Vulnerabilities > CVE-2010-2992 - Unspecified vulnerability in Wireshark

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
wireshark
nessus

Summary

packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13427.NASL
    descriptionUpdate to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-04.html * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49093
    published2010-09-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49093
    titleFedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-13427.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49093);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995");
      script_xref(name:"FEDORA", value:"2010-13427");
    
      script_name(english:"Fedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream version 1.2.10: *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing
    multiple security issues: *
    http://www.wireshark.org/security/wnpa-sec-2010-04.html *
    http://www.wireshark.org/security/wnpa-sec-2010-06.html *
    http://www.wireshark.org/security/wnpa-sec-2010-08.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html"
      );
      # http://www.wireshark.org/security/wnpa-sec-2010-04.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2010-04.html"
      );
      # http://www.wireshark.org/security/wnpa-sec-2010-06.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2010-06.html"
      );
      # http://www.wireshark.org/security/wnpa-sec-2010-08.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2010-08.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=590613"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=623843"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046962.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?94fdf596"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC12", reference:"wireshark-1.2.10-1.fc12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-7438.NASL
    descriptionWireshark was updated to version 1.4.4 to fix several security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57261
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57261
    titleSuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57261);
      script_version ("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:44");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143");
    
      script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:"Wireshark was updated to version 1.4.4 to fix several security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-1455.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2283.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2284.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2285.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2286.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2287.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2992.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2993.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2994.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2995.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-3445.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4300.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4301.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0444.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0445.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0713.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1138.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1139.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1140.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1143.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7438.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.4-0.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.4-0.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.4-0.37.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyWindows
    NASL idWIRESHARK_1_2_10.NASL
    descriptionThe installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities. - The SigComp Universal Decompressor Virtual Machine could potentially overflow a buffer. (Bug 4867) - The ANS.1 BER dissector could potentially exhaust the stack memory. (Bug 4984) - The GSM A RR dissector is affected by denial of service issue. (Bug 4897) - The IPMI dissector could get stuck in an infinite loop. (Bug 5053)
    last seen2020-06-01
    modified2020-06-02
    plugin id48213
    published2010-08-02
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48213
    titleWireshark / Ethereal < 1.0.15 / 1.2.10 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(48213);
      script_version("1.13");
      script_cvs_date("Date: 2018/08/06 14:03:17");
    
      script_cve_id("CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995");
      script_bugtraq_id(42618);
      script_xref(name:"Secunia", value:"40783");
    
      script_name(english:"Wireshark / Ethereal < 1.0.15 / 1.2.10 Multiple Vulnerabilities");
      script_summary(english:"Does a version check");
    
      script_set_attribute(attribute:"synopsis",value:
    "The remote host has an application that is affected by multiple
    vulnerabilities."
      );
      script_set_attribute(attribute:"description",value:
    "The installed version of Wireshark or Ethereal is potentially
    affected by multiple vulnerabilities. 
    
      - The SigComp Universal Decompressor Virtual Machine could
        potentially overflow a buffer. (Bug 4867)
    
      - The ANS.1 BER dissector could potentially exhaust the 
        stack memory. (Bug 4984)
    
      - The GSM A RR dissector is affected by denial of service
        issue. (Bug 4897)
    
      - The IPMI dissector could get stuck in an infinite loop. 
        (Bug 5053)"
      );
      script_set_attribute(attribute:"see_also",value:"http://www.wireshark.org/security/wnpa-sec-2010-08.html");
      script_set_attribute(attribute:"see_also",value:"http://www.wireshark.org/security/wnpa-sec-2010-07.html");
      script_set_attribute(attribute:"solution",value:"Upgrade to Wireshark version 1.0.15 / 1.2.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/02");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("wireshark_installed.nasl");
      script_require_keys("SMB/Wireshark/Installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    
    # Check each install.
    installs = get_kb_list("SMB/Wireshark/*");
    if (isnull(installs)) exit(0, "The 'SMB/Wireshark/*' KB items are missing.");
    
    info  = '';
    info2 = '';
    
    foreach install(keys(installs))
    {
      if ("/Installed" >< install) continue;
    
      version = install - "SMB/Wireshark/";
      ver = split(version, sep:".", keep:FALSE);
      for (i=0; i<max_index(ver); i++)
        ver[i] = int(ver[i]);
    
      # Affects  0.10.8 to 1.0.14 AND 1.2.0 to 1.2.9
      if ((ver[0] == 0 && ((ver[1] == 10 && ver[2] >=  8) || (ver[1] >= 11))) ||
          (ver[0] == 1 && ver[1] ==  0 && ver[2] < 15 )  ||
          (ver[0] == 1 && ver[1] ==  2 && ver[2] < 10 ) 
      ) info +=
          '\n  Path              : ' + installs[install] +
          '\n  Installed version : ' + version  +
          '\n  Fixed version     : 1.0.15 / 1.2.10\n';
      else
        info2 += 'Version '+ version + ', under '+ installs[install] + '. ';
    }
    
