Vulnerabilities > CVE-2009-4378 - Multiple vulnerability in Wireshark 0.9.0 through 1.2.4

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

wireshark

microsoft

nessus

NVD

Published: 2009-12-21

Updated: 2017-09-19

Summary

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."

Vulnerable Configurations

Part	Description	Count
Application	Wireshark Wireshark Wireshark 1.2.0 Wireshark Wireshark 1.2.1 Wireshark Wireshark 1.2.2 Wireshark Wireshark 1.2.3 Wireshark Wireshark 1.2.4	5
OS	Microsoft Microsoft Windows *	1

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201006-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact : A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	46772
published	2010-06-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/46772
title	GLSA-201006-05 : Wireshark: Multiple vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201006-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(46772); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-4376", "CVE-2009-4377", "CVE-2009-4378", "CVE-2010-1455"); script_bugtraq_id(37407, 39950); script_xref(name:"GLSA", value:"201006-05"); script_name(english:"GLSA-201006-05 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact : A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201006-05" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.8-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.2.8-r1"), vulnerable:make_list("lt 1.2.8-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }

NASL family	Windows
NASL id	WIRESHARK_1_2_5.NASL
description	The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities : - The Daintree SNA file parser can overflow a buffer. (Bug 4294) - The SMB and SMB2 dissectors can crash. (Bug 4301) - The IPMI dissector can crash on Windows. (Bug 4319) These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely (from the same network segment).
last seen	2020-06-01
modified	2020-06-02
plugin id	43350
published	2009-12-18
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/43350
title	Wireshark / Ethereal 0.9.0 to 1.2.4 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(43350); script_version("1.12"); script_cve_id("CVE-2009-4376", "CVE-2009-4377", "CVE-2009-4378"); script_bugtraq_id(37407); script_xref(name:"Secunia", value:"37842"); script_name(english:"Wireshark / Ethereal 0.9.0 to 1.2.4 Multiple Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis",value: "The remote host has an application that is affected by multiple vulnerabilities" ); script_set_attribute(attribute:"description",value: "The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities : - The Daintree SNA file parser can overflow a buffer. (Bug 4294) - The SMB and SMB2 dissectors can crash. (Bug 4301) - The IPMI dissector can crash on Windows. (Bug 4319) These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely (from the same network segment)." ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294" ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301" ); script_set_attribute( attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319" ); script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2009-09.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Wireshark version 1.2.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute( attribute:"vuln_publication_date", value:"2009/12/17" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/12/17" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/12/18" ); script_cvs_date("Date: 2018/11/15 20:50:29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); # Check each install. installs = get_kb_list("SMB/Wireshark/"); if (isnull(installs)) exit(0, "The 'SMB/Wireshark/' KB items are missing."); info=""; info2=""; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Affects 0.9.0 to 1.2.4 if ( (ver[0] == 0 && ver[1] >= 9) \|\| ( ver[0] == 1 && ( (ver[1] == 0 && ver[2] < 11) \|\| (ver[1] == 2 && ver[2] < 5) ) ) ) info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.2.5\n'; else info2 += ' - Version ' + version + ', under ' + installs[install] +'\n'; } # Report if any were found to be vulnerable if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark / Ethereal are"; else s = " of Wireshark / Ethereal is"; report = string( "\n", "The following vulnerable instance", s, " installed :\n", "\n", info ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } if (info2) exit(0, "The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : "+info2);

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-13592.NASL
description	Various fixes were provided in wireshark 1.2.5 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.5.html for more details. Enhancements - introduced -devel package with autoconf support - enable Lua support Fedora Bug Fixes - the root warning dialog no longer shows up The following vulnerabilities have been fixed. See the security advisory for details and a workaround. http://www.wireshark.org/security/wnpa- sec-2009-09.html - The Daintree SNA file parser could overflow a buffer. (Bug 4294) CVE-2009-4376 - The SMB and SMB2 dissectors could crash. (Bug 4301) CVE-2009-4377 - The IPMI dissector could crash on Windows. (Bug 4319) The following bugs have been fixed: - Wireshark does not graph rtp streams. (Bug 3801) - Wireshark showing extraneous data in a TCP stream. (Bug 3955) - Wrong decoding of gtp.target identification. (Bug 3974) - TTE dissector bug. (Bug 4247) - Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255) - OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258) - Incorrect display of stream data using
last seen	2020-06-01
modified	2020-06-02
plugin id	43592
published	2009-12-27
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43592
title	Fedora 12 : wireshark-1.2.5-3.fc12 (2009-13592)

Oval

accepted

2013-08-19T04:05:17.436-04:00

class

vulnerability

contributors

name Nikita MR
organization SecPod Technologies
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment	Wireshark is installed on the system.
oval	oval:org.mitre.oval:def:6589

description

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."

family

windows

oval:org.mitre.oval:def:7576

status

accepted

submitted

2010-05-25T10:11:02

title

Wireshark DoS Vulnerability due to IPM dissector

version

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 37407 CVE ID: CVE-2009-4376,CVE-2009-4377,CVE-2009-4378 Wireshark之前名为Ethereal，是一款非常流行的网络协议分析工具。 Wireshark的Daintree SNA文件解析器中存在缓冲区溢出漏洞，IPMI、SMB和SMB2协议解析模块中存在拒绝服务漏洞。如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话，就会导致解析模块崩溃或执行任意代码。 Wireshark 0.9.0 - 1.2.4 厂商补丁： Wireshark --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.wireshark.org/download.html
id	SSV:15127
last seen	2017-11-19
modified	2009-12-23
published	2009-12-23
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-15127
title	Wireshark 1.2.5版本修复多个安全漏洞

Summary

Vulnerable Configurations

Nessus

Oval

Seebug

References