Vulnerabilities > CVE-2009-3242 - Multiple vulnerability in Wireshark 1.2.0/1.2.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
wireshark
nessus
exploit available

Summary

Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.

Vulnerable Configurations

Part Description Count
Application
Wireshark
2

Exploit-Db

descriptionWireshark 1.2.1 GSM A RR Dissector packet.c Unspecified Remote DoS. CVE-2009-3242. Dos exploit for linux platform
idEDB-ID:33224
last seen2016-02-03
modified2009-09-15
published2009-09-15
reporterBuildbot Builder
sourcehttps://www.exploit-db.com/download/33224/
titleWireshark 1.2.1 - GSM A RR Dissector packet.c Unspecified Remote DoS

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id42915
    published2009-11-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42915
    titleGLSA-200911-05 : Wireshark: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200911-05.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42915);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2009-2560", "CVE-2009-3241", "CVE-2009-3242", "CVE-2009-3243", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829");
      script_bugtraq_id(35748, 36408, 36591, 36846);
      script_xref(name:"GLSA", value:"200911-05");
    
      script_name(english:"GLSA-200911-05 : Wireshark: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200911-05
    (Wireshark: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Wireshark:
        Ryan Giobbi reported an integer overflow in wiretap/erf.c
        (CVE-2009-3829).
        The vendor reported multiple unspecified
        vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors
        (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in
        the GSM A RR dissector (CVE-2009-3242), in the TLS dissector
        (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the
        DCERPC/NT dissector (CVE-2009-3550), and in the
        dissect_negprot_response() function in packet-smb.c in the SMB
        dissector (CVE-2009-3551).
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted 'erf'
        file using Wireshark, possibly resulting in the execution of arbitrary
        code with the privileges of the user running the application. A remote
        attacker could furthermore send specially crafted packets on a network
        being monitored by Wireshark or entice a user to open a malformed
        packet trace file using Wireshark, possibly resulting in a Denial of
        Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200911-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Wireshark users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.2.3"), vulnerable:make_list("lt 1.2.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark");
    }
    
  • NASL familyWindows
    NASL idWIRESHARK_1_2_2.NASL
    descriptionThe installed version of Wireshark or Ethereal is affected by multiple issues : - The GSM A RR dissector could crash. (Bug 3893) - The OpcUa dissector could use excessive CPU and memory. (Bug 3986) - The TLS dissector could crash on some platforms. (Bug 4008) - Wireshark could crash while reading an
    last seen2020-06-01
    modified2020-06-02
    plugin id40999
    published2009-09-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40999
    titleWireshark / Ethereal 0.9.6 to 1.2.1 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9837.NASL
    descriptionUpdate to Wireshark 1.2.2 fixing multiple security issues: http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0 - The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0 * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0 * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0 * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0 (Issues from wnpa-sec-2009-04 does not affect users of Wireshark 1.2.1 packages from updates-testing.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42387
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42387
    titleFedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)

Oval

accepted2013-08-19T04:04:59.888-04:00
classvulnerability
contributors
  • namePrabhu.S.A
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionUnspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
familywindows
idoval:org.mitre.oval:def:5423
statusaccepted
submitted2009-09-24T15:11:12
titleUnspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark, which triggers an assertion failure.
version7

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:14981
last seen2017-11-19
modified2009-11-26
published2009-11-26
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-14981
titleWireshark: Multiple vulnerabilities

Statements

contributorTomas Hoger
lastmodified2009-09-24
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.