Vulnerabilities > CVE-2012-2393 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

wireshark

CWE-119

nessus

exploit available

NVD

Published: 2012-06-30

Updated: 2024-11-21

Summary

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

Vulnerable Configurations

Part	Description	Count
Application	Wireshark Wireshark Wireshark 1.6.0 Wireshark Wireshark 1.4.7 Wireshark Wireshark 1.4.11 Wireshark Wireshark 1.4.2 Wireshark Wireshark 1.4.0 Wireshark Wireshark 1.4.12 Wireshark Wireshark 1.4.5 Wireshark Wireshark 1.6.4 Wireshark Wireshark 1.4.13 Wireshark Wireshark 1.6.5 Wireshark Wireshark 1.4.4 Wireshark Wireshark 1.4.10 Wireshark Wireshark 1.6.3 Wireshark Wireshark 1.4.9 Wireshark Wireshark 1.6.7 Wireshark Wireshark 1.6.1 Wireshark Wireshark 1.4.6 Wireshark Wireshark 1.6.6 Wireshark Wireshark 1.4.3 Wireshark Wireshark 1.6.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.4.8	22

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

description	Wireshark DIAMETER Dissector Denial of Service. CVE-2012-2393. Dos exploits for multiple platform
id	EDB-ID:18918
last seen	2016-02-02
modified	2012-05-24
published	2012-05-24
reporter	Wireshark
source	https://www.exploit-db.com/download/18918/
title	Wireshark DIAMETER Dissector Denial of Service