    # Report if any were found to be vulnerable
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (max_index(split(info)) > 1) s = "s of Wireshark / Ethereal are";
        else s = " of Wireshark / Ethereal is";
    
        report = 
          '\n' +
          'The following vulnerable instance' + s + ' installed :\n' +
          '\n' + info;
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
      exit(0);
    }
    if (info2)
      exit(0, "The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : "+info2);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_WIRESHARK-101222.NASL
    descriptionWireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen2020-06-01
    modified2020-06-02
    plugin id53689
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53689
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update wireshark-3731.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53689);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301");
    
      script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)");
      script_summary(english:"Check for the wireshark-3731 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wireshark version 1.4.2 fixes several security issues that allowed
    attackers to crash wireshark or potentially even execute arbitrary
    code
    
    (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
    CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
    CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
    CVE-2010-4301)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=603251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=613487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=630599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=643078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=655448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00004.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"wireshark-1.4.2-1.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"wireshark-devel-1.4.2-1.1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_WIRESHARK-101222.NASL
    descriptionWireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen2020-06-01
    modified2020-06-02
    plugin id53808
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53808
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update wireshark-3738.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53808);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:39");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301");
    
      script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)");
      script_summary(english:"Check for the wireshark-3738 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wireshark version 1.4.2 fixes several security issues that allowed
    attackers to crash wireshark or potentially even execute arbitrary
    code
    
    (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
    CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
    CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
    CVE-2010-4301)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=603251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=613487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=630599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=643078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=655448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"wireshark-1.4.2-1.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"wireshark-devel-1.4.2-1.1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-7439.NASL
    descriptionWireshark was updated to version 1.4.4 to fix several security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53319
    published2011-04-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53319
    titleSuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53319);
      script_version ("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:44");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143");
    
      script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:"Wireshark was updated to version 1.4.4 to fix several security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-1455.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2283.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2284.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2285.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2286.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2287.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2992.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2993.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2994.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-2995.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-3445.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4300.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4301.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0444.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0445.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0713.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1138.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1139.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1140.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1143.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7439.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:3, reference:"wireshark-1.4.4-0.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"wireshark-1.4.4-0.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"wireshark-devel-1.4.4-0.37.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13416.NASL
    descriptionUpdate to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49092
    published2010-09-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49092
    titleFedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-13416.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49092);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995");
      script_bugtraq_id(40728, 42618);
      script_xref(name:"FEDORA", value:"2010-13416");
    
      script_name(english:"Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream version 1.2.10: *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *
    http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing
    multiple security issues: *
    http://www.wireshark.org/security/wnpa-sec-2010-06.html *
    http://www.wireshark.org/security/wnpa-sec-2010-08.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html"
      );
      # http://www.wireshark.org/security/wnpa-sec-2010-06.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2010-06.html"
      );
      # http://www.wireshark.org/security/wnpa-sec-2010-08.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2010-08.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=604308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=623843"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046957.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3fa9b949"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"wireshark-1.2.10-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56426
    published2011-10-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56426
    titleGLSA-201110-02 : Wireshark: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-02.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56426);
      script_version("1.18");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3133", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0024", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592", "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3266", "CVE-2011-3360", "CVE-2011-3482", "CVE-2011-3483");
      script_xref(name:"GLSA", value:"201110-02");
    
      script_name(english:"GLSA-201110-02 : Wireshark: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-02
    (Wireshark: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Wireshark. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could send specially crafted packets on a network
          being monitored by Wireshark, entice a user to open a malformed packet
          trace file using Wireshark, or deploy a specially crafted Lua script for
          use by Wireshark, possibly resulting in the execution of arbitrary code,
          or a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Wireshark users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Wireshark console.lua Pre-Loading Script Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.4.9"), vulnerable:make_list("lt 1.4.9"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_WIRESHARK-101222.NASL
    descriptionWireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen2020-06-01
    modified2020-06-02
    plugin id75771
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75771
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update wireshark-3738.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75771);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:39");
    
      script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301");
    
      script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)");
      script_summary(english:"Check for the wireshark-3738 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wireshark version 1.4.2 fixes several security issues that allowed
    attackers to crash wireshark or potentially even execute arbitrary
    code
    
    (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
    CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
    CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
    CVE-2010-4301)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=603251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=613487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=630599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=643078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=655448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"wireshark-1.4.2-1.1.2") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"wireshark-devel-1.4.2-1.1.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_WIRESHARK-110331.NASL
    descriptionWireshark was updated to version 1.4.4 to fix several security issues
    last seen2020-06-01
    modified2020-06-02
    plugin id53315
    published2011-04-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53315
    titleSuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)

Oval

accepted2013-08-19T04:00:07.729-04:00
classvulnerability
contributors
  • namePreeti Subramanian
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionpacket-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.
familywindows
idoval:org.mitre.oval:def:11651
statusaccepted
submitted2010-08-16T18:01:02
titleVulnerability in packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark
version11