Vulnerabilities > CVE-2014-2907 - Unspecified vulnerability in Wireshark
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN wireshark
nessus
Summary
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-33.NASL description The remote host is affected by the vulnerability described in GLSA-201406-33 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary code execution or a Denial of Service condition via a specially crafted packet. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76304 published 2014-06-30 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76304 title GLSA-201406-33 : Wireshark: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201406-33. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(76304); script_version("1.7"); script_cvs_date("Date: 2018/09/27 11:15:33"); script_cve_id("CVE-2014-2281", "CVE-2014-2282", "CVE-2014-2283", "CVE-2014-2299", "CVE-2014-2907", "CVE-2014-4020", "CVE-2014-4174"); script_bugtraq_id(66066, 66068, 66070, 66072, 66755, 67046, 68044); script_xref(name:"GLSA", value:"201406-33"); script_name(english:"GLSA-201406-33 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201406-33 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary code execution or a Denial of Service condition via a specially crafted packet. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201406-33" ); script_set_attribute( attribute:"solution", value: "All Wireshark 1.8.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.8.15' All Wireshark 1.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.10.8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("rge 1.8.15", "ge 1.10.8"), vulnerable:make_list("lt 1.10.8"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5514.NASL description Ver. 1.10.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-25 plugin id 73704 published 2014-04-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73704 title Fedora 20 : wireshark-1.10.7-1.fc20 (2014-5514) NASL family Windows NASL id WIRESHARK_1_10_7.NASL description The installed version of Wireshark 1.10.x is a version prior to 1.10.7. It is, therefore, affected by a denial of service vulnerability. A flaw exists with the RTP dissector when handling a malformed packet that could allow a remote attacker to crash Wireshark. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 73864 published 2014-05-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73864 title Wireshark 1.10.x < 1.10.7 DoS NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-343.NASL description This wireshark update to version 1.10.7 fixes the following security issue : - bnc#874760: Fixed RTP dissector vulnerabilities (CVE-2014-2907). - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.7 .html last seen 2020-06-05 modified 2014-06-13 plugin id 75347 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75347 title openSUSE Security Update : wireshark (openSUSE-SU-2014:0612-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2014-2907) last seen 2020-06-01 modified 2020-06-02 plugin id 80813 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80813 title Oracle Solaris Third-Party Patch Update : wireshark (cve_2014_2907_denial_of)
References
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00022.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00022.html
- http://www.wireshark.org/security/wnpa-sec-2014-06.html
- http://www.wireshark.org/security/wnpa-sec-2014-06.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7