Vulnerabilities > CVE-2012-2392 - Resource Management Errors vulnerability in Wireshark

047910
CVSS 3.3 - LOW
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
low complexity
wireshark
CWE-399
nessus
exploit available

Summary

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionWireshark Multiple Dissector Denial of Service Vulnerabilities. CVE-2012-2392,CVE-2012-3825,CVE-2012-3826. Dos exploits for multiple platform
idEDB-ID:18919
last seen2016-02-02
modified2012-05-24
published2012-05-24
reporterLaurent Butti
sourcehttps://www.exploit-db.com/download/18919/
titleWireshark Multiple Dissector Denial of Service Vulnerabilities

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-055.NASL
    descriptionMultiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). The USB dissector could go into an infinite loop. (wnpa-sec-2012-31) The ISAKMP dissector could crash. (wnpa-sec-2012-35) The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36) The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37) The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38) The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40) Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). The sFlow dissector could go into an infinite loop (CVE-2012-6054). The SCTP dissector could go into an infinite loop (CVE-2012-6056). The MS-MMS dissector could crash (CVE-2013-2478). The RTPS and RTPS2 dissectors could crash (CVE-2013-2480). The Mount dissector could crash (CVE-2013-2481). The AMPQ dissector could go into an infinite loop (CVE-2013-2482). The ACN dissector could attempt to divide by zero (CVE-2013-2483). The CIMD dissector could crash (CVE-2013-2484). The FCSP dissector could go into an infinite loop (CVE-2013-2485). The DTLS dissector could crash (CVE-2013-2488). This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66069
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66069
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2013:055)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:055. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66069);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id(
        "CVE-2012-2392",
        "CVE-2012-2393",
        "CVE-2012-2394",
        "CVE-2012-3548",
        "CVE-2012-4048",
        "CVE-2012-4049",
        "CVE-2012-4285",
        "CVE-2012-4288",
        "CVE-2012-4289",
        "CVE-2012-4290",
        "CVE-2012-4291",
        "CVE-2012-4292",
        "CVE-2012-4293",
        "CVE-2012-4296",
        "CVE-2012-4297",
        "CVE-2012-6054",
        "CVE-2012-6056",
        "CVE-2013-2478",
        "CVE-2013-2480",
        "CVE-2013-2481",
        "CVE-2013-2482",
        "CVE-2013-2483",
        "CVE-2013-2484",
        "CVE-2013-2485",
        "CVE-2013-2488"
      );
      script_bugtraq_id(
        53651,
        53652,
        53653,
        54649,
        55035,
        56729,
        58340,
        58351,
        58353,
        58355,
        58356,
        58357,
        58362,
        58365
      );
      script_xref(name:"MDVSA", value:"2013:055");
      script_xref(name:"MGASA", value:"2012-0134");
      script_xref(name:"MGASA", value:"2012-0210");
      script_xref(name:"MGASA", value:"2012-0226");
      script_xref(name:"MGASA", value:"2012-0284");
      script_xref(name:"MGASA", value:"2012-0348");
      script_xref(name:"MGASA", value:"2013-0034");
      script_xref(name:"MGASA", value:"2013-0090");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in wireshark :
    
    Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE
    802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent
    Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html
    [CVE-2012-2392])
    
    The DIAMETER dissector could try to allocate memory improperly and
    crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html
    [CVE-2012-2393])
    
    Wireshark could crash on SPARC processors due to misaligned memory.
    Discovered by Klaus Heckelmann
    (http://www.wireshark.org/security/wnpa-sec-2012-10.html
    [CVE-2012-2394])
    
    The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before
    1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a
    denial of service (invalid pointer dereference and application crash)
    via a crafted packet, as demonstrated by a usbmon dump
    (CVE-2012-4048).
    
    epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
    before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows
    remote attackers to cause a denial of service (loop and CPU
    consumption) via a crafted packet (CVE-2012-4049).
    
    The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
    
    The XTP dissector could go into an infinite loop (CVE-2012-4288).
    
    The AFP dissector could go into a large loop (CVE-2012-4289).
    
    The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
    
    The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
    
    The CIP dissector could exhaust system memory (CVE-2012-4291).
    
    The STUN dissector could crash (CVE-2012-4292).
    
    The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
    
    The CTDB dissector could go into a large loop (CVE-2012-4290).
    
    Martin Wilck discovered an infinite loop in the DRDA dissector
    (CVE-2012-5239).
    
