Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | DSA-2274 | First vendor Publication | 2011-07-07 |
Vendor | Debian | Last vendor Modification | 2011-07-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Huzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-3+lenny14. For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.2.17-1 We recommend that you upgrade your wireshark packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2274 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-399 | Resource Management Errors |
20 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12075 | |||
Oval ID: | oval:org.mitre.oval:def:12075 | ||
Title: | DSA-2274-1 wireshark -- several | ||
Description: | Huzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2274-1 CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14325 | |||
Oval ID: | oval:org.mitre.oval:def:14325 | ||
Title: | Vulnerability in dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | ||
Description: | The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1957 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14645 | |||
Oval ID: | oval:org.mitre.oval:def:14645 | ||
Title: | Integer underflow in the visual_read function in wiretap/visual.c vulnerability in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | ||
Description: | Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2175 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14656 | |||
Oval ID: | oval:org.mitre.oval:def:14656 | ||
Title: | Vulnerability in the snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | ||
Description: | The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1959 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14777 | |||
Oval ID: | oval:org.mitre.oval:def:14777 | ||
Title: | Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | ||
Description: | Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2174 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15045 | |||
Oval ID: | oval:org.mitre.oval:def:15045 | ||
Title: | Diameter dictionary file vulnerability in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | ||
Description: | Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1958 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15050 | |||
Oval ID: | oval:org.mitre.oval:def:15050 | ||
Title: | Vulnerability in X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 | ||
Description: | The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1590 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for wireshark CESA-2012:0509 centos6 File : nvt/gb_CESA-2012_0509_wireshark_centos6.nasl |
2012-07-09 | Name : RedHat Update for wireshark RHSA-2012:0509-01 File : nvt/gb_RHSA-2012_0509-01_wireshark.nasl |
2012-06-29 | Name : Wireshark Multiple Denial of Service Vulnerabilities June-11 (Mac OS X) File : nvt/secpod_wireshark_mult_dos_vuln_jun11_macosx.nasl |
2012-04-26 | Name : Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X) File : nvt/secpod_wireshark_dissector_dos_vuln_macosx.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-02 (wireshark) File : nvt/glsa_201110_02.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2274-1 (wireshark) File : nvt/deb_2274_1.nasl |
2011-07-12 | Name : Fedora Update for wireshark FEDORA-2011-7821 File : nvt/gb_fedora_2011_7821_wireshark_fc15.nasl |
2011-06-20 | Name : Fedora Update for wireshark FEDORA-2011-7846 File : nvt/gb_fedora_2011_7846_wireshark_fc14.nasl |
2011-06-20 | Name : Fedora Update for wireshark FEDORA-2011-7858 File : nvt/gb_fedora_2011_7858_wireshark_fc13.nasl |
2011-06-13 | Name : Wireshark Multiple Denial of Service Vulnerabilities (Windows) File : nvt/gb_wireshark_mult_dos_vuln_win_jun11.nasl |
2011-05-17 | Name : Mandriva Update for wireshark MDVSA-2011:083 (wireshark) File : nvt/gb_mandriva_MDVSA_2011_083.nasl |
2011-05-16 | Name : Wireshark X.509if Dissector Denial of service vulnerability (Windows) File : nvt/gb_wireshark_dissector_dos_vuln_win_may11.nasl |
2011-05-05 | Name : Fedora Update for wireshark FEDORA-2011-5529 File : nvt/gb_fedora_2011_5529_wireshark_fc13.nasl |
2011-05-05 | Name : Fedora Update for wireshark FEDORA-2011-5569 File : nvt/gb_fedora_2011_5569_wireshark_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72979 | Wireshark wiretap/visual.c visual_read Function Visual Networks File Handling... |
72978 | Wireshark epan/tvbuff.c tvb_uncompress Function Double-free Remote DoS |
72977 | Wireshark wiretap/snoop.c snoop_read Function Virtualizable Buffer Handling R... |
72976 | Wireshark Diameter Dictionary File Handling Remote DoS |
72975 | Wireshark DICOM Dissector epan/dissectors/packet-dcm.c dissect_dcm_main Funct... |
71846 | Wireshark X.509if Dissector Use-after-free DoS Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free error occurs within the X.509if dissector, allowing an attacker to cause a denial of service via specially crafted packets. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_wireshark-111013.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_wireshark-110511.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_wireshark-111013.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_wireshark-110511.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-71.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0509.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0125.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_wireshark_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0125.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120423_wireshark_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO |
2012-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-111013.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7796.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7500.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7795.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-02.nasl - Type : ACT_GATHER_INFO |
2011-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2274.nasl - Type : ACT_GATHER_INFO |
2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7846.nasl - Type : ACT_GATHER_INFO |
2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7858.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7821.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12708.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-110503.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7501.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-105.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_7.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-083.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5621.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5569.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5529.nasl - Type : ACT_GATHER_INFO |
2011-04-18 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:18 |
|