9.3 - MDVSA-2011:083

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MDVSA-2011:083	First vendor Publication	2011-05-12
Vendor	Mandriva	Last vendor Modification	2011-05-12
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This advisory updates wireshark to the latest version (1.2.16), fixing several security issues:

The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1590).

Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file (CVE-2011-1591).

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1592).

The updated packages have been upgraded to the latest 1.2.x version (1.2.16) which is not vulnerable to these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:083

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-399	Resource Management Errors
33 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
33 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14987

Oval ID:	oval:org.mitre.oval:def:14987
Title:	NFS dissector in epan/dissectors/packet-nfs.c vulnerability in Wireshark 1.4.x before 1.4.5 on Windows
Description:	The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1592	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 1.4.x before 1.4.5

Definition Id: oval:org.mitre.oval:def:15000

Oval ID:	oval:org.mitre.oval:def:15000
Title:	Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5
Description:	Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1591	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 1.4.x before 1.4.5

Definition Id: oval:org.mitre.oval:def:15050

Oval ID:	oval:org.mitre.oval:def:15050
Title:	Vulnerability in X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5
Description:	The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1590	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 1.2.x before 1.2.16 or 1.4.x before 1.4.5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wireshark cpe:2.3:a:wireshark:wireshark:1.4.4:::::::* cpe:2.3:a:wireshark:wireshark:1.4.3:::::::* cpe:2.3:a:wireshark:wireshark:1.4.2:::::::* cpe:2.3:a:wireshark:wireshark:1.4.1:::::::* cpe:2.3:a:wireshark:wireshark:1.4.0:::::::* cpe:2.3:a:wireshark:wireshark:1.2.9:::::::* cpe:2.3:a:wireshark:wireshark:1.2.8:::::::* cpe:2.3:a:wireshark:wireshark:1.2.7:::::::* cpe:2.3:a:wireshark:wireshark:1.2.6:::::::* cpe:2.3:a:wireshark:wireshark:1.2.5:::::::* cpe:2.3:a:wireshark:wireshark:1.2.4:::::::* cpe:2.3:a:wireshark:wireshark:1.2.3:::::::* cpe:2.3:a:wireshark:wireshark:1.2.2:::::::* cpe:2.3:a:wireshark:wireshark:1.2.15:::::::* cpe:2.3:a:wireshark:wireshark:1.2.14:::::::* cpe:2.3:a:wireshark:wireshark:1.2.13:::::::* cpe:2.3:a:wireshark:wireshark:1.2.12:::::::* cpe:2.3:a:wireshark:wireshark:1.2.11:::::::* cpe:2.3:a:wireshark:wireshark:1.2.10:::::::* cpe:2.3:a:wireshark:wireshark:1.2.1:::::::* cpe:2.3:a:wireshark:wireshark:1.2.0:::::::*	21

SAINT Exploits

Description	Link
Wireshark DECT Dissector PCAP File Processing Overflow	More info here
Wireshark DECT Dissector Remote Stack Buffer Overflow	More info here

OpenVAS Exploits

Date	Description
2012-07-30	Name : CentOS Update for wireshark CESA-2012:0509 centos6 File : nvt/gb_CESA-2012_0509_wireshark_centos6.nasl
2012-07-09	Name : RedHat Update for wireshark RHSA-2012:0509-01 File : nvt/gb_RHSA-2012_0509-01_wireshark.nasl
2012-04-26	Name : Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X) File : nvt/secpod_wireshark_dissector_dos_vuln_macosx.nasl
2012-04-25	Name : Wireshark DECT Buffer Overflow Vulnerability (Mac OS X) File : nvt/secpod_wireshark_dect_bof_vuln_macosx.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201110-02 (wireshark) File : nvt/glsa_201110_02.nasl
2011-08-03	Name : Debian Security Advisory DSA 2274-1 (wireshark) File : nvt/deb_2274_1.nasl
2011-05-17	Name : Mandriva Update for wireshark MDVSA-2011:083 (wireshark) File : nvt/gb_mandriva_MDVSA_2011_083.nasl
2011-05-16	Name : Wireshark X.509if Dissector Denial of service vulnerability (Windows) File : nvt/gb_wireshark_dissector_dos_vuln_win_may11.nasl
2011-05-16	Name : Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) File : nvt/gb_wireshark_mult_vuln_win_may11.nasl
2011-05-05	Name : Fedora Update for wireshark FEDORA-2011-5529 File : nvt/gb_fedora_2011_5529_wireshark_fc13.nasl
2011-05-05	Name : Fedora Update for wireshark FEDORA-2011-5569 File : nvt/gb_fedora_2011_5569_wireshark_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
71848	Wireshark epan/dissectors/packet-dect.c DECT Dissector Overflow Wireshark is prone to an overflow condition. The DECT dissector in epan/dissectors/packet-dect.c fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code.
71847	Wireshark on Windows epan/dissectors/packet-nfs.c NFS Dissector DoS Wireshark on Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a data type mismatch error occurs within the NFS dissector in epan/dissectors/packet-nfs.c, allowing an attacker to cause a denial of service via specially crafted packets.
71846	Wireshark X.509if Dissector Use-after-free DoS Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free error occurs within the X.509if dissector, allowing an attacker to cause a denial of service via specially crafted packets.

Snort® IPS/IDS

Date	Description
2016-03-14	Wireshark DECT packet dissector overflow attempt RuleID : 36855 - Revision : 3 - Type : FILE-OTHER
2014-01-10	Wireshark DECT packet dissector overflow attempt RuleID : 20431 - Revision : 8 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_wireshark-110511.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_wireshark-110511.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-71.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120423_wireshark_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-04-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2012-04-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7500.nasl - Type : ACT_GATHER_INFO
2011-10-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-02.nasl - Type : ACT_GATHER_INFO
2011-07-08	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2274.nasl - Type : ACT_GATHER_INFO
2011-06-08	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12708.nasl - Type : ACT_GATHER_INFO
2011-06-08	Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-110503.nasl - Type : ACT_GATHER_INFO
2011-06-08	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7501.nasl - Type : ACT_GATHER_INFO
2011-05-13	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-083.nasl - Type : ACT_GATHER_INFO
2011-04-27	Name : The remote Fedora host is missing a security update. File : fedora_2011-5621.nasl - Type : ACT_GATHER_INFO
2011-04-27	Name : The remote Fedora host is missing a security update. File : fedora_2011-5569.nasl - Type : ACT_GATHER_INFO
2011-04-27	Name : The remote Fedora host is missing a security update. File : fedora_2011-5529.nasl - Type : ACT_GATHER_INFO
2011-04-18	Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_5.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:42:14	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	3
CPE ID(s)	21
Saint Exploit(s)	2
osvdb(s)	3
Openvas Exploit(s)	11
Snort® Rule(s)	2
Nessus® Exploit(s)	18

	Related
9.3	CVE-2011-1591
4.3	CVE-2011-1592
4.3	CVE-2011-1590
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)