    The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)
    
    The ISAKMP dissector could crash. (wnpa-sec-2012-35)
    
    The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)
    
    The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)
    
    The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)
    
    The ICMPv6 dissector could go into an infinite loop.
    (wnpa-sec-2012-40)
    
    Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
    CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP
    dissectors (wnpa-sec-2013-01).
    
    The CLNP dissector could crash (wnpa-sec-2013-02).
    
    The DTN dissector could crash (wnpa-sec-2013-03).
    
    The MS-MMC dissector (and possibly others) could crash
    (wnpa-sec-2013-04).
    
    The DTLS dissector could crash (wnpa-sec-2013-05).
    
    The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).
    
    The Wireshark dissection engine could crash (wnpa-sec-2013-08).
    
    The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).
    
    The sFlow dissector could go into an infinite loop (CVE-2012-6054).
    
    The SCTP dissector could go into an infinite loop (CVE-2012-6056).
    
    The MS-MMS dissector could crash (CVE-2013-2478).
    
    The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).
    
    The Mount dissector could crash (CVE-2013-2481).
    
    The AMPQ dissector could go into an infinite loop (CVE-2013-2482).
    
    The ACN dissector could attempt to divide by zero (CVE-2013-2483).
    
    The CIMD dissector could crash (CVE-2013-2484).
    
    The FCSP dissector could go into an infinite loop (CVE-2013-2485).
    
    The DTLS dissector could crash (CVE-2013-2488).
    
    This advisory provides the latest version of Wireshark (1.6.14) which
    is not vulnerable to these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dumpcap-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark1-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rawshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-tools-1.6.14-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1569.NASL
    descriptionUpdated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id79162
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79162
    titleCentOS 6 : wireshark (CESA-2013:1569)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1569 and 
    # CentOS Errata and Security Advisory 2013:1569 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79162);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_bugtraq_id(53651, 55035, 56729, 59995, 59996, 60001, 60002, 60021, 60504, 60505, 61471, 62320, 62868);
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"CentOS 6 : wireshark (CESA-2013:1569)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wireshark packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559, CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392,
    CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289,
    CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595,
    CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600,
    CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061,
    CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081,
    CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933,
    CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)
    
    The wireshark packages have been upgraded to upstream version 1.8.10,
    which provides a number of bug fixes and enhancements over the
    previous versions. For more information on the bugs fixed,
    enhancements included, and supported protocols introduced, refer to
    the Wireshark Release Notes, linked to in the References. (BZ#711024)
    
    This update also fixes the following bugs :
    
    * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when
    inspecting traffic generated by NFSv4.1. A patch has been provided to
    enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is
    now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)
    
    * Prior to this update, frame arrival times in a text file were
    reported one hour ahead from the timestamps in the packet capture
    file. This resulted in various failures being reported by the
    dfilter-test.py test suite. To fix this bug, frame arrival timestamps
    have been shifted by one hour, thus fixing this bug. (BZ#832021)
    
    * The 'tshark -D' command returned output to STDERR instead of STDOUT,
    which could break scripts that are parsing the 'tshark -D' output.
    This bug has been fixed, and the 'tshark -D' command now writes output
    data to a correct standard stream. (BZ#1004636)
    
    * Due to an array overrun, Wireshark could experience undefined
    program behavior or could unexpectedly terminate. With this update,
    proper array handling ensures Wireshark no longer crashes in the
    described scenario. (BZ#715560)
    
    * Previously, the dftest and randpkt command line utilities lacked
    manual pages. This update adds proper manual pages for both utilities.
    (BZ#659661)
    
    In addition, this update adds the following enhancements :
    
    * With this update, Wireshark is able to properly dissect and handle
    InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)
    
    All Wireshark users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. All running instances of Wireshark must be restarted for
    the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2013-November/001110.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?27a5f2bf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-3561");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-1.8.10-4.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-devel-1.8.10-4.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel / wireshark-gnome");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-8168.NASL
    descriptionThis version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes have been introduced. (CVE-2012-2392)
    last seen2020-06-05
    modified2012-06-27
    plugin id59723
    published2012-06-27
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59723
    titleSuSE 10 Security Update : wireshark (ZYPP Patch Number 8168)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59723);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394");
    
      script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 8168)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This version upgrade of wireshark fixes multiple denial of service
    flaws :
    
      - denial of service via memory alignment flaw.
        (CVE-2012-2394)
    
      - DIAMETER memory allocation flaw. (CVE-2012-2393)
    
