Vulnerabilities > CVE-2013-5722 - Denial of Service vulnerability in Wireshark LDAP Dissector

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
wireshark
nessus

Summary

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-238.NASL
    descriptionMultiple vulnerabilities was found and corrected in Wireshark : The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5718). epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-5719). Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5720). The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5721). Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5722). This advisory provides the latest supported version of Wireshark (1.8.10) which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id70004
    published2013-09-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70004
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2013:238)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:238. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70004);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-5718", "CVE-2013-5719", "CVE-2013-5720", "CVE-2013-5721", "CVE-2013-5722");
      script_bugtraq_id(62315, 62318, 62319, 62320, 62321);
      script_xref(name:"MDVSA", value:"2013:238");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:238)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities was found and corrected in Wireshark :
    
    The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in
    the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before
    1.10.2 does not restrict the dch_id value, which allows remote
    attackers to cause a denial of service (application crash) via a
    crafted packet (CVE-2013-5718).
    
    epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark
    1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers
    to cause a denial of service (infinite loop) via a crafted packet
    (CVE-2013-5719).
    
    Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10
    and 1.10.x before 1.10.2 allows remote attackers to cause a denial of
    service (application crash) via a crafted packet (CVE-2013-5720).
    
    The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ
    dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
    does not properly determine when to enter a certain loop, which allows
    remote attackers to cause a denial of service (application crash) via
    a crafted packet (CVE-2013-5721).
    
    Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x
    before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to
    cause a denial of service (application crash) via a crafted packet
    (CVE-2013-5722).
    
    This advisory provides the latest supported version of Wireshark
    (1.8.10) which is not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2013-55.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2013-56.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2013-57.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2013-58.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2013-59.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dumpcap-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark-devel-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wireshark2-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rawshark-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tshark-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-1.8.10-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"wireshark-tools-1.8.10-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2756.NASL
    descriptionMultiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code.
    last seen2020-03-17
    modified2013-09-14
    plugin id69885
    published2013-09-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69885
    titleDebian DSA-2756-1 : wireshark - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2756. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69885);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-5718", "CVE-2013-5720", "CVE-2013-5722");
      script_bugtraq_id(62315, 62319, 62321);
      script_xref(name:"DSA", value:"2756");
    
      script_name(english:"Debian DSA-2756-1 : wireshark - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities were discovered in the dissectors for LDAP,
    RTPS and NBAP and in the Netmon file parser, which could result in
    denial of service or the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/wireshark"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/wireshark"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2756"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the wireshark packages.
    
    For the oldstable distribution (squeeze), these problems have been
    fixed in version 1.2.11-6+squeeze12.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 1.8.2-5wheezy6."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"tshark", reference:"1.2.11-6+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"wireshark", reference:"1.2.11-6+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"wireshark-common", reference:"1.2.11-6+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"wireshark-dbg", reference:"1.2.11-6+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"wireshark-dev", reference:"1.2.11-6+squeeze12")) flag++;
    if (deb_check(release:"7.0", prefix:"libwireshark-data", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwireshark-dev", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwireshark2", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwiretap-dev", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwiretap2", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwsutil-dev", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"libwsutil2", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"tshark", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"wireshark", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"wireshark-common", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"wireshark-dbg", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"wireshark-dev", reference:"1.8.2-5wheezy6")) flag++;
    if (deb_check(release:"7.0", prefix:"wireshark-doc", reference:"1.8.2-5wheezy6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_WIRESHARK_20131210.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. (CVE-2013-5717) - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5718) - epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2013-5719) - Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5720) - The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5721) - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5722)
    last seen2020-06-01
    modified2020-06-02
    plugin id80809
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80809
    titleOracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80809);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2013-5717", "CVE-2013-5718", "CVE-2013-5719", "CVE-2013-5720", "CVE-2013-5721", "CVE-2013-5722");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - The Bluetooth HCI ACL dissector in Wireshark 1.10.x
        before 1.10.2 does not properly maintain a certain free
        list, which allows remote attackers to cause a denial of
        service (application crash) via a crafted packet that is
        not properly handled by the wmem_block_alloc function in
        epan/wmem/wmem_allocator_block.c. (CVE-2013-5717)
    
      - The dissect_nbap_T_dCH_ID function in
        epan/dissectors/packet-nbap.c in the NBAP dissector in
        Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
        does not restrict the dch_id value, which allows remote
        attackers to cause a denial of service (application
        crash) via a crafted packet. (CVE-2013-5718)
    
