CVE-2011-3483 - Buffer Errors vulnerability in Wireshark 1.6.0/1.6.1

Publication

2011-09-20

Last modification

2017-09-19

Summary

Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."

Description

Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain files.Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.Wireshark 1.4.0 to 1.4.8 and 1.6.0 to 1.6.1 are vulnerable.

Solution

Updates are available. Please see the references for more information. Mandriva Linux Mandrake 2011 x86_64 Mandriva dumpcap-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva lib64wireshark-devel-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva lib64wireshark1-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva rawshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva tshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-tools-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva Linux Mandrake 2011 Mandriva dumpcap-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libwireshark-devel-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libwireshark1-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva rawshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva tshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-tools-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com /data/vulnerabilities/exploits/46167.pcap

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:N/I:N/A:P)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

OVAL definition

{
    "accepted": "2013-08-19T04:00:46.259-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        }
    ],
    "definition_extensions": [
        {
            "comment": "Wireshark is installed on the system.",
            "oval": "oval:org.mitre.oval:def:6589"
        }
    ],
    "description": "Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a \"buffer exception handling vulnerability.\"",
    "family": "windows",
    "id": "oval:org.mitre.oval:def:14971",
    "status": "accepted",
    "submitted": "2012-02-27T15:34:33.178-04:00",
    "title": "Wireshark 1.6.x before 1.6.2 buffer exception handling vulnerability",
    "version": "8"
}

Affected Products

Vendor Product Versions
Wireshark Wireshark  1.6.0 , 1.6.1