      - denial of service in multiple dissectors / parsers
        Additionally, various other non-security bug fixes have
        been introduced. (CVE-2012-2392)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2392.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2393.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2394.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8168.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.13-0.5.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.13-0.5.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.13-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1569.NASL
    descriptionUpdated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id71005
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71005
    titleRHEL 6 : wireshark (RHSA-2013:1569)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1569. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71005);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_bugtraq_id(53651, 55035, 56729, 59995, 59996, 60001, 60002, 60021, 60504, 60505, 61471, 62320, 62868);
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"RHEL 6 : wireshark (RHSA-2013:1569)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wireshark packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559, CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392,
    CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289,
    CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595,
    CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600,
    CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061,
    CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081,
    CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933,
    CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)
    
    The wireshark packages have been upgraded to upstream version 1.8.10,
    which provides a number of bug fixes and enhancements over the
    previous versions. For more information on the bugs fixed,
    enhancements included, and supported protocols introduced, refer to
    the Wireshark Release Notes, linked to in the References. (BZ#711024)
    
    This update also fixes the following bugs :
    
    * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when
    inspecting traffic generated by NFSv4.1. A patch has been provided to
    enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is
    now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)
    
    * Prior to this update, frame arrival times in a text file were
    reported one hour ahead from the timestamps in the packet capture
    file. This resulted in various failures being reported by the
    dfilter-test.py test suite. To fix this bug, frame arrival timestamps
    have been shifted by one hour, thus fixing this bug. (BZ#832021)
    
    * The 'tshark -D' command returned output to STDERR instead of STDOUT,
    which could break scripts that are parsing the 'tshark -D' output.
    This bug has been fixed, and the 'tshark -D' command now writes output
    data to a correct standard stream. (BZ#1004636)
    
    * Due to an array overrun, Wireshark could experience undefined
    program behavior or could unexpectedly terminate. With this update,
    proper array handling ensures Wireshark no longer crashes in the
    described scenario. (BZ#715560)
    
    * Previously, the dftest and randpkt command line utilities lacked
    manual pages. This update adds proper manual pages for both utilities.
    (BZ#659661)
    
    In addition, this update adds the following enhancements :
    
    * With this update, Wireshark is able to properly dissect and handle
    InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)
    
    All Wireshark users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. All running instances of Wireshark must be restarted for
    the update to take effect."
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1569"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-2392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4931"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4936"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1569";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"wireshark-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"wireshark-debuginfo-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"wireshark-devel-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-10175.NASL
    descriptionUpdate to latest upstream release, fixing few security bugs. CVE-2012-2392: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors. CVE-2012-2393: Memory allocation flaw in the DIAMETER dissector. CVE-2012-2394: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors. CVE-2012-3825: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS CVE-2012-3826: Integer overflows in the R3 dissector, leading to DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-07-11
    plugin id59940
    published2012-07-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59940
    titleFedora 16 : wireshark-1.6.8-1.fc16 (2012-10175)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-10175.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59940);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-3825", "CVE-2012-3826");
      script_bugtraq_id(53651, 53652, 53653);
      script_xref(name:"FEDORA", value:"2012-10175");
    
      script_name(english:"Fedora 16 : wireshark-1.6.8-1.fc16 (2012-10175)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to latest upstream release, fixing few security bugs.
    
    CVE-2012-2392: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11,
    IEEE 802.3, and LTP dissectors.
    
    CVE-2012-2393: Memory allocation flaw in the DIAMETER dissector.
    
    CVE-2012-2394: Denial of service (crash) due memory alignment problem
    on SPARC and Itanium processors.
    
    CVE-2012-3825: Integer overflows in BACapp and Bluetooth HCI
    dissectors, leading to DoS
    
    CVE-2012-3826: Integer overflows in the R3 dissector, leading to DoS.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=824426"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083679.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6e671882"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark package."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC16", reference:"wireshark-1.6.8-1.fc16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_WIRESHARK_20120918.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. (CVE-2012-2392) - epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. (CVE-2012-2393) - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. (CVE-2012-2394) - The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. (CVE-2012-4048) - epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. (CVE-2012-4049)
    last seen2020-06-01
    modified2020-06-02
    plugin id80803
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80803
    titleOracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80803);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-4048", "CVE-2012-4049");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8
        allows remote attackers to cause a denial of service
        (infinite loop) via vectors related to the (1) ANSI MAP,
        (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP
        dissectors. (CVE-2012-2392)
    
      - epan/dissectors/packet-diameter.c in the DIAMETER
        dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x
        before 1.6.8 does not properly construct certain array
        data structures, which allows remote attackers to cause
        a denial of service (application crash) via a crafted
        packet that triggers incorrect memory allocation.
        (CVE-2012-2393)
    
      - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on
        the SPARC and Itanium platforms does not properly
        perform data alignment for a certain structure member,
        which allows remote attackers to cause a denial of
        service (application crash) via a (1) ICMP or (2) ICMPv6
        Echo Request packet. (CVE-2012-2394)
    
      - The PPP dissector in Wireshark 1.4.x before 1.4.14,
        1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
        attackers to cause a denial of service (invalid pointer
        dereference and application crash) via a crafted packet,
        as demonstrated by a usbmon dump. (CVE-2012-4048)
    
      - epan/dissectors/packet-nfs.c in the NFS dissector in
        Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and
        1.8.x before 1.8.1 allows remote attackers to cause a
        denial of service (loop and CPU consumption) via a
        crafted packet. (CVE-2012-4049)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6ccbc2d4"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6ccbc2d4"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 11.4.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:wireshark");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^wireshark$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.0.11.0.4.1", sru:"SRU 11.4") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : wireshark\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_note(port:0, extra:error_extra);
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "wireshark");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1569.NASL
    descriptionFrom Red Hat Security Advisory 2013:1569 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id71105
    published2013-11-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71105
    titleOracle Linux 6 : wireshark (ELSA-2013-1569)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:1569 and 
    # Oracle Linux Security Advisory ELSA-2013-1569 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71105);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_bugtraq_id(46796, 47392, 48066, 48506, 49071, 50486, 51368, 51710, 52737, 53651, 55035, 56729, 59995, 59996, 60001, 60002, 60021, 60504, 60505, 61471, 62320, 62868);
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"Oracle Linux 6 : wireshark (ELSA-2013-1569)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:1569 :
    
    Updated wireshark packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559, CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392,
    CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289,
    CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595,
    CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600,
    CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061,
    CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081,
    CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933,
    CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)
    
    The wireshark packages have been upgraded to upstream version 1.8.10,
    which provides a number of bug fixes and enhancements over the
    previous versions. For more information on the bugs fixed,
    enhancements included, and supported protocols introduced, refer to
    the Wireshark Release Notes, linked to in the References. (BZ#711024)
    
    This update also fixes the following bugs :
    
    * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when
    inspecting traffic generated by NFSv4.1. A patch has been provided to
    enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is
    now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)
    
    * Prior to this update, frame arrival times in a text file were
    reported one hour ahead from the timestamps in the packet capture
    file. This resulted in various failures being reported by the
    dfilter-test.py test suite. To fix this bug, frame arrival timestamps
    have been shifted by one hour, thus fixing this bug. (BZ#832021)
    
    * The 'tshark -D' command returned output to STDERR instead of STDOUT,
    which could break scripts that are parsing the 'tshark -D' output.
    This bug has been fixed, and the 'tshark -D' command now writes output
    data to a correct standard stream. (BZ#1004636)
    
    * Due to an array overrun, Wireshark could experience undefined
    program behavior or could unexpectedly terminate. With this update,
    proper array handling ensures Wireshark no longer crashes in the
    described scenario. (BZ#715560)
    
    * Previously, the dftest and randpkt command line utilities lacked
    manual pages. This update adds proper manual pages for both utilities.
    (BZ#659661)
    
    In addition, this update adds the following enhancements :
    
    * With this update, Wireshark is able to properly dissect and handle
    InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)
    
    All Wireshark users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. All running instances of Wireshark must be restarted for
    the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-November/003805.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"wireshark-1.8.10-4.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"wireshark-devel-1.8.10-4.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"wireshark-gnome-1.8.10-4.0.1.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel / wireshark-gnome");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-080.NASL
    descriptionMultiple vulnerabilities was found and corrected in Wireshark : It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.6.8) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61953
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61953
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2012:080)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:080. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61953);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394");
      script_bugtraq_id(53651, 53652, 53653);
      script_xref(name:"MDVSA", value:"2012:080");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2012:080)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities was found and corrected in Wireshark :
    
    It may be possible to make Wireshark hang for long or indefinite
    periods by injecting a malformed packet onto the wire or by convincing
    someone to read a malformed packet trace file.
    
    It may be possible to make Wireshark crash by injecting a malformed
    packet onto the wire or by convincing someone to read a malformed
    packet trace file.
    
