Vulnerabilities > CVE-2011-1138 - Numeric Errors vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7438.NASL description Wireshark was updated to version 1.4.4 to fix several security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57261 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57261 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57261); script_version ("1.7"); script_cvs_date("Date: 2019/10/25 13:36:44"); script_cve_id("CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143"); script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value:"Wireshark was updated to version 1.4.4 to fix several security issues." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1455.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2283.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2284.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2285.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2286.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2287.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2992.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2993.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2994.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2995.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3445.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-4300.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-4301.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-4538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0444.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0445.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0713.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1138.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1139.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1140.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1143.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7438."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.4-0.37.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.4-0.37.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.4-0.37.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0370.NASL description From Red Hat Security Advisory 2011:0370 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68232 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68232 title Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0370 and # Oracle Linux Security Advisory ELSA-2011-0370 respectively. # include("compat.inc"); if (description) { script_id(68232); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2010-3445", "CVE-2011-0024", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143"); script_bugtraq_id(43197, 46167, 46626, 46796); script_xref(name:"RHSA", value:"2011:0370"); script_name(english:"Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2011:0370 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/002016.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/002018.html" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/26"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", reference:"wireshark-1.0.15-2.0.1.el4")) flag++; if (rpm_check(release:"EL4", reference:"wireshark-gnome-1.0.15-2.0.1.el4")) flag++; if (rpm_check(release:"EL5", reference:"wireshark-1.0.15-1.0.1.el5_6.4")) flag++; if (rpm_check(release:"EL5", reference:"wireshark-gnome-1.0.15-1.0.1.el5_6.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome"); }NASL family SuSE Local Security Checks NASL id SUSE_11_2_WIRESHARK-110411.NASL description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). last seen 2020-06-01 modified 2020-06-02 plugin id 53809 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53809 title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) NASL family Windows NASL id WIRESHARK_1_4_4.NASL description The installed version of Wireshark is 1.0.x or 1.2.x less than 1.2.15 or 1.4.x less than 1.4.4. Such versions are affected by the following vulnerabilities : - The BER dissector may loop indefinitely. (Bug #1516) - A crash can occur in the NTLMSSP dissector. (Bug #5157) - An error exists in the processing of pcap-ng files that causes the application to free an uninitialized pointer. (Bug #5652) - An error exists in the processing of packets having large length in a pcap-ng file. This can result in application crashes. (Bug #5661) - A stack overflow vulnerability exists in the LDAP and SMB dissectors. (Bug #5717) - An error exists in the processing of malformed 6LoWPAN packets. This affects only 32-bit platforms and can result in application crashes. (Bug #5722) - An error exists in the processing of large LDAP filter strings that cause the application to consume excessive amounts of memory. (Bug #5732) last seen 2020-06-01 modified 2020-06-02 plugin id 52502 published 2011-03-02 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52502 title Wireshark < 1.2.15 / 1.4.4 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-2620.NASL description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52640 published 2011-03-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52640 title Fedora 13 : wireshark-1.2.15-1.fc13 (2011-2620) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7439.NASL description Wireshark was updated to version 1.4.4 to fix several security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53319 published 2011-04-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53319 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439) NASL family SuSE Local Security Checks NASL id SUSE_11_3_WIRESHARK-110411.NASL description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). last seen 2020-06-01 modified 2020-06-02 plugin id 75772 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75772 title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-2632.NASL description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52641 published 2011-03-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52641 title Fedora 14 : wireshark-1.4.4-1.fc14 (2011-2632) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0370.NASL description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 52750 published 2011-03-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52750 title RHEL 4 / 5 : wireshark (RHSA-2011:0370) NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-110411.NASL description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). last seen 2020-06-01 modified 2020-06-02 plugin id 76043 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76043 title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-2648.NASL description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52590 published 2011-03-09 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52590 title Fedora 15 : wireshark-1.4.4-1.fc15 (2011-2648) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-02.NASL description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56426 published 2011-10-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56426 title GLSA-201110-02 : Wireshark: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-110331.NASL description Wireshark was updated to version 1.4.4 to fix several security issues last seen 2020-06-01 modified 2020-06-02 plugin id 53315 published 2011-04-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53315 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0370.NASL description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 52757 published 2011-03-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52757 title CentOS 4 / 5 : wireshark (CESA-2011:0370)
Oval
| accepted | 2013-08-19T04:01:28.391-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:16299 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2013-04-26T11:00:00.748+04:00 | ||||||||||||
| title | Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet | ||||||||||||
| version | 17 |
References
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
- http://secunia.com/advisories/43759
- http://secunia.com/advisories/44169
- http://www.kb.cert.org/vuls/id/215900
- http://www.securityfocus.com/bid/46636
- http://www.securitytracker.com/id?1025148
- http://www.vupen.com/english/advisories/2011/0626
- http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
- http://www.wireshark.org/security/wnpa-sec-2011-04.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65783
- https://hermes.opensuse.org/messages/8086844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16299