Vulnerabilities > CVE-2011-1141 - Resource Management Errors vulnerability in Wireshark

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
wireshark
CWE-399
nessus

Summary

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0370.NASL
    descriptionFrom Red Hat Security Advisory 2011:0370 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68232
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68232
    titleOracle Linux 4 / 5 : wireshark (ELSA-2011-0370)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:0370 and 
    # Oracle Linux Security Advisory ELSA-2011-0370 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68232);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2010-3445", "CVE-2011-0024", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143");
      script_bugtraq_id(43197, 46167, 46626, 46796);
      script_xref(name:"RHSA", value:"2011:0370");
    
      script_name(english:"Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:0370 :
    
    Updated wireshark packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark is a program for monitoring network traffic. Wireshark was
    previously known as Ethereal.
    
    A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
    opened a specially crafted capture file, it could crash or, possibly,
    execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2010-3445,
    CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141,
    CVE-2011-1143)
    
    Users of Wireshark should upgrade to these updated packages, which
    contain backported patches to correct these issues. All running
    instances of Wireshark must be restarted for the update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-March/002016.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-March/002018.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"wireshark-1.0.15-2.0.1.el4")) flag++;
    if (rpm_check(release:"EL4", reference:"wireshark-gnome-1.0.15-2.0.1.el4")) flag++;
    
    if (rpm_check(release:"EL5", reference:"wireshark-1.0.15-1.0.1.el5_6.4")) flag++;
    if (rpm_check(release:"EL5", reference:"wireshark-gnome-1.0.15-1.0.1.el5_6.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2201.NASL
    descriptionHuzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several vulnerabilities in the Wireshark network traffic analyzer. Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to parse pcag-ng files could lead to denial of service or the execution of arbitrary code.
    last seen2020-03-17
    modified2011-03-24
    plugin id52948
    published2011-03-24
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52948
    titleDebian DSA-2201-1 : wireshark - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-044.NASL
    descriptionThis advisory updates wireshark to the latest version (1.2.15), fixing several security issues : Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file (CVE-2011-0538). Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file (CVE-2011-0713). wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field (CVE-2011-1139). Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet (CVE-2011-1140). epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements (CVE-2011-1141). Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values (CVE-2011-1142). epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file (CVE-2011-1143). The updated packages have been upgraded to the latest 1.2.x version (1.2.15) and patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52593
    published2011-03-09
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52593
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2011:044)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110321_WIRESHARK_ON_SL4_X.NASL
    descriptionA heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60991
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60991
    titleScientific Linux Security Update : wireshark on SL4.x, SL5.x i386/x86_64
  • NASL familyWindows
    NASL idWIRESHARK_1_4_4.NASL
    descriptionThe installed version of Wireshark is 1.0.x or 1.2.x less than 1.2.15 or 1.4.x less than 1.4.4. Such versions are affected by the following vulnerabilities : - The BER dissector may loop indefinitely. (Bug #1516) - A crash can occur in the NTLMSSP dissector. (Bug #5157) - An error exists in the processing of pcap-ng files that causes the application to free an uninitialized pointer. (Bug #5652) - An error exists in the processing of packets having large length in a pcap-ng file. This can result in application crashes. (Bug #5661) - A stack overflow vulnerability exists in the LDAP and SMB dissectors. (Bug #5717) - An error exists in the processing of malformed 6LoWPAN packets. This affects only 32-bit platforms and can result in application crashes. (Bug #5722) - An error exists in the processing of large LDAP filter strings that cause the application to consume excessive amounts of memory. (Bug #5732)
    last seen2020-06-01
    modified2020-06-02
    plugin id52502
    published2011-03-02
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52502
    titleWireshark < 1.2.15 / 1.4.4 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2620.NASL
    descriptionSeveral security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52640
    published2011-03-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52640
    titleFedora 13 : wireshark-1.2.15-1.fc13 (2011-2620)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2632.NASL
    descriptionSeveral security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52641
    published2011-03-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52641
    titleFedora 14 : wireshark-1.4.4-1.fc14 (2011-2632)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0370.NASL
    descriptionUpdated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id52750
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52750
    titleRHEL 4 / 5 : wireshark (RHSA-2011:0370)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56426
    published2011-10-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56426
    titleGLSA-201110-02 : Wireshark: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0369.NASL
    descriptionFrom Red Hat Security Advisory 2011:0369 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0444) A heap-based buffer overflow flaw was found in the way Wireshark processed signaling traces generated by the Gammu utility on Nokia DCT3 phones running in Netmonitor mode. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0713) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68231
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68231
    titleOracle Linux 6 : wireshark (ELSA-2011-0369)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0369.NASL
    descriptionUpdated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0444) A heap-based buffer overflow flaw was found in the way Wireshark processed signaling traces generated by the Gammu utility on Nokia DCT3 phones running in Netmonitor mode. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0713) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id52749
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52749
    titleRHEL 6 : wireshark (RHSA-2011:0369)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0370.NASL
    descriptionUpdated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id52757
    published2011-03-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52757
    titleCentOS 4 / 5 : wireshark (CESA-2011:0370)

Oval

accepted2013-08-19T04:00:46.740-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionepan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
familywindows
idoval:org.mitre.oval:def:14974
statusaccepted
submitted2012-02-27T15:34:33.178-04:00
titleVulnerability in epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3
version8

Redhat

advisories
  • bugzilla
    id681756
    titleCVE-2011-1141 Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentwireshark is earlier than 0:1.2.15-1.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20110369001
          • commentwireshark is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100924002
        • AND
          • commentwireshark-devel is earlier than 0:1.2.15-1.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20110369003
          • commentwireshark-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100924004
        • AND
          • commentwireshark-gnome is earlier than 0:1.2.15-1.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20110369005
          • commentwireshark-gnome is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100924006
    rhsa
    idRHSA-2011:0369
    released2011-03-21
    severityModerate
    titleRHSA-2011:0369: wireshark security update (Moderate)
  • rhsa
    idRHSA-2011:0370
rpms
  • wireshark-0:1.2.15-1.el6_0.1
  • wireshark-debuginfo-0:1.2.15-1.el6_0.1
  • wireshark-devel-0:1.2.15-1.el6_0.1
  • wireshark-gnome-0:1.2.15-1.el6_0.1
  • wireshark-0:1.0.15-1.el5_6.4
  • wireshark-0:1.0.15-2.el4
  • wireshark-debuginfo-0:1.0.15-1.el5_6.4
  • wireshark-debuginfo-0:1.0.15-2.el4
  • wireshark-gnome-0:1.0.15-1.el5_6.4
  • wireshark-gnome-0:1.0.15-2.el4