Vulnerabilities > CVE-2014-4020 - Numeric Errors vulnerability in Wireshark
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-33.NASL description The remote host is affected by the vulnerability described in GLSA-201406-33 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary code execution or a Denial of Service condition via a specially crafted packet. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76304 published 2014-06-30 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76304 title GLSA-201406-33 : Wireshark: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201406-33. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(76304); script_version("1.7"); script_cvs_date("Date: 2018/09/27 11:15:33"); script_cve_id("CVE-2014-2281", "CVE-2014-2282", "CVE-2014-2283", "CVE-2014-2299", "CVE-2014-2907", "CVE-2014-4020", "CVE-2014-4174"); script_bugtraq_id(66066, 66068, 66070, 66072, 66755, 67046, 68044); script_xref(name:"GLSA", value:"201406-33"); script_name(english:"GLSA-201406-33 : Wireshark: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201406-33 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary code execution or a Denial of Service condition via a specially crafted packet. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201406-33" ); script_set_attribute( attribute:"solution", value: "All Wireshark 1.8.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.8.15' All Wireshark 1.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.10.8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wireshark"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/wireshark", unaffected:make_list("rge 1.8.15", "ge 1.10.8"), vulnerable:make_list("lt 1.10.8"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Wireshark"); }NASL family Windows NASL id WIRESHARK_1_10_8.NASL description The installed version of Wireshark 1.10.x is a version prior to 1.10.8. It is, therefore, affected by a denial of service vulnerability. A flaw exists with the Metadissector dissector when handling a malformed packet that could allow a remote attacker to crash Wireshark. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 76150 published 2014-06-19 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76150 title Wireshark 1.10.x < 1.10.8 Metadissector DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76150); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2014-4020"); script_bugtraq_id(68044); script_name(english:"Wireshark 1.10.x < 1.10.8 Metadissector DoS"); script_summary(english:"Does a version check"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The installed version of Wireshark 1.10.x is a version prior to 1.10.8. It is, therefore, affected by a denial of service vulnerability. A flaw exists with the Metadissector dissector when handling a malformed packet that could allow a remote attacker to crash Wireshark. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2014-07.html"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.10.8.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Wireshark version 1.10.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("wireshark_installed.nasl"); script_require_keys("SMB/Wireshark/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each install. installs = get_kb_list_or_exit("SMB/Wireshark/*"); info = ''; info2 = ''; foreach install(keys(installs)) { if ("/Installed" >< install) continue; version = install - "SMB/Wireshark/"; if (version =~ "^1\.10\.[0-7]($|[^0-9])") info += '\n Path : ' + installs[install] + '\n Installed version : ' + version + '\n Fixed version : 1.10.8\n'; else info2 += 'Version ' + version + ', under ' + installs[install] + ' '; } # Remove trailing space on info2 if (strlen(info2) > 1) info2 = substr(info2, 0, strlen(info2) -2); # Report if any were found to be vulnerable if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (max_index(split(info)) > 4) s = "s of Wireshark are"; else s = " of Wireshark is"; report = '\n' + 'The following vulnerable instance' + s + ' installed :' + '\n' + info; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } if (info2) exit(0, "The following installed instance(s) of Wireshark are not affected : " + info2 + ".");NASL family Fedora Local Security Checks NASL id FEDORA_2014-7359.NASL description fix frame metadissector Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-25 plugin id 76209 published 2014-06-25 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76209 title Fedora 20 : wireshark-1.10.7-3.fc20 (2014-7359) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-440.NASL description wireshark was updated to version 1.10.8 to fix a possible DoS in the frame metadissector (CVE-2014-4020). last seen 2020-06-05 modified 2014-06-25 plugin id 76211 published 2014-06-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76211 title openSUSE Security Update : wireshark (openSUSE-SU-2014:0836-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_WIRESHARK_20140819.NASL description The remote Solaris system is missing necessary patches to address security updates : - The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2014-4020) last seen 2020-06-01 modified 2020-06-02 plugin id 80814 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80814 title Oracle Solaris Third-Party Patch Update : wireshark (cve_2014_4020_numeric_errors)
References
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999
- http://www.wireshark.org/security/wnpa-sec-2014-07.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00049.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=beb119f911a698d44f4baa06d888bb1e775983bc