Vulnerabilities > CVE-2011-1591 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Wireshark <= 1.4.4 - DECT Dissector Remote Buffer Overflow. CVE-2011-1591. Remote exploit for linux platform id EDB-ID:18145 last seen 2016-02-02 modified 2011-11-22 published 2011-11-22 reporter ipv source https://www.exploit-db.com/download/18145/ title Wireshark <= 1.4.4 - DECT Dissector Remote Buffer Overflow description Wireshark 1.4.1-1.4.4 - SEH Overflow Exploit. CVE-2011-1591. Local exploit for windows platform file exploits/windows/local/17185.py id EDB-ID:17185 last seen 2016-02-02 modified 2011-04-18 platform windows port published 2011-04-18 reporter sickness source https://www.exploit-db.com/download/17185/ title Wireshark 1.4.1-1.4.4 - SEH Overflow Exploit type local description Wireshark. CVE-2011-1591. Local exploit for windows platform id EDB-ID:17186 last seen 2016-02-02 modified 2011-04-19 published 2011-04-19 reporter metasploit source https://www.exploit-db.com/download/17186/ title Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow description Wireshark. CVE-2011-1591. Remote exploit for windows platform file exploits/windows/remote/17195.rb id EDB-ID:17195 last seen 2016-02-02 modified 2011-04-19 platform windows port published 2011-04-19 reporter metasploit source https://www.exploit-db.com/download/17195/ title Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow type remote
Metasploit
description This module exploits a stack buffer overflow in Wireshark <= 1.4.4 When opening a malicious .pcap file in Wireshark, a stack buffer occurs, resulting in arbitrary code execution. Note: To exploit the vulnerability remotely with Scapy: sendp(rdpcap("file")). id MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_PACKET_DECT last seen 2020-02-05 modified 2017-07-24 published 2011-04-19 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/wireshark_packet_dect.rb title Wireshark packet-dect.c Stack Buffer Overflow (local) description This module exploits a stack buffer overflow in Wireshark <= 1.4.4 by sending a malicious packet. id MSF:EXPLOIT/WINDOWS/MISC/WIRESHARK_PACKET_DECT last seen 2020-05-21 modified 2019-03-05 published 2011-04-20 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/wireshark_packet_dect.rb title Wireshark packet-dect.c Stack Buffer Overflow
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_WIRESHARK-110511.NASL description This wireshark update fixes : - Use of un-initialized variables (CVE-2011-1590) - Buffer overflow in DECT dissector (CVE-2011-1591) - Crash in NFS dissector on Windows (CVE-2011-1592) last seen 2020-06-01 modified 2020-06-02 plugin id 75773 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75773 title openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-4538. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75773); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"); script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1)"); script_summary(english:"Check for the wireshark-4538 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This wireshark update fixes : - Use of un-initialized variables (CVE-2011-1590) - Buffer overflow in DECT dissector (CVE-2011-1591) - Crash in NFS dissector on Windows (CVE-2011-1592)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688109" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-06/msg00013.html" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"wireshark-1.4.4-0.4.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"wireshark-devel-1.4.4-0.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel"); }NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-110511.NASL description This wireshark update fixes : - Use of un-initialized variables (CVE-2011-1590) - Buffer overflow in DECT dissector (CVE-2011-1591) - Crash in NFS dissector on Windows (CVE-2011-1592) last seen 2020-06-01 modified 2020-06-02 plugin id 76044 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76044 title openSUSE Security Update : wireshark (openSUSE-SU-2011:0599-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update wireshark-4539. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(76044); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"); script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2011:0599-1)"); script_summary(english:"Check for the wireshark-4539 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This wireshark update fixes : - Use of un-initialized variables (CVE-2011-1590) - Buffer overflow in DECT dissector (CVE-2011-1591) - Crash in NFS dissector on Windows (CVE-2011-1592)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=685023" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688109" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-06/msg00010.html" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"wireshark-1.4.4-0.5.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"wireshark-debuginfo-1.4.4-0.5.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"wireshark-debugsource-1.4.4-0.5.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"wireshark-devel-1.4.4-0.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel / wireshark-debuginfo / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2011-5529.NASL description Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53561 published 2011-04-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53561 title Fedora 13 : wireshark-1.2.16-1.fc13 (2011-5529) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-5529. # include("compat.inc"); if (description) { script_id(53561); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-1590", "CVE-2011-1591"); script_xref(name:"FEDORA", value:"2011-5529"); script_name(english:"Fedora 13 : wireshark-1.2.16-1.fc13 (2011-5529)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697746" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?50cfff51" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"wireshark-1.2.16-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); }NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7501.NASL description This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592) last seen 2020-06-01 modified 2020-06-02 plugin id 54995 published 2011-06-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54995 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7501) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(54995); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:44"); script_cve_id("CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"); script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7501)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1590.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1591.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1592.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7501."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:3, reference:"wireshark-1.4.4-0.39.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"wireshark-devel-1.4.4-0.39.