Vulnerabilities > CVE-2011-3360 - Unspecified vulnerability in Wireshark
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Exploit-Db
| description | Wireshark console.lua pre-loading vulnerability. CVE-2011-3360. Remote exploit for windows platform |
| id | EDB-ID:18125 |
| last seen | 2016-02-02 |
| modified | 2011-11-19 |
| published | 2011-11-19 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/18125/ |
| title | Wireshark console.lua pre-loading Vulnerability |
Metasploit
| description | This module exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8 |
| id | MSF:EXPLOIT/WINDOWS/MISC/WIRESHARK_LUA |
| last seen | 2020-06-04 |
| modified | 2017-09-14 |
| published | 2011-11-19 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/wireshark_lua.rb |
| title | Wireshark console.lua Pre-Loading Script Execution |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop - CVE-2011-1957: Large/infinite loop in the DICOM dissector - CVE-2011-1959: A corrupted snoop file could crash Wireshark - CVE-2011-2174: Malformed compressed capture data could crash Wireshark - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary last seen 2020-06-01 modified 2020-06-02 plugin id 75774 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75774 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1) NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop - CVE-2011-1957: Large/infinite loop in the DICOM dissector - CVE-2011-1959: A corrupted snoop file could crash Wireshark - CVE-2011-2174: Malformed compressed capture data could crash Wireshark - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary last seen 2020-06-01 modified 2020-06-02 plugin id 76045 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76045 title openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7796.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 57263 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57263 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7796) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2324.NASL description The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. last seen 2020-03-17 modified 2011-10-21 plugin id 56571 published 2011-10-21 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56571 title Debian DSA-2324-1 : wireshark - programming error NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20111205.NASL description The remote Solaris system is missing necessary patches to address security updates : - The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. (CVE-2011-3266) - Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. (CVE-2011-3360) - The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. (CVE-2011-4101) last seen 2020-06-01 modified 2020-06-02 plugin id 80800 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80800 title Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-111013.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 57136 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57136 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-02.NASL description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56426 published 2011-10-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56426 title GLSA-201110-02 : Wireshark: Multiple vulnerabilities NASL family Windows NASL id WIRESHARK_1_4_9.NASL description The installed version of Wireshark is 1.4.x before 1.4.9. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266) - A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135) - It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136) last seen 2020-06-01 modified 2020-06-02 plugin id 56163 published 2011-09-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56163 title Wireshark 1.4.x < 1.4.9 Multiple Vulnerabilities NASL family Windows NASL id WIRESHARK_1_6_2.NASL description The installed version of Wireshark is 1.6.x before 1.6.2. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266) - A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135) - It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136) - An error exists in OpenSafety dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #6138) - An error exists in CSN.1 dissector that can allow denial of service attacks when processing certain malformed packets. (Issue #6139) last seen 2020-06-01 modified 2020-06-02 plugin id 56164 published 2011-09-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56164 title Wireshark 1.6.x < 1.6.2 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-138.NASL description This advisory updates wireshark to the latest version (1.6.2), fixing several security issues : The proto_tree_add_item function in Wireshark 1.6.1, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree (CVE-2011-3266). Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory (CVE-2011-3360). The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet (CVE-2011-3482). Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. (CVE-2011-3483). The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet (CVE-2011-3484). The updated packages have been upgraded to the latest 1.6.x version (1.6.2) which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61928 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61928 title Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7795.NASL description This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. (CVE-2011-3266) - Wireshark Lua script execution vulnerability. (CVE-2011-3360) - Wireshark buffer exception handling vulnerability. (CVE-2011-3483) - Lucent/Ascend file parser susceptible to infinite loop. (CVE-2011-2597) - ANSI MAP dissector susceptible to infinite loop. (CVE-2011-2698) - Large/infinite loop in the DICOM dissector. (CVE-2011-1957) - A corrupted snoop file could crash Wireshark. (CVE-2011-1959) - Malformed compressed capture data could crash Wireshark. (CVE-2011-2174) - A corrupted Visual Networks file could crash Wireshark. (CVE-2011-2175) - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958) last seen 2020-06-01 modified 2020-06-02 plugin id 56617 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56617 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)
Oval
| accepted | 2013-08-19T04:00:56.291-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15059 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-02-27T15:34:33.178-04:00 | ||||||||||||
| title | Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 | ||||||||||||
| version | 8 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/107159/wireshark_lua.rb.txt |
| id | PACKETSTORM:107159 |
| last seen | 2016-12-05 |
| published | 2011-11-20 |
| reporter | sinn3r |
| source | https://packetstormsecurity.com/files/107159/Wireshark-1.6-console.lua-Pre-Load-Execution.html |
| title | Wireshark 1.6 console.lua Pre-Load / Execution |
Saint
| bid | 49528 |
| description | Wireshark Lua Untrusted Search Path vulnerability |
| osvdb | 75347 |
| title | wireshark_lua_search_path |
| type | client |
References
- http://osvdb.org/75347
- http://www.debian.org/security/2011/dsa-2324
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
- http://www.openwall.com/lists/oss-security/2011/09/13/1
- http://www.openwall.com/lists/oss-security/2011/09/14/5
- http://www.wireshark.org/security/wnpa-sec-2011-15.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136
- https://bugzilla.redhat.com/show_bug.cgi?id=737784
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059
- http://osvdb.org/75347
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059
- https://bugzilla.redhat.com/show_bug.cgi?id=737784
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136
- http://www.wireshark.org/security/wnpa-sec-2011-15.html
- http://www.openwall.com/lists/oss-security/2011/09/14/5
- http://www.openwall.com/lists/oss-security/2011/09/13/1
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
- http://www.debian.org/security/2011/dsa-2324