    This advisory provides the latest version of Wireshark (1.6.8) which
    is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-08.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-09.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-10.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"dumpcap-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark1-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark-devel-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark1-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"rawshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"tshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"wireshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"wireshark-tools-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-251.NASL
    descriptionTwo flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559 , CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392 , CVE-2012-3825 , CVE-2012-4285 , CVE-2012-4288 , CVE-2012-4289 , CVE-2012-4290 , CVE-2012-4291 , CVE-2012-4292 , CVE-2012-5595 , CVE-2012-5597 , CVE-2012-5598 , CVE-2012-5599 , CVE-2012-5600 , CVE-2012-6056 , CVE-2012-6059 , CVE-2012-6060 , CVE-2012-6061 , CVE-2012-6062 , CVE-2013-3557 , CVE-2013-3561 , CVE-2013-4081 , CVE-2013-4927 , CVE-2013-4931 , CVE-2013-4932 , CVE-2013-4933 , CVE-2013-4934 , CVE-2013-4935 , CVE-2013-4936 , CVE-2013-5721)
    last seen2020-06-01
    modified2020-06-02
    plugin id71268
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71268
    titleAmazon Linux AMI : wireshark (ALAS-2013-251)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2013-251.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71268);
      script_version("1.6");
      script_cvs_date("Date: 2019/07/10 16:04:12");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_xref(name:"ALAS", value:"2013-251");
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"Amazon Linux AMI : wireshark (ALAS-2013-251)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559 , CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392 ,
    CVE-2012-3825 , CVE-2012-4285 , CVE-2012-4288 , CVE-2012-4289 ,
    CVE-2012-4290 , CVE-2012-4291 , CVE-2012-4292 , CVE-2012-5595 ,
    CVE-2012-5597 , CVE-2012-5598 , CVE-2012-5599 , CVE-2012-5600 ,
    CVE-2012-6056 , CVE-2012-6059 , CVE-2012-6060 , CVE-2012-6061 ,
    CVE-2012-6062 , CVE-2013-3557 , CVE-2013-3561 , CVE-2013-4081 ,
    CVE-2013-4927 , CVE-2013-4931 , CVE-2013-4932 , CVE-2013-4933 ,
    CVE-2013-4934 , CVE-2013-4935 , CVE-2013-4936 , CVE-2013-5721)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2013-251.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update wireshark' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"wireshark-1.8.10-4.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"wireshark-debuginfo-1.8.10-4.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"wireshark-devel-1.8.10-4.12.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_WIRESHARK-120604.NASL
    descriptionThis version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes were introduced. (CVE-2012-2392)
    last seen2020-06-05
    modified2013-01-25
    plugin id64230
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64230
    titleSuSE 11.1 Security Update : wireshark (SAT Patch Number 6381)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64230);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394");
    
      script_name(english:"SuSE 11.1 Security Update : wireshark (SAT Patch Number 6381)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This version upgrade of wireshark fixes multiple denial of service
    flaws :
    
      - denial of service via memory alignment flaw.
        (CVE-2012-2394)
    
      - DIAMETER memory allocation flaw. (CVE-2012-2393)
    
      - denial of service in multiple dissectors / parsers
        Additionally, various other non-security bug fixes were
        introduced. (CVE-2012-2392)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2392.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2393.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2394.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6381.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"wireshark-1.4.13-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"wireshark-1.4.13-0.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"wireshark-1.4.13-0.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idWIRESHARK_1_6_8.NASL
    descriptionThe installed version of Wireshark is 1.6.x before 1.6.8. This version is affected by the following vulnerabilities : - Input validation errors exist in the dissectors for ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 that can allow specially crafted packets to cause the application to enter infinite or very large loops making it unavailable. (Issues 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) - An input validation error exists in the DIAMETER dissector that can allow specially crafted packets to cause improper memory allocation leading to application crashes. (Issue 7138) - An unspecified error can cause the application to crash due to a memory misalignment. Note, for Windows, this issue only occurs on the Itanium platform. (Issue 7221)
    last seen2020-06-01
    modified2020-06-02
    plugin id59240
    published2012-05-23
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59240
    titleWireshark 1.6.x < 1.6.8 Multiple Denial of Service Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59240);
      script_version("1.13");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-2392",
        "CVE-2012-2393",
        "CVE-2012-2394",
        "CVE-2012-3825"
      );
      script_bugtraq_id(53651, 53652, 53653);
      script_xref(name:"EDB-ID", value:"18918");
      script_xref(name:"EDB-ID", value:"18919");
      script_xref(name:"EDB-ID", value:"18920");
    
      script_name(english:"Wireshark 1.6.x < 1.6.8 Multiple Denial of Service Vulnerabilities");
      script_summary(english:"Does a version check");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains an application that is affected by
    multiple denial of service vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Wireshark is 1.6.x before 1.6.8.  This
    version is affected by the following vulnerabilities :
    
