Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | DSA-2590 | First vendor Publication | 2012-12-26 |
Vendor | Debian | Last vendor Modification | 2012-12-26 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.3 | Attack Range | Adjacent network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. For the stable distribution (squeeze), these problems have been fixed in version 1.2.11-6+squeeze8. For the unstable distribution (sid), these problems have been fixed in version 1.8.2-1. We recommend that you upgrade your wireshark packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2590 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15547 | |||
Oval ID: | oval:org.mitre.oval:def:15547 | ||
Title: | Vulnerability in the PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 | ||
Description: | The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4048 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15583 | |||
Oval ID: | oval:org.mitre.oval:def:15583 | ||
Title: | Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 | ||
Description: | Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4296 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19925 | |||
Oval ID: | oval:org.mitre.oval:def:19925 | ||
Title: | DSA-2590-1 wireshark - several | ||
Description: | Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2590-1 CVE-2012-4048 CVE-2012-4296 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2590-1 (wireshark - several vulnerabilities) File : nvt/deb_2590_1.nasl |
2012-12-28 | Name : Wireshark Multiple Vulnerabilities-01 Dec 2012 (Mac OS X) File : nvt/gb_wireshark_mult_vuln01_dec12_macosx.nasl |
2012-08-30 | Name : FreeBSD Ports: wireshark File : nvt/freebsd_wireshark7.nasl |
2012-08-30 | Name : Fedora Update for wireshark FEDORA-2012-12085 File : nvt/gb_fedora_2012_12085_wireshark_fc16.nasl |
2012-08-30 | Name : Fedora Update for wireshark FEDORA-2012-12091 File : nvt/gb_fedora_2012_12091_wireshark_fc17.nasl |
2012-08-21 | Name : Wireshark Multiple Vulnerabilities - August 2012 (Windows) File : nvt/gb_wireshark_mult_vuln_aug12_win.nasl |
2012-08-17 | Name : Mandriva Update for wireshark MDVSA-2012:134 (wireshark) File : nvt/gb_mandriva_MDVSA_2012_134.nasl |
2012-08-09 | Name : Mandriva Update for wireshark MDVSA-2012:125 (wireshark) File : nvt/gb_mandriva_MDVSA_2012_125.nasl |
2012-07-27 | Name : Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Mac OS X) File : nvt/gb_wireshark_ppp_n_nfs_dos_vuln_macosx.nasl |
2012-07-27 | Name : Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows) File : nvt/gb_wireshark_ppp_n_nfs_dos_vuln_win.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_wireshark_20121120.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_wireshark_20120918.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-540.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-526.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-470.nasl - Type : ACT_GATHER_INFO |
2013-08-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-05.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-055.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-120831.nasl - Type : ACT_GATHER_INFO |
2012-12-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2590.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-8267.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-125.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-134.nasl - Type : ACT_GATHER_INFO |
2012-08-28 | Name : The remote Fedora host is missing a security update. File : fedora_2012-12085.nasl - Type : ACT_GATHER_INFO |
2012-08-28 | Name : The remote Fedora host is missing a security update. File : fedora_2012-12091.nasl - Type : ACT_GATHER_INFO |
2012-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4cdfe875e8d611e1bea0002354ed89bc.nasl - Type : ACT_GATHER_INFO |
2012-08-17 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_8_2.nasl - Type : ACT_GATHER_INFO |
2012-08-17 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_6_10.nasl - Type : ACT_GATHER_INFO |
2012-08-17 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_15.nasl - Type : ACT_GATHER_INFO |
2012-07-25 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_6_9.nasl - Type : ACT_GATHER_INFO |
2012-07-25 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_8_1.nasl - Type : ACT_GATHER_INFO |
2012-07-25 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_14.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:31 |
|
2013-09-20 17:21:20 |
|
2012-12-26 17:17:38 |
|