Vulnerabilities > CVE-2012-4291 - Resource Management Errors vulnerability in multiple products

047910
CVSS 3.3 - LOW
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-526.NASL
    descriptionwireshark was updated to 1.4.15 - The DCP ETSI dissector could trigger a zero division. (wnpa-sec-2012-13 CVE-2012-4285) - The XTP dissector could go into an infinite loop. (wnpa-sec-2012-15 CVE-2012-4288) - The AFP dissector could go into a large loop. (wnpa-sec-2012-17 CVE-2012-4289) - The RTPS2 dissector could overflow a buffer. (wnpa-sec-2012-18 CVE-2012-4296) - The CIP dissector could exhaust system memory. (wnpa-sec-2012-20 CVE-2012-4291) - The STUN dissector could crash. (wnpa-sec-2012-21 CVE-2012-4292) - The EtherCAT Mailbox dissector could abort. (wnpa-sec-2012-22 CVE-2012-4293) - The CTDB dissector could go into a large loop. (wnpa-sec-2012-23 CVE-2012-4290) Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
    last seen2020-06-05
    modified2014-06-13
    plugin id74720
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74720
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2012:1035-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-526.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74720);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-4293", "CVE-2012-4296");
    
      script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2012:1035-1)");
      script_summary(english:"Check for the openSUSE-2012-526 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "wireshark was updated to 1.4.15
    
      - The DCP ETSI dissector could trigger a zero division.
        (wnpa-sec-2012-13 CVE-2012-4285)
    
      - The XTP dissector could go into an infinite loop.
        (wnpa-sec-2012-15 CVE-2012-4288)
    
      - The AFP dissector could go into a large loop.
        (wnpa-sec-2012-17 CVE-2012-4289)
    
      - The RTPS2 dissector could overflow a buffer.
        (wnpa-sec-2012-18 CVE-2012-4296)
    
      - The CIP dissector could exhaust system memory.
        (wnpa-sec-2012-20 CVE-2012-4291)
    
      - The STUN dissector could crash. (wnpa-sec-2012-21
        CVE-2012-4292)
    
      - The EtherCAT Mailbox dissector could abort.
        (wnpa-sec-2012-22 CVE-2012-4293)
    
      - The CTDB dissector could go into a large loop.
        (wnpa-sec-2012-23 CVE-2012-4290)
    
    Further bug fixes and updated protocol support as listed in:
    http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=776083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"wireshark-1.4.15-3.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"wireshark-debuginfo-1.4.15-3.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"wireshark-debugsource-1.4.15-3.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"wireshark-devel-1.4.15-3.20.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-055.NASL
    descriptionMultiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). The USB dissector could go into an infinite loop. (wnpa-sec-2012-31) The ISAKMP dissector could crash. (wnpa-sec-2012-35) The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36) The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37) The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38) The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40) Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). The sFlow dissector could go into an infinite loop (CVE-2012-6054). The SCTP dissector could go into an infinite loop (CVE-2012-6056). The MS-MMS dissector could crash (CVE-2013-2478). The RTPS and RTPS2 dissectors could crash (CVE-2013-2480). The Mount dissector could crash (CVE-2013-2481). The AMPQ dissector could go into an infinite loop (CVE-2013-2482). The ACN dissector could attempt to divide by zero (CVE-2013-2483). The CIMD dissector could crash (CVE-2013-2484). The FCSP dissector could go into an infinite loop (CVE-2013-2485). The DTLS dissector could crash (CVE-2013-2488). This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66069
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66069
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2013:055)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:055. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66069);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id(
        "CVE-2012-2392",
        "CVE-2012-2393",
        "CVE-2012-2394",
        "CVE-2012-3548",
        "CVE-2012-4048",
        "CVE-2012-4049",
        "CVE-2012-4285",
        "CVE-2012-4288",
        "CVE-2012-4289",
        "CVE-2012-4290",
        "CVE-2012-4291",
        "CVE-2012-4292",
        "CVE-2012-4293",
        "CVE-2012-4296",
        "CVE-2012-4297",
        "CVE-2012-6054",
        "CVE-2012-6056",
        "CVE-2013-2478",
        "CVE-2013-2480",
        "CVE-2013-2481",
        "CVE-2013-2482",
        "CVE-2013-2483",
        "CVE-2013-2484",
        "CVE-2013-2485",
        "CVE-2013-2488"
      );
      script_bugtraq_id(
        53651,
        53652,
        53653,
        54649,
        55035,
        56729,
        58340,
        58351,
        58353,
        58355,
        58356,
        58357,
        58362,
        58365
      );
      script_xref(name:"MDVSA", value:"2013:055");
      script_xref(name:"MGASA", value:"2012-0134");
      script_xref(name:"MGASA", value:"2012-0210");
      script_xref(name:"MGASA", value:"2012-0226");
      script_xref(name:"MGASA", value:"2012-0284");
      script_xref(name:"MGASA", value:"2012-0348");
      script_xref(name:"MGASA", value:"2013-0034");
      script_xref(name:"MGASA", value:"2013-0090");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in wireshark :
    
    Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE
    802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent
    Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html
    [CVE-2012-2392])
    
    The DIAMETER dissector could try to allocate memory improperly and
    crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html
    [CVE-2012-2393])
    
    Wireshark could crash on SPARC processors due to misaligned memory.
    Discovered by Klaus Heckelmann
    (http://www.wireshark.org/security/wnpa-sec-2012-10.html
    [CVE-2012-2394])
    
    The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before
    1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a
    denial of service (invalid pointer dereference and application crash)
    via a crafted packet, as demonstrated by a usbmon dump
    (CVE-2012-4048).
    
    epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
    before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows
    remote attackers to cause a denial of service (loop and CPU
    consumption) via a crafted packet (CVE-2012-4049).
    
    The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
    
    The XTP dissector could go into an infinite loop (CVE-2012-4288).
    
    The AFP dissector could go into a large loop (CVE-2012-4289).
    
    The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
    
    The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
    
    The CIP dissector could exhaust system memory (CVE-2012-4291).
    
    The STUN dissector could crash (CVE-2012-4292).
    
    The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
    
    The CTDB dissector could go into a large loop (CVE-2012-4290).
    
    Martin Wilck discovered an infinite loop in the DRDA dissector
    (CVE-2012-5239).
    
    The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)
    
    The ISAKMP dissector could crash. (wnpa-sec-2012-35)
    
    The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)
    
    The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)
    
    The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)
    
    The ICMPv6 dissector could go into an infinite loop.
    (wnpa-sec-2012-40)
    
    Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
    CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP
    dissectors (wnpa-sec-2013-01).
    
    The CLNP dissector could crash (wnpa-sec-2013-02).
    
    The DTN dissector could crash (wnpa-sec-2013-03).
    
    The MS-MMC dissector (and possibly others) could crash
    (wnpa-sec-2013-04).
    
    The DTLS dissector could crash (wnpa-sec-2013-05).
    
    The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).
    
    The Wireshark dissection engine could crash (wnpa-sec-2013-08).
    
    The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).
    
    The sFlow dissector could go into an infinite loop (CVE-2012-6054).
    
    The SCTP dissector could go into an infinite loop (CVE-2012-6056).
    
    The MS-MMS dissector could crash (CVE-2013-2478).
    
    The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).
    
    The Mount dissector could crash (CVE-2013-2481).
    
    The AMPQ dissector could go into an infinite loop (CVE-2013-2482).
    
    The ACN dissector could attempt to divide by zero (CVE-2013-2483).
    
    The CIMD dissector could crash (CVE-2013-2484).
    
    The FCSP dissector could go into an infinite loop (CVE-2013-2485).
    
    The DTLS dissector could crash (CVE-2013-2488).
    
    This advisory provides the latest version of Wireshark (1.6.14) which
    is not vulnerable to these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dumpcap-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark1-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rawshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-1.6.14-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-tools-1.6.14-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1569.NASL
    descriptionUpdated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id79162
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79162
    titleCentOS 6 : wireshark (CESA-2013:1569)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1569 and 
    # CentOS Errata and Security Advisory 2013:1569 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79162);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_bugtraq_id(53651, 55035, 56729, 59995, 59996, 60001, 60002, 60021, 60504, 60505, 61471, 62320, 62868);
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"CentOS 6 : wireshark (CESA-2013:1569)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wireshark packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559, CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392,
    CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289,
    CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595,
    CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600,
    CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061,
    CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081,
    CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933,
    CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)
    