      - Input validation errors exist in the dissectors for
        ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11,
        IEEE 802.3, LTP, and R3 that can allow specially crafted
        packets to cause the application to enter infinite or
        very large loops making it unavailable. (Issues 6805,
        7118, 7119, 7120, 7121, 7122, 7124, 7125)
    
      - An input validation error exists in the DIAMETER
        dissector that can allow specially crafted packets to
        cause improper memory allocation leading to application
        crashes. (Issue 7138)
    
      - An unspecified error can cause the application to crash
        due to a memory misalignment. Note, for Windows, this
        issue only occurs on the Itanium platform. (Issue 7221)");
      script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-08.html");
      script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-09.html");
      script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-10.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Wireshark version 1.6.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3825");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("wireshark_installed.nasl");
      script_require_keys("SMB/Wireshark/Installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each install.
    installs = get_kb_list_or_exit("SMB/Wireshark/*");
    
    info  = '';
    info2 = '';
    
    foreach install(keys(installs))
    {
      if ("/Installed" >< install) continue;
    
      version = install - "SMB/Wireshark/";
    
      if (version =~ "^1\.6($|\.[0-7])($|[^0-9])")
        info +=
          '\n  Path              : ' + installs[install] +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 1.6.8\n';
      else
        info2 += 'Version ' + version + ', under ' + installs[install] + ' ';
    }
    
    # Remove trailing space on info2
    if (strlen(info2) > 1)
      info2 = substr(info2, 0, strlen(info2) -2);
    
    # Report if any were found to be vulnerable
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (max_index(split(info)) > 4) s = "s of Wireshark are";
        else s = " of Wireshark is";
    
        report =
          '\n' +
          'The following vulnerable instance' + s + ' installed :\n' +
          '\n' + info;
        security_note(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_note(get_kb_item("SMB/transport"));
      exit(0);
    }
    if (info2) exit(0, "The following installed instance(s) of Wireshark are not affected : " + info2 + ".");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-015.NASL
    descriptionMultiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark (1.6.5 ) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61943
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61943
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2012:015)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131121_WIRESHARK_ON_SL6_X.NASL
    descriptionTwo flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes. This update also fixes the following bugs : - Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. - Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. - The
    last seen2020-03-18
    modified2013-12-10
    plugin id71301
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71301
    titleScientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20131121)
  • NASL familyWindows
    NASL idWIRESHARK_1_4_13.NASL
    descriptionThe installed version of Wireshark is 1.4.x before 1.4.13. This version is affected by the following vulnerabilities : - Input validation errors exist in the dissectors for ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 that can allow specially crafted packets to cause the application to enter infinite or very large loops making it unavailable. (Issues 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) - An input validation error exists in the DIAMETER dissector that can allow specially crafted packets to cause improper memory allocation leading to application crashes. (Issue 7138) - An unspecified error can cause the application to crash due to a memory misalignment. Note, for Windows, this issue only occurs on the Itanium platform. (Issue 7221)
    last seen2020-06-01
    modified2020-06-02
    plugin id59239
    published2012-05-23
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59239
    titleWireshark 1.4.x < 1.4.13 Multiple Denial of Service Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-297.NASL
    descriptionThis update is a maintenance release of Wireshark. It fixes some vulererabilities when dissecting certain protocols. As packages for these protocols may be received over the network, an attacker may trigger infinite or large loops or crashes of the dissector. Wireshark release notes and advisories : - http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html - http://www.wireshark.org/security/wnpa-sec-2012-08.html - CVE-2012-2392 - http://www.wireshark.org/security/wnpa-sec-2012-09.html - CVE-2012-2393 - http://www.wireshark.org/security/wnpa-sec-2012-10.html - CVE-2012-2394
    last seen2020-06-05
    modified2014-06-13
    plugin id74636
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74636
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2012:0657-1)

Oval

accepted2013-08-19T04:01:13.343-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionWireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
familywindows
idoval:org.mitre.oval:def:15604
statusaccepted
submitted2012-07-02T11:48:43.323-04:00
titleWireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors
version7

Redhat

rpms
  • wireshark-0:1.8.10-4.el6
  • wireshark-debuginfo-0:1.8.10-4.el6
  • wireshark-devel-0:1.8.10-4.el6
  • wireshark-gnome-0:1.8.10-4.el6