Vulnerabilities > CVE-2009-3551 - Numeric Errors vulnerability in Wireshark 1.2/1.2.0/1.2.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-05.NASL description The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 42915 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42915 title GLSA-200911-05 : Wireshark: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200911-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(42915); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-2560", "CVE-2009-3241", "CVE-2009-3242", "CVE-2009-3243", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_bugtraq_id(35748, 36408, 36591, 36846); script_xref(name:"GLSA", value:"200911-05"); script_name(english:"GLSA-200911-05 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200911-05" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.2.3"), vulnerable:make_list("lt 1.2.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_0_WIRESHARK-091125.NASL description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products. last seen 2020-06-01 modified 2020-06-02 plugin id 42950 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42950 title openSUSE Security Update : wireshark (wireshark-1600) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1600. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42950); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1600)"); script_summary(english:"Check for the wireshark-1600 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=553215" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-1.0.0-17.19") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-devel-1.0.0-17.19") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_2_WIRESHARK-091125.NASL description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products. last seen 2020-06-01 modified 2020-06-02 plugin id 42955 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42955 title openSUSE Security Update : wireshark (wireshark-1600) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1600. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42955); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1600)"); script_summary(english:"Check for the wireshark-1600 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=553215" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"wireshark-1.2.1-3.10.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"wireshark-devel-1.2.1-3.10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }
NASL family SuSE Local Security Checks NASL id SUSE9_12530.NASL description This is an update of wireshark to fix multiple vulnerabilities : - CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549) - CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. (CVE-2009-3550) - CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. (CVE-2009-3551) - CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. (CVE-2009-2560) last seen 2020-06-01 modified 2020-06-02 plugin id 42947 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42947 title SuSE9 Security Update : ethereal (YOU Patch Number 12530) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(42947); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551"); script_name(english:"SuSE9 Security Update : ethereal (YOU Patch Number 12530)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This is an update of wireshark to fix multiple vulnerabilities : - CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549) - CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. (CVE-2009-3550) - CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. (CVE-2009-3551) - CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. (CVE-2009-2560)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3551.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12530."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"ethereal-0.10.13-2.45")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-6627.NASL description Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM)) last seen 2020-06-01 modified 2020-06-02 plugin id 42958 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42958 title SuSE 10 Security Update : ethereal (ZYPP Patch Number 6627) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(42958); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551"); script_name(english:"SuSE 10 Security Update : ethereal (ZYPP Patch Number 6627)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM))" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3551.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6627."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"ethereal-0.10.14-16.40.1")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"ethereal-0.10.14-16.40.1")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"ethereal-devel-0.10.14-16.40.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_11_1_WIRESHARK-091125.NASL description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products. last seen 2020-06-01 modified 2020-06-02 plugin id 42953 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42953 title openSUSE Security Update : wireshark (wireshark-1600) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1600. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42953); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1600)"); script_summary(english:"Check for the wireshark-1600 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=553215" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"wireshark-1.0.4-2.13.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"wireshark-devel-1.0.4-2.13.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }
NASL family SuSE Local Security Checks NASL id SUSE_ETHEREAL-6628.NASL description Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM)) last seen 2020-06-01 modified 2020-06-02 plugin id 49845 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49845 title SuSE 10 Security Update : ethereal (ZYPP Patch Number 6628) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(49845); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551"); script_name(english:"SuSE 10 Security Update : ethereal (ZYPP Patch Number 6628)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM))" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3551.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6628."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"ethereal-0.10.14-16.39.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"ethereal-0.10.14-16.39.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"ethereal-devel-0.10.14-16.39.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-091125.NASL description Version upgrade of wireshark fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM)) - Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. (CVE-2009-3829). (CVSS v2 Base Score: 9.3 (HIGH)) last seen 2020-06-01 modified 2020-06-02 plugin id 43085 published 2009-12-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43085 title SuSE 11 Security Update : wireshark (SAT Patch Number 1606) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(43085); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2560", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); script_name(english:"SuSE 11 Security Update : wireshark (SAT Patch Number 1606)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Version upgrade of wireshark fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM)) - Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. (CVE-2009-3829). (CVSS v2 Base Score: 9.3 (HIGH))" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=553215" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3551.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3829.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1606."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"wireshark-1.0.5-1.31.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"wireshark-1.0.5-1.31.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"wireshark-1.0.5-1.31.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2013-08-19T04:05:04.757-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:6049 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2009-11-17T15:11:12 | ||||||||||||||||||||
title | Wireshark Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector to cause DoS Vulnerability | ||||||||||||||||||||
version | 12 |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 36846 CVE(CAN) ID: CVE-2009-3551,CVE-2009-3549,CVE-2009-3550,CVE-2009-2560 Wireshark之前名为Ethereal,是一款非常流行的网络协议分析工具。 Wireshark的Paltalk、DCERPC/NT、SMB和RADIUS协议解析模块中存在拒绝服务漏洞。如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话,就会导致解析模块崩溃。 1) Paltalk协议解析模块epan/dissectors/packet-paltalk.c文件中的dissect_paltalk()函数存在对齐错误,在区分对齐的架构上可能导致崩溃。 2) DCERPC/NT协议解析模块中存在空指针引用。 3) SMB协议解析模块的epan/dissectors/packet-smb.c文件中的dissect_negprot_response()函数存在单字节溢出错误,可能导致崩溃。 4) RADIUS协议解析模块中的错误可能导致崩溃。 Wireshark 0.10.10 - 1.2.2 临时解决方法: * 禁用受影响的解析模块: 1 从菜单选择Analyze→Enabled Protocols... 2 清除Paltalk、DCERPC、SMB和RADIUS 3 点击“保存”、“确定” 厂商补丁: Wireshark --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.wireshark.org/ id SSV:12547 last seen 2017-11-19 modified 2009-10-30 published 2009-10-30 reporter Root title Wireshark 1.2.2和1.0.9版本修复多个拒绝服务漏洞 bulletinFamily exploit description No description provided by source. id SSV:14981 last seen 2017-11-19 modified 2009-11-26 published 2009-11-26 reporter Root source https://www.seebug.org/vuldb/ssvid-14981 title Wireshark: Multiple vulnerabilities
Statements
contributor | Tomas Hoger |
lastmodified | 2009-11-02 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5. |
References
- http://www.wireshark.org/security/wnpa-sec-2009-07.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html
- http://www.vupen.com/english/advisories/2009/3061
- http://secunia.com/advisories/37175
- http://www.securityfocus.com/bid/36846
- http://secunia.com/advisories/37409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6049