    The wireshark packages have been upgraded to upstream version 1.8.10,
    which provides a number of bug fixes and enhancements over the
    previous versions. For more information on the bugs fixed,
    enhancements included, and supported protocols introduced, refer to
    the Wireshark Release Notes, linked to in the References. (BZ#711024)
    
    This update also fixes the following bugs :
    
    * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when
    inspecting traffic generated by NFSv4.1. A patch has been provided to
    enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is
    now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)
    
    * Prior to this update, frame arrival times in a text file were
    reported one hour ahead from the timestamps in the packet capture
    file. This resulted in various failures being reported by the
    dfilter-test.py test suite. To fix this bug, frame arrival timestamps
    have been shifted by one hour, thus fixing this bug. (BZ#832021)
    
    * The 'tshark -D' command returned output to STDERR instead of STDOUT,
    which could break scripts that are parsing the 'tshark -D' output.
    This bug has been fixed, and the 'tshark -D' command now writes output
    data to a correct standard stream. (BZ#1004636)
    
    * Due to an array overrun, Wireshark could experience undefined
    program behavior or could unexpectedly terminate. With this update,
    proper array handling ensures Wireshark no longer crashes in the
    described scenario. (BZ#715560)
    
    * Previously, the dftest and randpkt command line utilities lacked
    manual pages. This update adds proper manual pages for both utilities.
    (BZ#659661)
    
    In addition, this update adds the following enhancements :
    
    * With this update, Wireshark is able to properly dissect and handle
    InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)
    
    All Wireshark users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. All running instances of Wireshark must be restarted for
    the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2013-November/001110.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?27a5f2bf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-3561");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-1.8.10-4.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-devel-1.8.10-4.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-devel / wireshark-gnome");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-134.NASL
    descriptionMultiple vulnerabilities was found and corrected in Wireshark : The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). This advisory provides the latest version of Wireshark (1.6.10) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61982
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61982
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2012:134)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:134. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61982);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id(
        "CVE-2012-4285",
        "CVE-2012-4287",
        "CVE-2012-4288",
        "CVE-2012-4289",
        "CVE-2012-4290",
        "CVE-2012-4291",
        "CVE-2012-4292",
        "CVE-2012-4293",
        "CVE-2012-4296",
        "CVE-2012-4297"
      );
      script_bugtraq_id(55035);
      script_xref(name:"MDVSA", value:"2012:134");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2012:134)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities was found and corrected in Wireshark :
    
    The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
    
    The MongoDB dissector could go into a large loop (CVE-2012-4287).
    
    The XTP dissector could go into an infinite loop (CVE-2012-4288).
    
    The AFP dissector could go into a large loop (CVE-2012-4289).
    
    The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
    
    The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
    
    The CIP dissector could exhaust system memory (CVE-2012-4291).
    
    The STUN dissector could crash (CVE-2012-4292).
    
    The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
    
    The CTDB dissector could go into a large loop (CVE-2012-4290).
    
    This advisory provides the latest version of Wireshark (1.6.10) which
    is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-13.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-14.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-15.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-17.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-18.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-19.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-20.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-21.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-22.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.wireshark.org/security/wnpa-sec-2012-23.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"dumpcap-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark-devel-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wireshark1-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark-devel-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwireshark1-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"rawshark-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"tshark-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"wireshark-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"wireshark-tools-1.6.10-0.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0125.NASL
    descriptionFrom Red Hat Security Advisory 2013:0125 : Updated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This update also fixes the following bugs : * When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The
    last seen2020-06-01
    modified2020-06-02
    plugin id68696
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68696
    titleOracle Linux 5 : wireshark (ELSA-2013-0125)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:0125 and 
    # Oracle Linux Security Advisory ELSA-2013-0125 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68696);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2175", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-4285", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291");
      script_bugtraq_id(48066, 49071, 50486, 51368, 51710, 55035);
      script_xref(name:"RHSA", value:"2013:0125");
    
      script_name(english:"Oracle Linux 5 : wireshark (ELSA-2013-0125)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:0125 :
    
    Updated wireshark packages that fix several security issues, three
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    A heap-based buffer overflow flaw was found in the way Wireshark
    handled Endace ERF (Extensible Record Format) capture files. If
    Wireshark opened a specially crafted ERF capture file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2011-4102)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2011-1958,
    CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,
    CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,
    CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)
    
    The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102
    issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security
    Response Team.
    
