Vulnerabilities > CVE-2009-4376 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-05.NASL description The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact : A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46772 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46772 title GLSA-201006-05 : Wireshark: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201006-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(46772); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-4376", "CVE-2009-4377", "CVE-2009-4378", "CVE-2010-1455"); script_bugtraq_id(37407, 39950); script_xref(name:"GLSA", value:"201006-05"); script_name(english:"GLSA-201006-05 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact : A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201006-05" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.8-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.2.8-r1"), vulnerable:make_list("lt 1.2.8-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_WIRESHARK-100203.NASL description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector. last seen 2020-06-01 modified 2020-06-02 plugin id 45074 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45074 title openSUSE Security Update : wireshark (wireshark-1900) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1900. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(45074); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2009-2563", "CVE-2009-4376", "CVE-2009-4377", "CVE-2010-0304"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1900)"); script_summary(english:"Check for the wireshark-1900 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=565902" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"wireshark-1.0.4-2.14.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"wireshark-devel-1.0.4-2.14.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_WIRESHARK-100203.NASL description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector. last seen 2020-06-01 modified 2020-06-02 plugin id 45072 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45072 title openSUSE Security Update : wireshark (wireshark-1900) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-1900. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(45072); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-2563", "CVE-2009-4376", "CVE-2009-4377", "CVE-2010-0304"); script_name(english:"openSUSE Security Update : wireshark (wireshark-1900)"); script_summary(english:"Check for the wireshark-1900 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=565902" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-1.0.0-17.21") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"wireshark-devel-1.0.0-17.21") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-016.NASL description This advisory updates wireshark to the latest 1.2.5 version, fixing several bugs and two security issues : - The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet (CVE-2009-4377) - Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet (CVE-2009-4376) last seen 2020-06-01 modified 2020-06-02 plugin id 48169 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48169 title Mandriva Linux Security Advisory : wireshark (MDVSA-2010:016) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:016. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48169); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-4376", "CVE-2009-4377"); script_bugtraq_id(37407); script_xref(name:"MDVSA", value:"2010:016"); script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2010:016)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This advisory updates wireshark to the latest 1.2.5 version, fixing several bugs and two security issues : - The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet (CVE-2009-4377) - Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet (CVE-2009-4376)" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", reference:"dumpcap-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64wireshark-devel-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64wireshark0-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libwireshark-devel-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libwireshark0-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"rawshark-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tshark-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"wireshark-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"wireshark-tools-1.2.5-0.1mdv2010.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id WIRESHARK_1_2_5.NASL description The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities : - The Daintree SNA file parser can overflow a buffer. (Bug 4294) - The SMB and SMB2 dissectors can crash. (Bug 4301) - The IPMI dissector can crash on Windows. (Bug 4319) These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely (from the same network segment). last seen 2020-06-01 modified 2020-06-02 plugin id 43350 published 2009-12-18 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43350 title Wireshark / Ethereal 0.9.0 to 1.2.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(43350); script_version("1.12"); script_cve_id("CVE-2009-4376", "CVE-2009-4377", "CVE-2009-4378"); script_bugtraq_id(37407); script_xref(name:"Secunia", value:"37842"); script_name(english:"Wireshark / Ethereal 0.9.0 to 1.2.4 Multiple Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis",value: "The remote host has an application that is affected by multiple vulnerabilities" ); script_set_attribute(attribute:"description",value: "The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities : - The Daintree SNA file parser can overflow a buffer. (Bug 4294) - The SMB and SMB2 dissectors can crash. (Bug 4301) - The IPMI dissector can crash on Windows. (Bug 4319) These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely (from the same network segment)." ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294" ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301" ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319" ); script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2009-09.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Wireshark version 1.2.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute( attribute:"vuln_publication_date", value:"2009/12/17" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/12/17" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/12/18" ); script_cvs_date("Date: 2018/11/15 20:50:29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); # Check each install. installs = get_kb_list("SMB/Wireshark/*"); if (isnull(installs)) exit(0, "The 'SMB/Wireshark/*' KB items are missing."); info=""; info2=""; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Affects 0.9.0 to 1.2.4 if ( (ver[0] == 0 && ver[1] >= 9) || ( ver[0] == 1 && ( (ver[1] == 0 && ver[2] < 11) || (ver[1] == 2 && ver[2] < 5) ) ) ) info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.2.5\n'; else info2 += ' - Version ' + version + ', under ' + installs[install] +'\n'; } # Report if any were found to be vulnerable if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark / Ethereal are"; else s = " of Wireshark / Ethereal is"; report = string( "\n", "The following vulnerable instance", s, " installed :\n", "\n", info ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } if (info2) exit(0, "The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : "+info2);NASL family SuSE Local Security Checks NASL id SUSE_11_2_WIRESHARK-100203.NASL description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector. last seen 2020-06-01 modified 2020-06-02 plugin id 45076 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45076 title openSUSE Security Update : wireshark (wireshark-1900) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-100301.NASL description This update of wireshark fixes : - Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. (CVE-2009-4376) - Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. (CVE-2009-4377) - Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. (CVE-2009-2563) - Several buffer overflows in the LWRES dissector. (CVE-2010-0304) last seen 2020-06-01 modified 2020-06-02 plugin id 45077 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45077 title SuSE 11 Security Update : wireshark (SAT Patch Number 2082) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-100228.NASL description This update of wireshark fixes : - Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. (CVE-2009-4376) - Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. (CVE-2009-4377) - Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. (CVE-2009-2563) - Several buffer overflows in the LWRES dissector. (CVE-2010-0304) last seen 2020-06-01 modified 2020-06-02 plugin id 51635 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51635 title SuSE 11 Security Update : wireshark (SAT Patch Number 2082) NASL family Fedora Local Security Checks NASL id FEDORA_2009-13592.NASL description Various fixes were provided in wireshark 1.2.5 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.5.html for more details. Enhancements - introduced -devel package with autoconf support - enable Lua support Fedora Bug Fixes - the root warning dialog no longer shows up The following vulnerabilities have been fixed. See the security advisory for details and a workaround. http://www.wireshark.org/security/wnpa- sec-2009-09.html - The Daintree SNA file parser could overflow a buffer. (Bug 4294) CVE-2009-4376 - The SMB and SMB2 dissectors could crash. (Bug 4301) CVE-2009-4377 - The IPMI dissector could crash on Windows. (Bug 4319) The following bugs have been fixed: - Wireshark does not graph rtp streams. (Bug 3801) - Wireshark showing extraneous data in a TCP stream. (Bug 3955) - Wrong decoding of gtp.target identification. (Bug 3974) - TTE dissector bug. (Bug 4247) - Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255) - OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258) - Incorrect display of stream data using last seen 2020-06-01 modified 2020-06-02 plugin id 43592 published 2009-12-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43592 title Fedora 12 : wireshark-1.2.5-3.fc12 (2009-13592)
Oval
| accepted | 2013-08-19T04:01:30.203-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:16435 | ||||||||
| status | accepted | ||||||||
| submitted | 2013-04-26T11:00:00.748+04:00 | ||||||||
| title | Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet | ||||||||
| version | 7 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37407 CVE ID: CVE-2009-4376,CVE-2009-4377,CVE-2009-4378 Wireshark之前名为Ethereal,是一款非常流行的网络协议分析工具。 Wireshark的Daintree SNA文件解析器中存在缓冲区溢出漏洞,IPMI、SMB和SMB2协议解析模块中存在拒绝服务漏洞。如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话,就会导致解析模块崩溃或执行任意代码。 Wireshark 0.9.0 - 1.2.4 厂商补丁: Wireshark --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.wireshark.org/download.html |
| id | SSV:15127 |
| last seen | 2017-11-19 |
| modified | 2009-12-23 |
| published | 2009-12-23 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-15127 |
| title | Wireshark 1.2.5版本修复多个安全漏洞 |
References
- http://osvdb.org/61177
- http://secunia.com/advisories/37842
- http://secunia.com/advisories/37916
- http://www.securityfocus.com/bid/37407
- http://www.securitytracker.com/id?1023374
- http://www.vupen.com/english/advisories/2009/3596
- http://www.wireshark.org/security/wnpa-sec-2009-09.html
- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html