Vulnerabilities > CVE-2012-0043 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Windows NASL id WIRESHARK_1_6_5.NASL description The installed version of Wireshark is 1.6.x before 1.6.5. This version is affected by the following vulnerabilities : - Errors exist in the parsers for last seen 2020-06-01 modified 2020-06-02 plugin id 57539 published 2012-01-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57539 title Wireshark 1.6.x < 1.6.5 Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20120404.NASL description The remote Solaris system is missing necessary patches to address security updates : - The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. (CVE-2012-0041) - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. (CVE-2012-0042) - Buffer overflow in the reassemble_message function in epan/dissectors/ packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. (CVE-2012-0043) - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. (CVE-2012-0066) - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. (CVE-2012-0067) - The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small. (CVE-2012-0068) last seen 2020-06-01 modified 2020-06-02 plugin id 80801 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80801 title Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2) NASL family Fedora Local Security Checks NASL id FEDORA_2012-0440.NASL description The following vulnerabilities have been fixed. wnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to properly record sizes for many packet capture file formats. wnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash wnpa-sec-2012-03 The RLC dissector could overflow a buffer Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-01-25 plugin id 57670 published 2012-01-25 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57670 title Fedora 15 : wireshark-1.4.11-1.fc15 (2012-0440) NASL family Windows NASL id WIRESHARK_1_4_11.NASL description The installed version of Wireshark is 1.4.x before 1.4.11. This version is affected by the following vulnerabilities : - Errors exist in the parsers for last seen 2020-06-01 modified 2020-06-02 plugin id 57538 published 2012-01-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57538 title Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_4_WIRESHARK-120201.NASL description This update fixes the following security issues : - 741187: multiple file parser vulnerabilities (CVE-2012-0041) - 741188: RLC dissector buffer overflow (CVE-2012-0043) - 741190: NULL pointer vulnerabilities (CVE-2012-0042) - CVE-2012-0066: DoS due to too large buffer alloc request - CVE-2012-0067: DoS due to integer underflow and too large buffer alloc. request - CVE-2012-0068: memory corruption due to buffer underflow last seen 2020-06-05 modified 2014-06-13 plugin id 76047 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76047 title openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1) NASL family SuSE Local Security Checks NASL id SUSE_WIRESHARK-7943.NASL description This version upgrade of wireshark to 1.4.11 fixes the following security issues : - RLC dissector buffer overflow. (CVE-2012-0043) - multiple file parser vulnerabilities. (CVE-2012-0041) - NULL pointer vulnerabilities. (CVE-2012-0042) - DoS due to too large buffer alloc request. (CVE-2012-0066) - DoS due to integer underflow and too large buffer alloc. request. (CVE-2012-0067) - memory corruption due to buffer underflow Additionally, various other non-security issues were resolved. (CVE-2012-0068) last seen 2020-06-05 modified 2012-02-24 plugin id 58117 published 2012-02-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58117 title SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-120131.NASL description This version upgrade of wireshark to 1.4.11 fixes the following security issues : - RLC dissector buffer overflow. (CVE-2012-0043) - multiple file parser vulnerabilities. (CVE-2012-0041) - NULL pointer vulnerabilities. (CVE-2012-0042) - DoS due to too large buffer alloc request. (CVE-2012-0066) - DoS due to integer underflow and too large buffer alloc. request. (CVE-2012-0067) - memory corruption due to buffer underflow Additionally, various other non-security issues were resolved. (CVE-2012-0068) last seen 2020-06-05 modified 2012-02-24 plugin id 58115 published 2012-02-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58115 title SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741) NASL family Fedora Local Security Checks NASL id FEDORA_2012-0435.NASL description The following vulnerabilities have been fixed. wnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to properly record sizes for many packet capture file formats. wnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash wnpa-sec-2012-03 The RLC dissector could overflow a buffer Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-01-23 plugin id 57624 published 2012-01-23 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57624 title Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-123.NASL description Wireshark version 1.4.11 fixes several security issues last seen 2020-06-05 modified 2014-06-13 plugin id 74551 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74551 title openSUSE Security Update : wireshark (openSUSE-2012-123) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201308-05.NASL description The remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69500 published 2013-08-29 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69500 title GLSA-201308-05 : Wireshark: Multiple vulnerabilities
Oval
| accepted | 2013-08-19T04:01:06.843-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:15324 | ||||||||
| status | accepted | ||||||||
| submitted | 2012-04-12T08:48:06.747-04:00 | ||||||||
| title | RLC dissector vulnerability in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 | ||||||||
| version | 7 |
References
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=40266
- http://secunia.com/advisories/47494
- http://secunia.com/advisories/54425
- http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
- http://www.openwall.com/lists/oss-security/2012/01/11/7
- http://www.securitytracker.com/id?1026508
- http://www.wireshark.org/security/wnpa-sec-2012-03.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15324