Vulnerabilities > CVE-2012-5238 - Unspecified vulnerability in Wireshark 1.8.0/1.8.1/1.8.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN wireshark
nessus
Summary
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Windows NASL id WIRESHARK_1_8_3.NASL description The installed version of Wireshark 1.8 is earlier than 1.8.3. It thus is affected by the following vulnerabilities : - A malformed packet can cause the last seen 2020-06-01 modified 2020-06-02 plugin id 62478 published 2012-10-10 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62478 title Wireshark 1.8.x < 1.8.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62478); script_version("1.7"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-3548", "CVE-2012-5237", "CVE-2012-5238", "CVE-2012-5240" ); script_bugtraq_id(55284, 55754); script_name(english:"Wireshark 1.8.x < 1.8.3 Multiple Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Wireshark 1.8 is earlier than 1.8.3. It thus is affected by the following vulnerabilities : - A malformed packet can cause the 'DRDA' and 'HSRP' dissectors to enter an infinite loop, thereby consuming excessive CPU resources. (CVE-2012-3548, CVE-2012-5237) - A malformed packet can cause the 'PPP' dissector to crash the application. (CVE-2012-5238) - A malformed packet can trigger a buffer overflow in the 'LDP' dissector, which results in an application crash. (CVE-2012-5240)"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-26.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-27.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-28.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/security/wnpa-sec-2012-29.html"); script_set_attribute(attribute:"see_also", value:"http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Wireshark version 1.8.3 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5240"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each install. installs = get_kb_list_or_exit("SMB/Wireshark/*"); info = ''; info2 = ''; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; if (version =~ "^1\.8\.[0-2]($|[^0-9])") info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.8.3\n'; else info2 += 'Version ' + version + ', under ' + installs[install] + ' '; } # Remove trailing space on info2 if (strlen(info2) > 1) info2 = substr(info2, 0, strlen(info2) -2); # Report if any were found to be vulnerable if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark are"; else s = " of Wireshark is"; report = '\n' + 'The following vulnerable instance' + s + ' installed :\n' + '\n' + info; security_warning(port:get_kb_item("SMB/transport"), extra:report); } else security_warning(get_kb_item("SMB/transport")); exit(0); } if (info2) exit(0, "The following installed instance(s) of Wireshark are not affected : " + info2 + ".");NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20130129.NASL description The remote Solaris system is missing necessary patches to address security updates : - The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. (CVE-2012-3548) - The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. (CVE-2012-5237) - epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. (CVE-2012-5238) - Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. (CVE-2012-5240) last seen 2020-06-01 modified 2020-06-02 plugin id 80805 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80805 title Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark4) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80805); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-3548", "CVE-2012-5237", "CVE-2012-5238", "CVE-2012-5239", "CVE-2012-5240"); script_name(english:"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark4)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. (CVE-2012-3548) - The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. (CVE-2012-5237) - epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. (CVE-2012-5238) - Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. (CVE-2012-5240)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ccbc2d4" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.3.4."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:wireshark"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^wireshark$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.3.0.4.0", sru:"SRU 11.1.3.4.0") > 0) flag++; if (flag) { error_extra = 'Affected package : wireshark\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "wireshark");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A77064141BE711E29AAD902B343DEEC9.NASL description Wireshark reports : The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector. last seen 2020-06-01 modified 2020-06-02 plugin id 62649 published 2012-10-22 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62649 title FreeBSD : Wireshark -- Multiple Vulnerabilities (a7706414-1be7-11e2-9aad-902b343deec9) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(62649); script_version("1.7"); script_cvs_date("Date: 2018/11/23 12:49:57"); script_cve_id("CVE-2012-3548", "CVE-2012-5237", "CVE-2012-5238", "CVE-2012-5240"); script_name(english:"FreeBSD : Wireshark -- Multiple Vulnerabilities (a7706414-1be7-11e2-9aad-902b343deec9)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Wireshark reports : The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector." ); # http://www.wireshark.org/security/wnpa-sec-2012-26.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2012-26.html" ); # http://www.wireshark.org/security/wnpa-sec-2012-27.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2012-27.html" ); # http://www.wireshark.org/security/wnpa-sec-2012-28.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2012-28.html" ); # http://www.wireshark.org/security/wnpa-sec-2012-29.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2012-29.html" ); # http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html" ); # https://vuxml.freebsd.org/freebsd/a7706414-1be7-11e2-9aad-902b343deec9.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?07104c74" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tshark-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:wireshark-lite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"wireshark<=1.8.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"wireshark-lite<=1.8.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"tshark<=1.8.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"tshark-lite<=1.8.2_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2013-08-19T04:01:12.694-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:15593 | ||||||||
| status | accepted | ||||||||
| submitted | 2012-10-09T15:58:55.334-04:00 | ||||||||
| title | epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data | ||||||||
| version | 7 |
References
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688
- http://osvdb.org/85883
- http://osvdb.org/85883
- http://www.securityfocus.com/bid/55754
- http://www.securityfocus.com/bid/55754
- http://www.securitytracker.com/id?1027604
- http://www.securitytracker.com/id?1027604
- http://www.wireshark.org/security/wnpa-sec-2012-27.html
- http://www.wireshark.org/security/wnpa-sec-2012-27.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593