Vulnerabilities > CVE-2011-1956 - Unspecified vulnerability in Wireshark 1.4.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Wireshark 1.4.5 'bytes_repr_len()' NULL Pointer Dereference Denial Of Service Vulnerability. CVE-2011-1956. Dos exploit for windows platform |
| id | EDB-ID:35873 |
| last seen | 2016-02-04 |
| modified | 2011-06-17 |
| published | 2011-06-17 |
| reporter | rouli |
| source | https://www.exploit-db.com/download/35873/ |
| title | Wireshark 1.4.5 - 'bytes_repr_len' NULL Pointer Dereference Denial Of Service Vulnerability |
Nessus
NASL family Windows NASL id WIRESHARK_1_4_7.NASL description The installed version of Wireshark is 1.2.x less than 1.2.17 or 1.4.x less than 1.4.7. As such, it is affected by the following vulnerabilities : - An error exists in DICOM dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #5876) - An error exists in the handling of corrupted snoop files that can cause application crashes. (Issue #5912) - An error exists in the handling of compressed capture data that can cause application crashes. (Issue #5908) - An error exists in the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 54942 published 2011-06-02 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54942 title Wireshark < 1.2.17 / 1.4.7 Multiple DoS Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(54942); script_version("1.9"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175" ); script_bugtraq_id(48066); script_xref(name:"Secunia", value:"44449"); script_name(english:"Wireshark < 1.2.17 / 1.4.7 Multiple DoS Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Wireshark is 1.2.x less than 1.2.17 or 1.4.x less than 1.4.7. As such, it is affected by the following vulnerabilities : - An error exists in DICOM dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #5876) - An error exists in the handling of corrupted snoop files that can cause application crashes. (Issue #5912) - An error exists in the handling of compressed capture data that can cause application crashes. (Issue #5908) - An error exists in the handling of 'Visual Networks' files that can cause application crashes. (Issue #5934) - An error exists in the 'desegment_tcp()' function in the file 'epan/dissectors/packet-tcp.c' that can allow a NULL pointer to be dereferenced when handling certain TCP segments. (Issue #5837) - An error exists in the handling of corrupted 'Diameter' dictionary files that can cause application crashes. (CVE-2011-1958)"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5837"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5876"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5908"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5934"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2011-08.html"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2011-07.html"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.2.17.html"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.7.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Wireshark version 1.2.17 / 1.4.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/31"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each install. installs = get_kb_list("SMB/Wireshark/*"); if (isnull(installs)) exit(0, "The 'SMB/Wireshark/*' KB items are missing."); info = ''; info2 = ''; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; if ( version =~ "^1\.2($|\.[0-9]|\.1[0-6])($|[^0-9])" || version =~ "^1\.4($|\.[0-6])($|[^0-9])" ) info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.2.17 / 1.4.7\n'; else info2 += 'Version '+ version + ', under '+ installs[install] + '. '; } # Report if any were found to be vulnerable if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark are"; else s = " of Wireshark is"; report = '\n' + 'The following vulnerable instance' + s + ' installed :\n' + '\n' + info; security_warning(port:get_kb_item("SMB/transport"), extra:report); } else security_warning(get_kb_item("SMB/transport")); exit(0); } if (info2) exit(0, "The following instance(s) of Wireshark are installed and are not vulnerable : "+info2);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-02.NASL description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56426 published 2011-10-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56426 title GLSA-201110-02 : Wireshark: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201110-02. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56426); script_version("1.18"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3133", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0024", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592", "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3266", "CVE-2011-3360", "CVE-2011-3482", "CVE-2011-3483"); script_xref(name:"GLSA", value:"201110-02"); script_name(english:"GLSA-201110-02 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201110-02" ); script_set_attribute( attribute:"solution", value: "All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark console.lua Pre-Loading Script Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.4.9"), vulnerable:make_list("lt 1.4.9"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family Windows NASL id WIRESHARK_1_4_6.NASL description The installed version of Wireshark, version 1.4.5, is affected by a denial of service vulnerability. An attacker can exploit this vulnerability by crafting a malicious TCP packet and sending it on a network segment that Wireshark is monitoring, causing the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 55411 published 2011-06-23 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55411 title Wireshark 1.4.5 Denial of Service code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55411); script_version("1.6"); script_cvs_date("Date: 2018/08/06 14:03:17"); script_cve_id("CVE-2011-1956"); script_bugtraq_id(48389); script_xref(name:"Secunia", value:"44449"); script_name(english:"Wireshark 1.4.5 Denial of Service"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The installed version of Wireshark, version 1.4.5, is affected by a denial of service vulnerability. An attacker can exploit this vulnerability by crafting a malicious TCP packet and sending it on a network segment that Wireshark is monitoring, causing the application to crash."); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5837"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Wireshark version 1.4.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each install. installs = get_kb_list("SMB/Wireshark/*"); if (isnull(installs)) exit(0, "The 'SMB/Wireshark/*' KB items are missing."); info = ''; info2 = ''; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; if (version == "1.4.5") info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.4.6' + '\n'; else info2 += 'Version ' + version + ', under ' + installs[install] + '. '; } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark are"; else s = " of Wireshark is"; report = '\n' + 'The following vulnerable instance' + s + ' installed :\n' + '\n' + info; security_warning(port:get_kb_item("SMB/transport"), extra:report); } else security_warning(get_kb_item("SMB/transport")); exit(0); } if (info2) exit(0, "The following instance(s) of Wireshark are installed and are not vulnerable : " + info2);
Oval
| accepted | 2013-08-19T04:00:45.120-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:14943 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-02-27T15:34:33.178-04:00 | ||||||||||||
| title | Vulnerability in bytes_repr_len function in Wireshark 1.4.5 | ||||||||||||
| version | 8 |
References
- http://openwall.com/lists/oss-security/2011/05/31/19
- http://openwall.com/lists/oss-security/2011/06/01/9
- http://secunia.com/advisories/44449
- http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html
- http://www.wireshark.org/news/20110418.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14943