
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41029
    titleWireshark / Ethereal 0.9.2 to 1.0.9 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200909-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200909-16 (Wireshark: Denial of Service) Multiple vulnerabilities were discovered in Wireshark: A buffer overflow in the IPMI dissector related to an array index error (CVE-2009-2559). Multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560). An unspecified vulnerability in the sFlow dissector (CVE-2009-2561). An unspecified vulnerability in the AFS dissector (CVE-2009-2562). An unspecified vulnerability in the Infiniband dissector when running on unspecified platforms (CVE-2009-2563). Impact : A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file to cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id40963
    published2009-09-14
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40963
    titleGLSA-200909-16 : Wireshark: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-6444.NASL
    descriptionFlaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic (CVE-2009-2562).
    last seen2020-06-01
    modified2020-06-02
    plugin id42039
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42039
    titleopenSUSE 10 Security Update : wireshark (wireshark-6444)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9837.NASL
    descriptionUpdate to Wireshark 1.2.2 fixing multiple security issues: http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0 - The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0 * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0 * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0 * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0 (Issues from wnpa-sec-2009-04 does not affect users of Wireshark 1.2.1 packages from updates-testing.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42387
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42387
    titleFedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100420_WIRESHARK_ON_SL3_X.NASL
    descriptionAn invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) All running instances of Wireshark must be restarted for the update to take effect. Note: libsmi was added to SL4 and SL5 because it was a new dependency for wireshark and older versions of SL4 and SL5 did not have libsmi.
    last seen2020-06-01
    modified2020-06-02
    plugin id60785
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60785
    titleScientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64

Oval

  • accepted2013-04-29T04:15:09.444-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionUnspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
    familyunix
    idoval:org.mitre.oval:def:11643
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleUnspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
    version27
  • accepted2013-08-19T04:05:00.338-04:00
    classvulnerability
    contributors
    • namePrabhu.S.A
      organizationSecPod Technologies
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    definition_extensions
    commentWireshark is installed on the system.
    ovaloval:org.mitre.oval:def:6589
    descriptionUnspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
    familywindows
    idoval:org.mitre.oval:def:5625
    statusaccepted
    submitted2009-09-24T15:11:12
    titleDOS vulnerability in the AFS dissector in Wireshark.
    version7

Redhat

rpms
  • wireshark-0:1.0.11-1.el4_8.5
  • wireshark-0:1.0.11-1.el5_5.5
  • wireshark-0:1.0.11-EL3.6
  • wireshark-debuginfo-0:1.0.11-1.el4_8.5
  • wireshark-debuginfo-0:1.0.11-1.el5_5.5
  • wireshark-debuginfo-0:1.0.11-EL3.6
  • wireshark-gnome-0:1.0.11-1.el4_8.5
  • wireshark-gnome-0:1.0.11-1.el5_5.5
  • wireshark-gnome-0:1.0.11-EL3.6

Statements

contributorTomas Hoger
lastmodified2010-04-20
organizationRed Hat
statementThe affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html

References