    This update also fixes the following bugs :
    
    * When Wireshark starts with the X11 protocol being tunneled through
    an SSH connection, it automatically prepares its capture filter to
    omit the SSH packets. If the SSH connection was to a link-local IPv6
    address including an interface name (for example ssh -X
    [ipv6addr]%eth0), Wireshark parsed this address erroneously,
    constructed an incorrect capture filter and refused to capture
    packets. The 'Invalid capture filter' message was displayed. With this
    update, parsing of link-local IPv6 addresses is fixed and Wireshark
    correctly prepares a capture filter to omit SSH packets over a
    link-local IPv6 connection. (BZ#438473)
    
    * Previously, Wireshark's column editing dialog malformed column names
    when they were selected. With this update, the dialog is fixed and no
    longer breaks column names. (BZ#493693)
    
    * Previously, TShark, the console packet analyzer, did not properly
    analyze the exit code of Dumpcap, Wireshark's packet capturing back
    end. As a result, TShark returned exit code 0 when Dumpcap failed to
    parse its command-line arguments. In this update, TShark correctly
    propagates the Dumpcap exit code and returns a non-zero exit code when
    Dumpcap fails. (BZ#580510)
    
    * Previously, the TShark '-s' (snapshot length) option worked only for
    a value greater than 68 bytes. If a lower value was specified, TShark
    captured just 68 bytes of incoming packets. With this update, the '-s'
    option is fixed and sizes lower than 68 bytes work as expected.
    (BZ#580513)
    
    This update also adds the following enhancement :
    
    * In this update, support for the 'NetDump' protocol was added.
    (BZ#484999)
    
    All users of Wireshark are advised to upgrade to these updated
    packages, which contain backported patches to correct these issues and
    add this enhancement. All running instances of Wireshark must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-January/003198.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"wireshark-1.0.15-5.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"wireshark-gnome-1.0.15-5.0.1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12091.NASL
    descriptionUpgrade to wireshark 1.6.10 The following vulnerabilities have been fixed. wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero division. wnpa-sec-2012-15: The XTP dissector could go into an infinite loop. wnpa-sec-2012-17: The AFP dissector could go into a large loop. wnpa-sec-2012-18: The RTPS2 dissector could overflow a buffer. wnpa-sec-2012-20: The CIP dissector could exhaust system memory. wnpa-sec-2012-21: The STUN dissector could crash. wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort. wnpa-sec-2012-23: The CTDB dissector could go into a large loop. See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html for details. The following vulnerabilities have been fixed. wnpa-sec-2012-11: The PPP dissector could crash. wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU. The following vulnerabilities have been fixed. wnpa-sec-2012-11: The PPP dissector could crash. wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-08-28
    plugin id61688
    published2012-08-28
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61688
    titleFedora 17 : wireshark-1.6.10-1.fc17 (2012-12091)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-12091.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61688);
      script_version("1.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-4293", "CVE-2012-4296", "CVE-2012-4297");
      script_bugtraq_id(55035);
      script_xref(name:"FEDORA", value:"2012-12091");
    
      script_name(english:"Fedora 17 : wireshark-1.6.10-1.fc17 (2012-12091)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upgrade to wireshark 1.6.10 The following vulnerabilities have been
    fixed.
    
    wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero
    division. wnpa-sec-2012-15: The XTP dissector could go into an
    infinite loop. wnpa-sec-2012-17: The AFP dissector could go into a
    large loop. wnpa-sec-2012-18: The RTPS2 dissector could overflow a
    buffer. wnpa-sec-2012-20: The CIP dissector could exhaust system
    memory. wnpa-sec-2012-21: The STUN dissector could crash.
    wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort.
    wnpa-sec-2012-23: The CTDB dissector could go into a large loop.
    
