Vulnerabilities > CVE-2015-2189 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-226.NASL description Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13 : - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.1 3.html The following security issues were fixed in 1.12.4 : - The following security issues were fixed : - The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4 .html last seen 2020-06-05 modified 2015-03-17 plugin id 81869 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81869 title openSUSE Security Update : wireshark (openSUSE-2015-226) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-226. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(81869); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2187", "CVE-2015-2188", "CVE-2015-2189", "CVE-2015-2190", "CVE-2015-2191", "CVE-2015-2192"); script_name(english:"openSUSE Security Update : wireshark (openSUSE-2015-226)"); script_summary(english:"Check for the openSUSE-2015-226 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13 : - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.1 3.html The following security issues were fixed in 1.12.4 : - The following security issues were fixed : - The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4 .html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920697" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920698" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920699" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920700" ); script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html" ); script_set_attribute( attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html" ); script_set_attribute( attribute:"solution", value:"Update the affected wireshark packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"wireshark-1.10.13-36.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"wireshark-debuginfo-1.10.13-36.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"wireshark-debugsource-1.10.13-36.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"wireshark-devel-1.10.13-36.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-debuginfo-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-debugsource-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-devel-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-gtk-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-gtk-debuginfo-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-qt-1.12.4-12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-qt-debuginfo-1.12.4-12.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-debugsource / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201510-03.NASL description The remote host is affected by the vulnerability described in GLSA-201510-03 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 86688 published 2015-11-02 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86688 title GLSA-201510-03 : Wireshark: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2393.NASL description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the last seen 2020-06-01 modified 2020-06-02 plugin id 87156 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87156 title CentOS 7 : wireshark (CESA-2015:2393) NASL family SuSE Local Security Checks NASL id SUSE_11_WIRESHARK-150311.NASL description Wireshark was updated to version 1.10.13 fixing bugs and security issues : The following security issues have been fixed. - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] Further bug fixes and updated protocol support are listed in : https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html last seen 2020-06-01 modified 2020-06-02 plugin id 82523 published 2015-04-02 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82523 title SuSE 11.3 Security Update : wireshark (SAT Patch Number 10444) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3210.NASL description Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service. last seen 2020-03-17 modified 2015-04-02 plugin id 82511 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82511 title Debian DSA-3210-1 : wireshark - security update NASL family Scientific Linux Local Security Checks NASL id SL_20150722_WIRESHARK_ON_SL6_X.NASL description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : - Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. - Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a last seen 2020-03-18 modified 2015-08-04 plugin id 85208 published 2015-08-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85208 title Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20150722) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-580.NASL description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714 , CVE-2014-8712 , CVE-2014-8713 , CVE-2014-8711 , CVE-2014-8710 , CVE-2015-0562 , CVE-2015-0564 , CVE-2015-2189 , CVE-2015-2191) last seen 2020-06-01 modified 2020-06-02 plugin id 85453 published 2015-08-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85453 title Amazon Linux AMI : wireshark (ALAS-2015-580) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1460.NASL description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a last seen 2020-06-01 modified 2020-06-02 plugin id 84952 published 2015-07-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84952 title RHEL 6 : wireshark (RHSA-2015:1460) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1460.NASL description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a last seen 2020-06-01 modified 2020-06-02 plugin id 85026 published 2015-07-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85026 title CentOS 6 : wireshark (CESA-2015:1460) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2393.NASL description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the last seen 2020-06-01 modified 2020-06-02 plugin id 86988 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86988 title RHEL 7 : wireshark (RHSA-2015:2393) NASL family Scientific Linux Local Security Checks NASL id SL_20151119_WIRESHARK_ON_SL7_X.NASL description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug : - Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the last seen 2020-03-18 modified 2015-12-22 plugin id 87578 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87578 title Scientific Linux Security Update : wireshark on SL7.x x86_64 (20151119) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1460.NASL description From Red Hat Security Advisory 2015:1460 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a last seen 2020-06-01 modified 2020-06-02 plugin id 85112 published 2015-07-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85112 title Oracle Linux 6 : wireshark (ELSA-2015-1460) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2393.NASL description From Red Hat Security Advisory 2015:2393 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the last seen 2020-06-01 modified 2020-06-02 plugin id 87038 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87038 title Oracle Linux 7 : wireshark (ELSA-2015-2393) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-183.NASL description Updated wireshark package fixes security vulnerabilies : The WCP dissector could crash (CVE-2015-2188). The pcapng file parser could crash (CVE-2015-2189). The TNEF dissector could go into an infinite loop (CVE-2015-2191). last seen 2020-06-01 modified 2020-06-02 plugin id 82458 published 2015-03-31 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82458 title Mandriva Linux Security Advisory : wireshark (MDVSA-2015:183) NASL family Windows NASL id WIRESHARK_1_12_4.NASL description The version of Wireshark installed remote Windows host is 1.10.x prior to 1.10.13, or 1.12.x prior to 1.12.4. It is, therefore, affected by denial of service vulnerabilities in the following items : - ATN-CPDLC dissector (CVE-2015-2187) - WCP dissector (CVE-2015-2188) - pcapng file parser (CVE-2015-2189) - LLDP dissector (CVE-2015-2190) - TNEF dissector (CVE-2015-2191) - SCSI OSD dissector (CVE-2015-2192) A remote attacker can exploit these vulnerabilities to cause Wireshark to crash or consume excessive CPU resources, either by injecting a specially crafted packet onto the wire or by convincing a user to read a malformed packet trace or PCAP file. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 81672 published 2015-03-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81672 title Wireshark 1.10.x < 1.10.13 / 1.12.x < 1.12.4 Multiple DoS Vulnerabilities
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.wireshark.org/security/wnpa-sec-2015-08.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
- http://www.securitytracker.com/id/1031858
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:183
- http://advisories.mageia.org/MGASA-2015-0117.html
- http://www.debian.org/security/2015/dsa-3210
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/72944
- https://security.gentoo.org/glsa/201510-03
- http://rhn.redhat.com/errata/RHSA-2015-1460.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a835c85e3d662343d7283f1dcdacb8a11d1d0727