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-055.NASL
description	Multiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). The USB dissector could go into an infinite loop. (wnpa-sec-2012-31) The ISAKMP dissector could crash. (wnpa-sec-2012-35) The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36) The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37) The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38) The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40) Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). The sFlow dissector could go into an infinite loop (CVE-2012-6054). The SCTP dissector could go into an infinite loop (CVE-2012-6056). The MS-MMS dissector could crash (CVE-2013-2478). The RTPS and RTPS2 dissectors could crash (CVE-2013-2480). The Mount dissector could crash (CVE-2013-2481). The AMPQ dissector could go into an infinite loop (CVE-2013-2482). The ACN dissector could attempt to divide by zero (CVE-2013-2483). The CIMD dissector could crash (CVE-2013-2484). The FCSP dissector could go into an infinite loop (CVE-2013-2485). The DTLS dissector could crash (CVE-2013-2488). This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	66069
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66069
title	Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:055. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(66069); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id( "CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-3548", "CVE-2012-4048", "CVE-2012-4049", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-4293", "CVE-2012-4296", "CVE-2012-4297", "CVE-2012-6054", "CVE-2012-6056", "CVE-2013-2478", "CVE-2013-2480", "CVE-2013-2481", "CVE-2013-2482", "CVE-2013-2483", "CVE-2013-2484", "CVE-2013-2485", "CVE-2013-2488" ); script_bugtraq_id( 53651, 53652, 53653, 54649, 55035, 56729, 58340, 58351, 58353, 58355, 58356, 58357, 58362, 58365 ); script_xref(name:"MDVSA", value:"2013:055"); script_xref(name:"MGASA", value:"2012-0134"); script_xref(name:"MGASA", value:"2012-0210"); script_xref(name:"MGASA", value:"2012-0226"); script_xref(name:"MGASA", value:"2012-0284"); script_xref(name:"MGASA", value:"2012-0348"); script_xref(name:"MGASA", value:"2013-0034"); script_xref(name:"MGASA", value:"2013-0090"); script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). The USB dissector could go into an infinite loop. (wnpa-sec-2012-31) The ISAKMP dissector could crash. (wnpa-sec-2012-35) The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36) The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37) The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38) The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40) Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). The sFlow dissector could go into an infinite loop (CVE-2012-6054). The SCTP dissector could go into an infinite loop (CVE-2012-6056). The MS-MMS dissector could crash (CVE-2013-2478). The RTPS and RTPS2 dissectors could crash (CVE-2013-2480). The Mount dissector could crash (CVE-2013-2481). The AMPQ dissector could go into an infinite loop (CVE-2013-2482). The ACN dissector could attempt to divide by zero (CVE-2013-2483). The CIMD dissector could crash (CVE-2013-2484). The FCSP dissector could go into an infinite loop (CVE-2013-2485). The DTLS dissector could crash (CVE-2013-2488). This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dumpcap-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark1-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rawshark-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tshark-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-1.6.14-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-tools-1.6.14-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_WIRESHARK-8168.NASL
description	This version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes have been introduced. (CVE-2012-2392)
last seen	2020-06-05
modified	2012-06-27
plugin id	59723
published	2012-06-27
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59723
title	SuSE 10 Security Update : wireshark (ZYPP Patch Number 8168)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(59723); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394"); script_name(english:"SuSE 10 Security Update : wireshark (ZYPP Patch Number 8168)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes have been introduced. (CVE-2012-2392)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2392.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2393.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2394.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8168."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"wireshark-1.4.13-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-1.4.13-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"wireshark-devel-1.4.13-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-10175.NASL
description	Update to latest upstream release, fixing few security bugs. CVE-2012-2392: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors. CVE-2012-2393: Memory allocation flaw in the DIAMETER dissector. CVE-2012-2394: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors. CVE-2012-3825: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS CVE-2012-3826: Integer overflows in the R3 dissector, leading to DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-07-11
plugin id	59940
published	2012-07-11
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59940
title	Fedora 16 : wireshark-1.6.8-1.fc16 (2012-10175)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-10175. # include("compat.inc"); if (description) { script_id(59940); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-3825", "CVE-2012-3826"); script_bugtraq_id(53651, 53652, 53653); script_xref(name:"FEDORA", value:"2012-10175"); script_name(english:"Fedora 16 : wireshark-1.6.8-1.fc16 (2012-10175)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to latest upstream release, fixing few security bugs. CVE-2012-2392: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors. CVE-2012-2393: Memory allocation flaw in the DIAMETER dissector. CVE-2012-2394: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors. CVE-2012-3825: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS CVE-2012-3826: Integer overflows in the R3 dissector, leading to DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=824426" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083679.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6e671882" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"wireshark-1.6.8-1.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_WIRESHARK_20120918.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. (CVE-2012-2392) - epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. (CVE-2012-2393) - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. (CVE-2012-2394) - The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. (CVE-2012-4048) - epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. (CVE-2012-4049)
last seen	2020-06-01
modified	2020-06-02
plugin id	80803
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80803
title	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80803); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-4048", "CVE-2012-4049"); script_name(english:"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. (CVE-2012-2392) - epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. (CVE-2012-2393) - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. (CVE-2012-2394) - The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. (CVE-2012-4048) - epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. (CVE-2012-4049)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ccbc2d4" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ccbc2d4" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 11.4."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:wireshark"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^wireshark$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.11.0.4.1", sru:"SRU 11.4") > 0) flag++; if (flag) { error_extra = 'Affected package : wireshark\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_note(port:0, extra:error_extra); else security_note(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "wireshark");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-080.NASL
description	Multiple vulnerabilities was found and corrected in Wireshark : It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.6.8) which is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	61953
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61953
title	Mandriva Linux Security Advisory : wireshark (MDVSA-2012:080)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:080. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61953); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394"); script_bugtraq_id(53651, 53652, 53653); script_xref(name:"MDVSA", value:"2012:080"); script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2012:080)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities was found and corrected in Wireshark : It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.6.8) which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-08.html" ); script_set_attribute( attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-09.html" ); script_set_attribute( attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-10.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", reference:"dumpcap-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark1-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark-devel-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark1-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"rawshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"tshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"wireshark-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"wireshark-tools-1.6.8-0.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_WIRESHARK-120604.NASL
description	This version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes were introduced. (CVE-2012-2392)
last seen	2020-06-05
modified	2013-01-25
plugin id	64230
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64230
title	SuSE 11.1 Security Update : wireshark (SAT Patch Number 6381)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64230); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394"); script_name(english:"SuSE 11.1 Security Update : wireshark (SAT Patch Number 6381)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "This version upgrade of wireshark fixes multiple denial of service flaws : - denial of service via memory alignment flaw. (CVE-2012-2394) - DIAMETER memory allocation flaw. (CVE-2012-2393) - denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes were introduced. (CVE-2012-2392)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763857" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763859" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2392.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2393.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2394.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6381."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"wireshark-1.4.13-0.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"wireshark-1.4.13-0.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"wireshark-1.4.13-0.2.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Windows
NASL id	WIRESHARK_1_6_8.NASL
description	The installed version of Wireshark is 1.6.x before 1.6.8. This version is affected by the following vulnerabilities : - Input validation errors exist in the dissectors for ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 that can allow specially crafted packets to cause the application to enter infinite or very large loops making it unavailable. (Issues 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) - An input validation error exists in the DIAMETER dissector that can allow specially crafted packets to cause improper memory allocation leading to application crashes. (Issue 7138) - An unspecified error can cause the application to crash due to a memory misalignment. Note, for Windows, this issue only occurs on the Itanium platform. (Issue 7221)
last seen	2020-06-01
modified	2020-06-02
plugin id	59240
published	2012-05-23
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59240
title	Wireshark 1.6.x < 1.6.8 Multiple Denial of Service Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59240); script_version("1.13"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-2392", "CVE-2012-2393", "CVE-2012-2394", "CVE-2012-3825" ); script_bugtraq_id(53651, 53652, 53653); script_xref(name:"EDB-ID", value:"18918"); script_xref(name:"EDB-ID", value:"18919"); script_xref(name:"EDB-ID", value:"18920"); script_name(english:"Wireshark 1.6.x < 1.6.8 Multiple Denial of Service Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Wireshark is 1.6.x before 1.6.8. This version is affected by the following vulnerabilities : - Input validation errors exist in the dissectors for ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 that can allow specially crafted packets to cause the application to enter infinite or very large loops making it unavailable. (Issues 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) - An input validation error exists in the DIAMETER dissector that can allow specially crafted packets to cause improper memory allocation leading to application crashes. (Issue 7138) - An unspecified error can cause the application to crash due to a memory misalignment. Note, for Windows, this issue only occurs on the Itanium platform. (Issue 7221)"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-08.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-09.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-10.html"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Wireshark version 1.6.8 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3825"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each install. installs = get_kb_list_or_exit("SMB/Wireshark/*"); info = ''; info2 = ''; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; if (version =~ "^1\.6($\|\.[0-7])($\|[^0-9])") info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.6.8\n'; else info2 += 'Version ' + version + ', under ' + installs[install] + ' '; } # Remove trailing space on info2 if (strlen(info2) > 1) info2 = substr(info2, 0, strlen(info2) -2); # Report if any were found to be vulnerable if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark are"; else s = " of Wireshark is"; report = '\n' + 'The following vulnerable instance' + s + ' installed :\n' + '\n' + info; security_note(port:get_kb_item("SMB/transport"), extra:report); } else security_note(get_kb_item("SMB/transport")); exit(0); } if (info2) exit(0, "The following installed instance(s) of Wireshark are not affected : " + info2 + ".");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-015.NASL
description	Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark (1.6.5 ) which is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	61943
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61943
title	Mandriva Linux Security Advisory : wireshark (MDVSA-2012:015)