    See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html for
    details. The following vulnerabilities have been fixed.
    wnpa-sec-2012-11: The PPP dissector could crash. wnpa-sec-2012-12: The
    NFS dissector could use excessive amounts of CPU. The following
    vulnerabilities have been fixed. wnpa-sec-2012-11: The PPP dissector
    could crash. wnpa-sec-2012-12: The NFS dissector could use excessive
    amounts of CPU.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848541"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848572"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=848578"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/085694.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1da3eaaf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark package."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC17", reference:"wireshark-1.6.10-1.fc17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_WIRESHARK-120831.NASL
    descriptionwireshark was updated to 1.4.15 to fix multiple security issues. Issues fixed : - fix bnc#776038(CVE-2012-4285 / CVE-2012-4288 / CVE-2012-4289 / CVE-2012-4296 / CVE-2012-4291 / CVE-2012-4292 / CVE-2012-4293 / CVE-2012-4290), bnc#772738 (CVE-2012-4048 / CVE-2012-4049)(fixed upstream) - Security fixes : - wnpa-sec-2012-13 The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566) - wnpa-sec-2012-15 The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571) - wnpa-sec-2012-17 The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603) - wnpa-sec-2012-18 The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568) - wnpa-sec-2012-20 The CIP dissector could exhaust system memory. Reported y Ben Schmidt. (Bug 7570) - wnpa-sec-2012-21 The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569) - wnpa-sec-2012-22 The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562) - wnpa-sec-2012-23 The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573) - Bug fixes : - Wireshark crashes on opening very short NFS pcap file. (Bug 7498) - Updated Protocol Support - AFP, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, EtherCAT Mailbox, FC Link Control LISP, NFS, RTPS2, SCTP, STUN, XTP
    last seen2020-06-05
    modified2013-01-25
    plugin id64231
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64231
    titleSuSE 11.2 Security Update : wireshark (SAT Patch Number 6760)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64231);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4048", "CVE-2012-4049", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-4293", "CVE-2012-4296");
    
      script_name(english:"SuSE 11.2 Security Update : wireshark (SAT Patch Number 6760)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "wireshark was updated to 1.4.15 to fix multiple security issues.
    
    Issues fixed :
    
      - fix bnc#776038(CVE-2012-4285 / CVE-2012-4288 /
        CVE-2012-4289 / CVE-2012-4296 / CVE-2012-4291 /
        CVE-2012-4292 / CVE-2012-4293 / CVE-2012-4290),
        bnc#772738 (CVE-2012-4048 / CVE-2012-4049)(fixed
        upstream)
    
      - Security fixes :
    
      - wnpa-sec-2012-13 The DCP ETSI dissector could trigger a
        zero division. Reported by Laurent Butti. (Bug 7566)
    
      - wnpa-sec-2012-15 The XTP dissector could go into an
        infinite loop. Reported by Ben Schmidt. (Bug 7571)
    
      - wnpa-sec-2012-17 The AFP dissector could go into a large
        loop. Reported by Stefan Cornelius. (Bug 7603)
    
      - wnpa-sec-2012-18 The RTPS2 dissector could overflow a
        buffer. Reported by Laurent Butti. (Bug 7568)
    
      - wnpa-sec-2012-20 The CIP dissector could exhaust system
        memory. Reported y Ben Schmidt. (Bug 7570)
    
      - wnpa-sec-2012-21 The STUN dissector could crash.
        Reported by Laurent Butti. (Bug 7569)
    
      - wnpa-sec-2012-22 The EtherCAT Mailbox dissector could
        abort. Reported by Laurent Butti. (Bug 7562)
    
      - wnpa-sec-2012-23 The CTDB dissector could go into a
        large loop. Reported by Ben Schmidt. (Bug 7573)
    
      - Bug fixes :
    
      - Wireshark crashes on opening very short NFS pcap file.
        (Bug 7498)
    
      - Updated Protocol Support
    
      - AFP, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, EtherCAT
        Mailbox, FC Link Control LISP, NFS, RTPS2, SCTP, STUN,
        XTP"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=772738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=776083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4048.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4049.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4285.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4288.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4289.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4290.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4291.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4292.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4293.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4296.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6760.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"wireshark-1.4.15-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"wireshark-1.4.15-0.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"wireshark-1.4.15-0.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1569.NASL
    descriptionUpdated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id71005
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71005
    titleRHEL 6 : wireshark (RHSA-2013:1569)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1569. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71005);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2012-2392", "CVE-2012-3825", "CVE-2012-4285", "CVE-2012-4288", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291", "CVE-2012-4292", "CVE-2012-6056", "CVE-2012-6059", "CVE-2012-6060", "CVE-2012-6061", "CVE-2012-6062", "CVE-2013-3557", "CVE-2013-3559", "CVE-2013-3561", "CVE-2013-4081", "CVE-2013-4083", "CVE-2013-4927", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935", "CVE-2013-4936", "CVE-2013-5721");
      script_bugtraq_id(53651, 55035, 56729, 59995, 59996, 60001, 60002, 60021, 60504, 60505, 61471, 62320, 62868);
      script_xref(name:"RHSA", value:"2013:1569");
    
      script_name(english:"RHEL 6 : wireshark (RHSA-2013:1569)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wireshark packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Wireshark, previously known as Ethereal, is a network protocol
    analyzer. It is used to capture and browse the traffic running on a
    computer network.
    