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Fedora Local Security Checks NASL id FEDORA_2011-5569.NASL description Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53562 published 2011-04-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53562 title Fedora 14 : wireshark-1.4.6-1.fc14 (2011-5569) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-5569. # include("compat.inc"); if (description) { script_id(53562); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-1590", "CVE-2011-1591"); script_xref(name:"FEDORA", value:"2011-5569"); script_name(english:"Fedora 14 : wireshark-1.4.6-1.fc14 (2011-5569)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html" ); # http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697746" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bf3f9805" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"wireshark-1.4.6-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); }NASL family Fedora Local Security Checks NASL id FEDORA_2011-5621.NASL description Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53563 published 2011-04-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53563 title Fedora 15 : wireshark-1.4.6-1.fc15 (2011-5621) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-5621. # include("compat.inc"); if (description) { script_id(53563); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-1590", "CVE-2011-1591"); script_bugtraq_id(47392); script_xref(name:"FEDORA", value:"2011-5621"); script_name(english:"Fedora 15 : wireshark-1.4.6-1.fc15 (2011-5621)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html" ); # http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=697746" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c195660f" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"wireshark-1.4.6-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-02.NASL description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56426 published 2011-10-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56426 title GLSA-201110-02 : Wireshark: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201110-02. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56426); script_version("1.18"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3133", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0024", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592", "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3266", "CVE-2011-3360", "CVE-2011-3482", "CVE-2011-3483"); script_xref(name:"GLSA", value:"201110-02"); script_name(english:"GLSA-201110-02 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201110-02" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark console.lua Pre-Loading Script Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.4.9"), vulnerable:make_list("lt 1.4.9"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-110503.NASL description This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592) last seen 2020-06-01 modified 2020-06-02 plugin id 54994 published 2011-06-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54994 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4476) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(54994); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"); script_name(english:"SuSE 11.1 Security Update : wireshark (SAT Patch Number 4476)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688109" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1590.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1591.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1592.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4476."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"wireshark-1.4.4-0.4.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"wireshark-1.4.4-0.4.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"wireshark-1.4.4-0.4.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7500.NASL description This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592) last seen 2020-06-01 modified 2020-06-02 plugin id 57262 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57262 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7500) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57262); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:44"); script_cve_id("CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"); script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7500)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. (CWE-399, CVE-2011-1590) - Buffer Errors. (CWE-119, CVE-2011-1591) - Numeric Errors (CWE-189, CVE-2011-1592)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1590.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1591.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1592.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7500."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark packet-dect.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.4-0.39.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.4-0.39.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.4-0.39.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-083.NASL description This advisory updates wireshark to the latest version (1.2.16), fixing several security issues : The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1590). Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file (CVE-2011-1591). The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1592). The updated packages have been upgraded to the latest 1.2.x version (1.2.16) which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53882 published 2011-05-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53882 title Mandriva Linux Security Advisory : wireshark (MDVSA-2011:083) NASL family Windows NASL id WIRESHARK_1_4_5.NASL description The installed version of Wireshark is 1.2.x less than 1.2.16 or 1.4.x less than 1.4.5. Such versions are affected by the following vulnerabilities : - A data type mismatch error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 53473 published 2011-04-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53473 title Wireshark < 1.2.16 / 1.4.5 Multiple Vulnerabilities
Oval
| accepted | 2013-08-19T04:00:51.332-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15000 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-02-27T15:34:33.178-04:00 | ||||||||||||
| title | Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 | ||||||||||||
| version | 8 |
Packetstorm
data source https://packetstormsecurity.com/files/download/100563/wireshark_packet_dect.rb.txt id PACKETSTORM:100563 last seen 2016-12-05 published 2011-04-19 reporter corelanc0d3r source https://packetstormsecurity.com/files/100563/Wireshark-1.4.4-packet-dect.c-Stack-Buffer-Overflow.html title Wireshark 1.4.4 packet-dect.c Stack Buffer Overflow data source https://packetstormsecurity.com/files/download/109341/windows-fileformat-wireshark_packet_dect.rb.txt id PACKETSTORM:109341 last seen 2016-12-05 published 2012-02-02 reporter Paul Makowski source https://packetstormsecurity.com/files/109341/Wireshark-1.4.4-Local-Stack-Buffer-Overflow.html title Wireshark 1.4.4 Local Stack Buffer Overflow data source https://packetstormsecurity.com/files/download/109342/windows-misc-wireshark_packet_dect.rb.txt id PACKETSTORM:109342 last seen 2016-12-05 published 2012-02-02 reporter Paul Makowski source https://packetstormsecurity.com/files/109342/Wireshark-1.4.4-Remote-Stack-Buffer-Overflow.html title Wireshark 1.4.4 Remote Stack Buffer Overflow data source https://packetstormsecurity.com/files/download/107229/wireshark144-overflow.txt id PACKETSTORM:107229 last seen 2016-12-05 published 2011-11-23 reporter ipv source https://packetstormsecurity.com/files/107229/Wireshark-1.4.4-DECT-Dissector-Buffer-Overflow.html title Wireshark 1.4.4 DECT Dissector Buffer Overflow
Saint
bid 47392 description Wireshark DECT Dissector Remote Stack Buffer Overflow id net_wireshark osvdb 71848 title wireshark_dect_remote type remote bid 47392 description Wireshark DECT Dissector PCAP File Processing Overflow id net_wireshark osvdb 71848 title wireshark_dect type client
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html
- http://openwall.com/lists/oss-security/2011/04/18/2
- http://openwall.com/lists/oss-security/2011/04/18/8
- http://secunia.com/advisories/44172
- http://secunia.com/advisories/44374
- http://securitytracker.com/id?1025389
- http://www.exploit-db.com/exploits/17185
- http://www.exploit-db.com/exploits/17195
- http://www.kb.cert.org/vuls/id/243670
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:083
- http://www.osvdb.org/71848
- http://www.vupen.com/english/advisories/2011/1022
- http://www.vupen.com/english/advisories/2011/1106
- http://www.wireshark.org/security/wnpa-sec-2011-06.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66834
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15000