NASL family	Windows
NASL id	WIRESHARK_1_4_13.NASL
description	The installed version of Wireshark is 1.4.x before 1.4.13. This version is affected by the following vulnerabilities : - Input validation errors exist in the dissectors for ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 that can allow specially crafted packets to cause the application to enter infinite or very large loops making it unavailable. (Issues 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) - An input validation error exists in the DIAMETER dissector that can allow specially crafted packets to cause improper memory allocation leading to application crashes. (Issue 7138) - An unspecified error can cause the application to crash due to a memory misalignment. Note, for Windows, this issue only occurs on the Itanium platform. (Issue 7221)
last seen	2020-06-01
modified	2020-06-02
plugin id	59239
published	2012-05-23
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59239
title	Wireshark 1.4.x < 1.4.13 Multiple Denial of Service Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-297.NASL
description	This update is a maintenance release of Wireshark. It fixes some vulererabilities when dissecting certain protocols. As packages for these protocols may be received over the network, an attacker may trigger infinite or large loops or crashes of the dissector. Wireshark release notes and advisories : - http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html - http://www.wireshark.org/security/wnpa-sec-2012-08.html - CVE-2012-2392 - http://www.wireshark.org/security/wnpa-sec-2012-09.html - CVE-2012-2393 - http://www.wireshark.org/security/wnpa-sec-2012-10.html - CVE-2012-2394
last seen	2020-06-05
modified	2014-06-13
plugin id	74636
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74636
title	openSUSE Security Update : wireshark (openSUSE-SU-2012:0657-1)

Oval

accepted

2013-08-19T04:01:11.585-04:00

class

vulnerability

contributors

name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment	Wireshark is installed on the system.
oval	oval:org.mitre.oval:def:6589

description

family

windows

oval:org.mitre.oval:def:15558

status

accepted

submitted

2012-07-02T11:48:43.323-04:00

title

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

Oval

References