    Two flaws were found in Wireshark. If Wireshark read a malformed
    packet off a network or opened a malicious dump file, it could crash
    or, possibly, execute arbitrary code as the user running Wireshark.
    (CVE-2013-3559, CVE-2013-4083)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malicious dump file. (CVE-2012-2392,
    CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289,
    CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595,
    CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600,
    CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061,
    CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081,
    CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933,
    CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)
    
    The wireshark packages have been upgraded to upstream version 1.8.10,
    which provides a number of bug fixes and enhancements over the
    previous versions. For more information on the bugs fixed,
    enhancements included, and supported protocols introduced, refer to
    the Wireshark Release Notes, linked to in the References. (BZ#711024)
    
    This update also fixes the following bugs :
    
    * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when
    inspecting traffic generated by NFSv4.1. A patch has been provided to
    enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is
    now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)
    
    * Prior to this update, frame arrival times in a text file were
    reported one hour ahead from the timestamps in the packet capture
    file. This resulted in various failures being reported by the
    dfilter-test.py test suite. To fix this bug, frame arrival timestamps
    have been shifted by one hour, thus fixing this bug. (BZ#832021)
    
    * The 'tshark -D' command returned output to STDERR instead of STDOUT,
    which could break scripts that are parsing the 'tshark -D' output.
    This bug has been fixed, and the 'tshark -D' command now writes output
    data to a correct standard stream. (BZ#1004636)
    
    * Due to an array overrun, Wireshark could experience undefined
    program behavior or could unexpectedly terminate. With this update,
    proper array handling ensures Wireshark no longer crashes in the
    described scenario. (BZ#715560)
    
    * Previously, the dftest and randpkt command line utilities lacked
    manual pages. This update adds proper manual pages for both utilities.
    (BZ#659661)
    
    In addition, this update adds the following enhancements :
    
    * With this update, Wireshark is able to properly dissect and handle
    InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)
    
