Vulnerabilities > CVE-2009-3241 - Multiple vulnerability in Wireshark 1.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
Vulnerable Configurations
Exploit-Db
| description | Wireshark 1.2.1 OpcUa Dissector Unspecified Resource Exhaustion DoS. CVE-2009-3241 . Dos exploit for linux platform |
| id | EDB-ID:33222 |
| last seen | 2016-02-03 |
| modified | 2009-09-15 |
| published | 2009-09-15 |
| reporter | Buildbot Builder |
| source | https://www.exploit-db.com/download/33222/ |
| title | Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion DoS |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-05.NASL description The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 42915 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42915 title GLSA-200911-05 : Wireshark: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200911-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(42915); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-2560", "CVE-2009-3241", "CVE-2009-3242", "CVE-2009-3243", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_bugtraq_id(35748, 36408, 36591, 36846); script_xref(name:"GLSA", value:"200911-05"); script_name(english:"GLSA-200911-05 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200911-05" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.2.3"), vulnerable:make_list("lt 1.2.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_WIRESHARK-091005.NASL description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241) last seen 2020-06-01 modified 2020-06-02 plugin id 42068 published 2009-10-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42068 title openSUSE Security Update : wireshark (wireshark-1363) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1363. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42068); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-3241"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1363)"); script_summary(english:"Check for the wireshark-1363 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=541654" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-1.0.0-17.16") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-devel-1.0.0-17.16") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-6533.NASL description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241) last seen 2020-06-01 modified 2020-06-02 plugin id 42070 published 2009-10-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42070 title openSUSE 10 Security Update : wireshark (wireshark-6533) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-6533. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42070); script_version ("1.6"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-3241"); script_name(english:"openSUSE 10 Security Update : wireshark (wireshark-6533)"); script_summary(english:"Check for the wireshark-6533 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241)" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"wireshark-0.99.6-31.22") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"wireshark-devel-0.99.6-31.22") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1942.NASL description Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. - CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. - CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241 ), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included. last seen 2020-06-01 modified 2020-06-02 plugin id 44807 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44807 title Debian DSA-1942-1 : wireshark - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1942. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44807); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-1829", "CVE-2009-1268", "CVE-2009-1829", "CVE-2009-2560", "CVE-2009-2562", "CVE-2009-3241", "CVE-2009-3550", "CVE-2009-3829"); script_bugtraq_id(34457, 35748, 36408, 36591, 36846); script_xref(name:"DSA", value:"1942"); script_name(english:"Debian DSA-1942-1 : wireshark - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. - CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. - CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241 ), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2560" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-3550" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-3829" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1829" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2562" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-3241" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1268" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1942" ); script_set_attribute( attribute:"solution", value: "Upgrade the Wireshark packages. For the old stable distribution (etch), this problem has been fixed in version 0.99.4-5.etch.4. For the stable distribution (lenny), this problem has been fixed in version 1.0.2-3+lenny7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"ethereal", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"ethereal-common", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"ethereal-dev", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"tethereal", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"tshark", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"wireshark", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"wireshark-common", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"4.0", prefix:"wireshark-dev", reference:"0.99.4-5.etch.4")) flag++; if (deb_check(release:"5.0", prefix:"tshark", reference:"1.0.2-3+lenny7")) flag++; if (deb_check(release:"5.0", prefix:"wireshark", reference:"1.0.2-3+lenny7")) flag++; if (deb_check(release:"5.0", prefix:"wireshark-common", reference:"1.0.2-3+lenny7")) flag++; if (deb_check(release:"5.0", prefix:"wireshark-dev", reference:"1.0.2-3+lenny7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id WIRESHARK_1_2_2.NASL description The installed version of Wireshark or Ethereal is affected by multiple issues : - The GSM A RR dissector could crash. (Bug 3893) - The OpcUa dissector could use excessive CPU and memory. (Bug 3986) - The TLS dissector could crash on some platforms. (Bug 4008) - Wireshark could crash while reading an last seen 2020-06-01 modified 2020-06-02 plugin id 40999 published 2009-09-16 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40999 title Wireshark / Ethereal 0.9.6 to 1.2.1 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-270.NASL description A vulnerability has been found and corrected in wireshark : Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets (CVE-2009-3241). This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42096 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42096 title Mandriva Linux Security Advisory : wireshark (MDVSA-2009:270) NASL family SuSE Local Security Checks NASL id SUSE_11_1_WIRESHARK-091006.NASL description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241) last seen 2020-06-01 modified 2020-06-02 plugin id 42069 published 2009-10-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42069 title openSUSE Security Update : wireshark (wireshark-1363) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9837.NASL description Update to Wireshark 1.2.2 fixing multiple security issues: http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0 - The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0 * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0 * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0 * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0 (Issues from wnpa-sec-2009-04 does not affect users of Wireshark 1.2.1 packages from updates-testing.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42387 published 2009-11-05 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42387 title Fedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)
Oval
| accepted | 2013-08-19T04:05:05.857-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:6162 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2009-09-24T15:11:12 | ||||||||||||
| title | DOS vulnerability in the OpcUa (OPC UA) dissector in Wireshark. | ||||||||||||
| version | 7 |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:14981 |
| last seen | 2017-11-19 |
| modified | 2009-11-26 |
| published | 2009-11-26 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-14981 |
| title | Wireshark: Multiple vulnerabilities |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-09-30 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://secunia.com/advisories/36754
- http://secunia.com/advisories/37409
- http://secunia.com/advisories/37477
- http://www.debian.org/security/2009/dsa-1942
- http://www.securityfocus.com/bid/36408
- http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
- http://www.wireshark.org/security/wnpa-sec-2009-05.html
- http://www.wireshark.org/security/wnpa-sec-2009-06.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6162