      - epan/dissectors/packet-assa_r3.c in the ASSA R3
        dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x
        before 1.10.2 allows remote attackers to cause a denial
        of service (infinite loop) via a crafted packet.
        (CVE-2013-5719)
    
      - Buffer overflow in the RTPS dissector in Wireshark 1.8.x
        before 1.8.10 and 1.10.x before 1.10.2 allows remote
        attackers to cause a denial of service (application
        crash) via a crafted packet. (CVE-2013-5720)
    
      - The dissect_mq_rr function in
        epan/dissectors/packet-mq.c in the MQ dissector in
        Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
        does not properly determine when to enter a certain
        loop, which allows remote attackers to cause a denial of
        service (application crash) via a crafted packet.
        (CVE-2013-5721)
    
      - Unspecified vulnerability in the LDAP dissector in
        Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
        allows remote attackers to cause a denial of service
        (application crash) via a crafted packet.
        (CVE-2013-5722)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6ccbc2d4"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.13.6.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:wireshark");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^wireshark$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.1.13.0.6.0", sru:"SRU 11.1.13.6.0") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : wireshark\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "wireshark");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-13 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71488
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71488
    titleGLSA-201312-13 : Wireshark: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201312-13.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71488);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2013-5717", "CVE-2013-5718", "CVE-2013-5719", "CVE-2013-5720", "CVE-2013-5721", "CVE-2013-5722", "CVE-2013-6336", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-6339", "CVE-2013-6340");
      script_bugtraq_id(62315, 62318, 62319, 62320, 62321, 62322, 63500, 63501, 63502, 63503, 63504);
      script_xref(name:"GLSA", value:"201312-13");
    
      script_name(english:"GLSA-201312-13 : Wireshark: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201312-13
    (Wireshark: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Wireshark. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly execute arbitrary code with the
          privileges of the process or cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201312-13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Wireshark 1.10 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.10.3'
        All Wireshark 1.8 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.8.11'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("ge 1.10.3", "rge 1.8.11"), vulnerable:make_list("lt 1.10.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark");
    }
    
  • NASL familyWindows
    NASL idWIRESHARK_1_10_2.NASL
    descriptionThe installed version of Wireshark 1.10 is earlier than 1.10.2. It is, therefore, affected by denial of service vulnerabilities in the following dissectors : - Bluetooth HCI ACL (Bug #8722) - NBAP (Bug #9005) - NBAP (Bug #9005) - ASSA R3 (Bug #9020) - RTPS (Bug #9019) - MQ (Bug #9079) - LDAP (No bug ID) - Netmon file parser (Bug #8742)
    last seen2020-06-01
    modified2020-06-02
    plugin id69881
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69881
    titleWireshark 1.10.x < 1.10.2 Multiple DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69881);
      script_version("1.10");
      script_cvs_date("Date: 2018/11/15 20:50:29");
    
      script_cve_id(
        "CVE-2013-4933",
        "CVE-2013-5717",
        "CVE-2013-5718",
        "CVE-2013-5719",
        "CVE-2013-5720",
        "CVE-2013-5721",
        "CVE-2013-5722"
      );
      script_bugtraq_id(61471, 62315, 62318, 62319, 62320, 62321, 62322, 62868);
    
      script_name(english:"Wireshark 1.10.x < 1.10.2 Multiple DoS");
      script_summary(english:"Does a version check");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains an application that is affected by
    multiple denial of service vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Wireshark 1.10 is earlier than 1.10.2.  It is,
    therefore, affected by denial of service vulnerabilities in the
    following dissectors :
    
      - Bluetooth HCI ACL (Bug #8722)
      - NBAP (Bug #9005)
      - NBAP (Bug #9005)
      - ASSA R3 (Bug #9020)
      - RTPS (Bug #9019)
      - MQ (Bug #9079)
      - LDAP (No bug ID)
      - Netmon file parser (Bug #8742)");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-54.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-55.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-56.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-57.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-58.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-59.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-60.html");
    
