Vulnerabilities > CVE-2011-3266 - Resource Management Errors vulnerability in Wireshark
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7839.NASL description This is a wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57264 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57264 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7839) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(57264); script_version ("1.5"); script_cvs_date("Date: 2019/10/25 13:36:44"); script_cve_id("CVE-2011-2597", "CVE-2011-3266"); script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7839)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This is a wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2597.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3266.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7839."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.10-0.40.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.10-0.40.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.10-0.40.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_3_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop - CVE-2011-1957: Large/infinite loop in the DICOM dissector - CVE-2011-1959: A corrupted snoop file could crash Wireshark - CVE-2011-2174: Malformed compressed capture data could crash Wireshark - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary last seen 2020-06-01 modified 2020-06-02 plugin id 75774 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75774 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1) NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop - CVE-2011-1957: Large/infinite loop in the DICOM dissector - CVE-2011-1959: A corrupted snoop file could crash Wireshark - CVE-2011-2174: Malformed compressed capture data could crash Wireshark - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary last seen 2020-06-01 modified 2020-06-02 plugin id 76045 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76045 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_WIRESHARK-111115.NASL description Wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 75775 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75775 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1263-1) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7796.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 57263 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57263 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7796) NASL family Fedora Local Security Checks NASL id FEDORA_2011-12423.NASL description This update fixes several security bugs, see http://www.wireshark.org/docs/relnotes/wireshark-1.4.9.html for full details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56233 published 2011-09-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56233 title Fedora 14 : wireshark-1.4.9-1.fc14 (2011-12423) NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20111205.NASL description The remote Solaris system is missing necessary patches to address security updates : - The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. (CVE-2011-3266) - Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. (CVE-2011-3360) - The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. (CVE-2011-4101) last seen 2020-06-01 modified 2020-06-02 plugin id 80800 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80800 title Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in) NASL family Fedora Local Security Checks NASL id FEDORA_2011-12399.NASL description This update fixes several security bugs, see http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html for full details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56354 published 2011-10-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56354 title Fedora 16 : wireshark-1.6.2-1.fc16 (2011-12399) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 57136 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57136 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-02.NASL description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56426 published 2011-10-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56426 title GLSA-201110-02 : Wireshark: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-12403.NASL description This update fixes several security bugs, see http://www.wireshark.org/docs/relnotes/wireshark-1.4.9.html for full details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56225 published 2011-09-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56225 title Fedora 15 : wireshark-1.4.9-1.fc15 (2011-12403) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-111115.NASL description This is a wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57137 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57137 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 5433) NASL family Windows NASL id WIRESHARK_1_4_9.NASL description The installed version of Wireshark is 1.4.x before 1.4.9. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266) - A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135) - It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136) last seen 2020-06-01 modified 2020-06-02 plugin id 56163 published 2011-09-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56163 title Wireshark 1.4.x < 1.4.9 Multiple Vulnerabilities NASL family Windows NASL id WIRESHARK_1_6_2.NASL description The installed version of Wireshark is 1.6.x before 1.6.2. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266) - A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135) - It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136) - An error exists in OpenSafety dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #6138) - An error exists in CSN.1 dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #6139) last seen 2020-06-01 modified 2020-06-02 plugin id 56164 published 2011-09-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56164 title Wireshark 1.6.x < 1.6.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-111115.NASL description Wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76046 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76046 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1263-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-138.NASL description This advisory updates wireshark to the latest version (1.6.2), fixing several security issues : The proto_tree_add_item function in Wireshark 1.6.1, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree (CVE-2011-3266). Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory (CVE-2011-3360). The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet (CVE-2011-3482). Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. (CVE-2011-3483). The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet (CVE-2011-3484). The updated packages have been upgraded to the latest 1.6.x version (1.6.2) which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61928 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61928 title Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7795.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 56617 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56617 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)
Oval
| accepted | 2013-08-19T04:00:54.351-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15042 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-02-27T15:34:33.178-04:00 | ||||||||||||
| title | proto_tree_add_item function vulnerability in Wireshark 1.4.x through 1.4.8 and 1.6.0 through 1.6.1 | ||||||||||||
| version | 8 |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html
- http://securityreason.com/securityalert/8351
- http://securitytracker.com/id?1025875
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
- http://www.securityfocus.com/archive/1/519049/100/0/threaded
- http://www.securityfocus.com/bid/49377
- http://www.wireshark.org/security/wnpa-sec-2011-13.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69411
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042