    All Wireshark users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. All running instances of Wireshark must be restarted for
    the update to take effect."
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html"
      );
      # http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1569"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-2392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-5598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4931"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-3561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4936"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1569";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"wireshark-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"wireshark-debuginfo-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"wireshark-devel-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"wireshark-gnome-1.8.10-4.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12085.NASL
    descriptionUpgrade to wireshark 1.6.10 The following vulnerabilities have been fixed. wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero division. wnpa-sec-2012-15: The XTP dissector could go into an infinite loop. wnpa-sec-2012-17: The AFP dissector could go into a large loop. wnpa-sec-2012-18: The RTPS2 dissector could overflow a buffer. wnpa-sec-2012-20: The CIP dissector could exhaust system memory. wnpa-sec-2012-21: The STUN dissector could crash. wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort. wnpa-sec-2012-23: The CTDB dissector could go into a large loop. See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html for details. The following vulnerabilities have been fixed. wnpa-sec-2012-11: The PPP dissector could crash. wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU. The following vulnerabilities have been fixed. wnpa-sec-2012-11: The PPP dissector could crash. wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-08-28
    plugin id61687
    published2012-08-28
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61687
    titleFedora 16 : wireshark-1.6.10-1.fc16 (2012-12085)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0125.NASL
    descriptionUpdated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This update also fixes the following bugs : * When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The
    last seen2020-06-01
    modified2020-06-02
    plugin id63408
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63408
    titleRHEL 5 : wireshark (RHSA-2013:0125)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WIRESHARK-8267.NASL
    descriptionwireshark was updated to 1.4.15 to fix multiple security issues. Issues fixed : - fix bnc#776038(CVE-2012-4285 / CVE-2012-4288 / CVE-2012-4289 / CVE-2012-4296 / CVE-2012-4291 / CVE-2012-4292 / CVE-2012-4293 / CVE-2012-4290), bnc#772738 (CVE-2012-4048 / CVE-2012-4049)(fixed upstream) - Security fixes: o wnpa-sec-2012-13 The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566) o wnpa-sec-2012-15 The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571) o wnpa-sec-2012-17 The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603) o wnpa-sec-2012-18 The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568) o wnpa-sec-2012-20 The CIP dissector could exhaust system memory. Reported y Ben Schmidt. (Bug 7570) o wnpa-sec-2012-21 The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569) o wnpa-sec-2012-22 The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562) o wnpa-sec-2012-23 The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573) - Bug fixes: o Wireshark crashes on opening very short NFS pcap file. (Bug 7498) - Updated Protocol Support o AFP, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, EtherCAT Mailbox, FC Link Control LISP, NFS, RTPS2, SCTP, STUN, XTP
    last seen2020-06-05
    modified2012-09-14
    plugin id62097
    published2012-09-14
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62097
    titleSuSE 10 Security Update : wireshark (ZYPP Patch Number 8267)
  • NASL familyWindows
    NASL idWIRESHARK_1_8_2.NASL
    descriptionThe installed version of Wireshark is 1.8.x before 1.8.2. This version is affected by the following vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id61573
    published2012-08-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61573
    titleWireshark 1.8.x < 1.8.2 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1569.NASL
    descriptionFrom Red Hat Security Advisory 2013:1569 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs : * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The
    last seen2020-06-01
    modified2020-06-02
    plugin id71105
    published2013-11-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71105
    titleOracle Linux 6 : wireshark (ELSA-2013-1569)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130108_WIRESHARK_ON_SL5_X.NASL
    descriptionA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially- crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) This update also fixes the following bugs : - When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The
    last seen2020-03-18
    modified2013-01-17
    plugin id63606
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63606
    titleScientific Linux Security Update : wireshark on SL5.x i386/x86_64 (20130108)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-251.NASL
    descriptionTwo flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559 , CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392 , CVE-2012-3825 , CVE-2012-4285 , CVE-2012-4288 , CVE-2012-4289 , CVE-2012-4290 , CVE-2012-4291 , CVE-2012-4292 , CVE-2012-5595 , CVE-2012-5597 , CVE-2012-5598 , CVE-2012-5599 , CVE-2012-5600 , CVE-2012-6056 , CVE-2012-6059 , CVE-2012-6060 , CVE-2012-6061 , CVE-2012-6062 , CVE-2013-3557 , CVE-2013-3561 , CVE-2013-4081 , CVE-2013-4927 , CVE-2013-4931 , CVE-2013-4932 , CVE-2013-4933 , CVE-2013-4934 , CVE-2013-4935 , CVE-2013-4936 , CVE-2013-5721)
    last seen2020-06-01
    modified2020-06-02
    plugin id71268
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71268
    titleAmazon Linux AMI : wireshark (ALAS-2013-251)
  • NASL familyWindows
    NASL idWIRESHARK_1_6_10.NASL
    descriptionThe installed version of Wireshark is 1.6.x before 1.6.10. This version is affected by the following vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id61572
    published2012-08-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61572
    titleWireshark 1.6.x < 1.6.10 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0125.NASL
    descriptionUpdated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This update also fixes the following bugs : * When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The
    last seen2020-06-01
    modified2020-06-02
    plugin id63570
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63570
    titleCentOS 5 : wireshark (CESA-2013:0125)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-540.NASL
    descriptionWireshark was updated to 1.8.2 : - The DCP ETSI dissector could trigger a zero division. (wnpa-sec-2012-13 CVE-2012-4285) - The MongoDB dissector could go into a large loop. (wnpa-sec-2012-14 CVE-2012-4287) - The XTP dissector could go into an infinite loop. (wnpa-sec-2012-15 CVE-2012-4288) - The ERF dissector could overflow a buffer. (wnpa-sec-2012-16 CVE-2012-4294 CVE-2012-4295) - The AFP dissector could go into a large loop. (wnpa-sec-2012-17 CVE-2012-4289) - The RTPS2 dissector could overflow a buffer. (wnpa-sec-2012-18 CVE-2012-4296) - The GSM RLC MAC dissector could overflow a buffer. (wnpa-sec-2012-19 CVE-2012-4297) - The CIP dissector could exhaust system memory. (wnpa-sec-2012-20 CVE-2012-4291) - The STUN dissector could crash. (wnpa-sec-2012-21 CVE-2012-4292) - The EtherCAT Mailbox dissector could abort. (wnpa-sec-2012-22 CVE-2012-4293) - The CTDB dissector could go into a large loop. (wnpa-sec-2012-23 CVE-2012-4290) - The pcap-ng file parser could trigger a zero division. (wnpa-sec-2012-24 CVE-2012-4286) - The Ixia IxVeriWave file parser could overflow a buffer. (wnpa-sec-2012-25 CVE-2012-4298) Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.h tml
    last seen2020-06-05
    modified2014-06-13
    plugin id74732
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74732
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2012:1067-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_WIRESHARK_20121120.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. (CVE-2012-4285) - The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. (CVE-2012-4286) - epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. (CVE-2012-4287) - Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/ packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. (CVE-2012-4288) - epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. (CVE-2012-4289) - The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. (CVE-2012-4290) - The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. (CVE-2012-4291) - The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2012-4292) - plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. (CVE-2012-4293) - Buffer overflow in the channelised_fill_sdh_g707_format function in epan/ dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. (CVE-2012-4294) - Array index error in the channelised_fill_sdh_g707_format function in epan/ dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. (CVE-2012-4295) - Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. (CVE-2012-4296) - Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/ packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. (CVE-2012-4297) - Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/ vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. (CVE-2012-4298)
    last seen2020-06-01
    modified2020-06-02
    plugin id80804
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80804
    titleOracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark3)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131121_WIRESHARK_ON_SL6_X.NASL
    descriptionTwo flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes. This update also fixes the following bugs : - Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. - Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. - The
    last seen2020-03-18
    modified2013-12-10
    plugin id71301
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71301
    titleScientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20131121)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201308-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69500
    published2013-08-29
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69500
    titleGLSA-201308-05 : Wireshark: Multiple vulnerabilities
  • NASL familyWindows
    NASL idWIRESHARK_1_4_15.NASL
    descriptionThe installed version of Wireshark is 1.4.x before 1.4.15. This version is affected by the following vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id61571
    published2012-08-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61571
    titleWireshark 1.4.x < 1.4.15 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4CDFE875E8D611E1BEA0002354ED89BC.NASL
    descriptionWireshark reports : It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. The PPP dissector could crash. The NFS dissector could use excessive amounts of CPU. The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The ERF dissector could overflow a buffer. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. The pcap-ng file parser could trigger a zero division. The Ixia IxVeriWave file parser could overflow a buffer.
    last seen2020-06-01
    modified2020-06-02
    plugin id61588
    published2012-08-20
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61588
    titleFreeBSD : Wireshark -- Multiple vulnerabilities (4cdfe875-e8d6-11e1-bea0-002354ed89bc)