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Wireshark version 1.10.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("wireshark_installed.nasl");
      script_require_keys("SMB/Wireshark/Installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each install.
    installs = get_kb_list_or_exit("SMB/Wireshark/*");
    
    info  = '';
    info2 = '';
    
    foreach install(keys(installs))
    {
      if ("/Installed" >< install) continue;
    
      version = install - "SMB/Wireshark/";
    
      if (version =~ "^1\.10\.[01]($|[^0-9])")
        info +=
          '\n  Path              : ' + installs[install] +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 1.10.2\n';
      else
        info2 += 'Version ' + version + ', under ' + installs[install] + ' ';
    }
    
    # Remove trailing space on info2
    if (strlen(info2) > 1)
      info2 = substr(info2, 0, strlen(info2) -2);
    
    # Report if any were found to be vulnerable
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (max_index(split(info)) > 4) s = "s of Wireshark are";
        else s = " of Wireshark is";
    
        report =
          '\n' + 'The following vulnerable instance' + s + ' installed :' +
          '\n' +
          info;
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    if (info2) exit(0, "The following installed instance(s) of Wireshark are not affected : " + info2 + ".");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-714.NASL
    descriptionThis wireshark update to 1.8.10 fixes several security and non security bugs. [bnc#839607] + vulnerabilities fixed : - The NBAP dissector could crash. wnpa-sec-2013-55 CVE-2013-5718 - The ASSA R3 dissector could go into an infinite loop. wnpa-sec-2013-56 CVE-2013-5719 - The RTPS dissector could overflow a buffer. wnpa-sec-2013-57 CVE-2013-5720 - The MQ dissector could crash. wnpa-sec-2013-58 CVE-2013-5721 - The LDAP dissector could crash. wnpa-sec-2013-59 CVE-2013-5722 - The Netmon file parser could crash. wnpa-sec-2013-60 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.10 .html
    last seen2020-06-05
    modified2014-06-13
    plugin id75145
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75145
    titleopenSUSE Security Update : wireshark (openSUSE-SU-2013:1481-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-714.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75145);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-5718", "CVE-2013-5719", "CVE-2013-5720", "CVE-2013-5721", "CVE-2013-5722");
    
      script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2013:1481-1)");
      script_summary(english:"Check for the openSUSE-2013-714 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This wireshark update to 1.8.10 fixes several security and non
    security bugs. [bnc#839607]
    
      + vulnerabilities fixed :
    
      - The NBAP dissector could crash. wnpa-sec-2013-55
        CVE-2013-5718
    
      - The ASSA R3 dissector could go into an infinite loop.
        wnpa-sec-2013-56 CVE-2013-5719
    
      - The RTPS dissector could overflow a buffer.
        wnpa-sec-2013-57 CVE-2013-5720
    
      - The MQ dissector could crash. wnpa-sec-2013-58
        CVE-2013-5721
    
      - The LDAP dissector could crash. wnpa-sec-2013-59
        CVE-2013-5722
    
      - The Netmon file parser could crash. wnpa-sec-2013-60
    
      + Further bug fixes and updated protocol support as listed
        in:
        https://www.wireshark.org/docs/relnotes/wireshark-1.8.10
        .html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=839607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"wireshark-1.8.10-1.39.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"wireshark-debuginfo-1.8.10-1.39.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"wireshark-debugsource-1.8.10-1.39.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"wireshark-devel-1.8.10-1.39.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"wireshark-1.8.10-1.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"wireshark-debuginfo-1.8.10-1.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"wireshark-debugsource-1.8.10-1.20.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"wireshark-devel-1.8.10-1.20.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-debugsource / etc");
    }
    
  • NASL familyWindows
    NASL idWIRESHARK_1_8_10.NASL
    descriptionThe installed version of Wireshark 1.8 is earlier than 1.8.10. It is, therefore, affected by denial of service vulnerabilities in the following dissectors : - NBAP (Bug #9005) - ASSA R3 (Bug #9020) - RTPS (Bug #9019) - MQ (Bug #9079) - LDAP (No bug ID) - Netmon file parser (Bug #8742)
    last seen2020-06-01
    modified2020-06-02
    plugin id69880
    published2013-09-13
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69880
    titleWireshark 1.8.x < 1.8.10 Multiple DoS

Oval

accepted2013-10-28T04:00:47.649-04:00
classvulnerability
contributors
nameShane Shaffer
organizationG2, Inc.
definition_extensions
commentWireshark is installed on the system.
ovaloval:org.mitre.oval:def:6589
descriptionUnspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
familywindows
idoval:org.mitre.oval:def:18958
statusaccepted
submitted2013-09-16T15:26:44.463-04:00
titleUnspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
version5