Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:292 First vendor Publication 2009-11-03
Vendor Mandriva Last vendor Modification 2009-11-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace (CVE-2009-3550); and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file (CVE-2009-3829).

The wireshark package has been updated to fix these vulnerabilities.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:292

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10103
 
Oval ID: oval:org.mitre.oval:def:10103
Title: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Description: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3550
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13282
 
Oval ID: oval:org.mitre.oval:def:13282
Title: DSA-1942-1 wireshark -- several
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues, which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included. For the old stable distribution, this problem has been fixed in version 0.99.4-5.etch.4. For the stable distribution, this problem has been fixed in version 1.0.2-3+lenny7. For the unstable distribution these problems have been fixed in version 1.2.3-1. We recommend that you upgrade your Wireshark packages.
Family: unix Class: patch
Reference(s): DSA-1942-1
CVE-2009-1268
CVE-2008-1829
CVE-2009-2560
CVE-2009-2562
CVE-2009-3241
CVE-2009-3550
CVE-2009-3829
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5979
 
Oval ID: oval:org.mitre.oval:def:5979
Title: Wireshark Integer overflow vulnerability in wiretap/erf.c
Description: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3829
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6005
 
Oval ID: oval:org.mitre.oval:def:6005
Title: Wireshark DoS Vulnerability due to the DCERPC/NT dissector
Description: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3550
 Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7586
 
Oval ID: oval:org.mitre.oval:def:7586
Title: DSA-1942 wireshark -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: A NULL pointer dereference was found in the RADIUS dissector. A NULL pointer dereference was found in the DCERP/NT dissector. An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included.
Family: unix Class: patch
Reference(s): DSA-1942
CVE-2009-1268
CVE-2008-1829
CVE-2009-2560
CVE-2009-2562
CVE-2009-3241
CVE-2009-3550
CVE-2009-3829
 Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9945
 
Oval ID: oval:org.mitre.oval:def:9945
Title: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Description: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3829
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 63

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for wireshark CESA-2010:0360 centos5 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos5_i386.nasl
2010-04-29 Name : CentOS Update for wireshark CESA-2010:0360 centos3 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos3_i386.nasl
2010-04-29 Name : CentOS Update for wireshark CESA-2010:0360 centos4 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos4_i386.nasl
2010-04-29 Name : RedHat Update for wireshark RHSA-2010:0360-01
File : nvt/gb_RHSA-2010_0360-01_wireshark.nasl
2009-12-14 Name : SLES11: Security update for wireshark
File : nvt/sles11_wireshark1.nasl
2009-12-10 Name : Debian Security Advisory DSA 1942-1 (wireshark)
File : nvt/deb_1942_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:292-1 (wireshark)
File : nvt/mdksa_2009_292_1.nasl
2009-12-03 Name : Gentoo Security Advisory GLSA 200911-05 (wireshark)
File : nvt/glsa_200911_05.nasl
2009-12-03 Name : SLES10: Security update for ethereal
File : nvt/sles10_ethereal4.nasl
2009-12-03 Name : SLES9: Security update for ethereal
File : nvt/sles9p5063382.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:292 (wireshark)
File : nvt/mdksa_2009_292.nasl
2009-11-04 Name : Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Linux)
File : nvt/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl
2009-11-04 Name : Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win)
File : nvt/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl
2009-11-04 Name : Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux)
File : nvt/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl
2009-11-04 Name : Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Win)
File : nvt/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59478 Wireshark wiretap/erf.c Unsigned Integer Wrap ERF File Handling Overflow
59460 Wireshark DCERPC/NT Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer dereference error within the DCERPC/NT dissector occurs, and will result in loss of availability for the service.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100420_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6628.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2010-04-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1942.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-292.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12530.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6627.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-05.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:56
  • Multiple Updates