Oval

accepted2013-08-19T04:01:21.927-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionThe CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
familywindows
idoval:org.mitre.oval:def:15813
statusaccepted
submitted2012-08-17T09:36:38.717-04:00
titleThe CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet
version7

Redhat

advisories
bugzilla
id848578
titleCVE-2012-4290 wireshark: DoS via excessive CPU consumption in CTDB dissector (wnpa-sec-2012-23)
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentwireshark-gnome is earlier than 0:1.0.15-5.el5
          ovaloval:com.redhat.rhsa:tst:20130125001
        • commentwireshark-gnome is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070066007
      • AND
        • commentwireshark is earlier than 0:1.0.15-5.el5
          ovaloval:com.redhat.rhsa:tst:20130125003
        • commentwireshark is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070066009
rhsa
idRHSA-2013:0125
released2013-01-08
severityModerate
titleRHSA-2013:0125: wireshark security, bug fix, and enhancement update (Moderate)
rpms
  • wireshark-0:1.0.15-5.el5
  • wireshark-debuginfo-0:1.0.15-5.el5
  • wireshark-gnome-0:1.0.15-5.el5
  • wireshark-0:1.8.10-4.el6
  • wireshark-debuginfo-0:1.8.10-4.el6
  • wireshark-devel-0:1.8.10-4.el6
  • wireshark-gnome-0:1.8.10-4.el6