Executive Summary
| Summary | |
|---|---|
| Title | wireshark security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2006:0658 | First vendor Publication | 2006-09-12 |
| Vendor | RedHat | Last vendor Modification | 2006-09-12 |
| Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 5.4 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 204045 - CVE-2006-4330 Wireshark security issues (CVE-2006-4331 CVE-2006-4333) 204066 - wireshark doesn't work as non root user |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2006-0658.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10125 | |||
| Oval ID: | oval:org.mitre.oval:def:10125 | ||
| Title: | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Description: | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-4331 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11801 | |||
| Oval ID: | oval:org.mitre.oval:def:11801 | ||
| Title: | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | ||
| Description: | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-4333 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14587 | |||
| Oval ID: | oval:org.mitre.oval:def:14587 | ||
| Title: | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark 0.99.2 | ||
| Description: | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-4331 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14684 | |||
| Oval ID: | oval:org.mitre.oval:def:14684 | ||
| Title: | SCSI dissector vulnerability in Wireshark 0.99.2 | ||
| Description: | Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-4330 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9869 | |||
| Oval ID: | oval:org.mitre.oval:def:9869 | ||
| Title: | Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Description: | Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-4330 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016073.nasl |
| 2009-02-27 | Name : Fedora Update for wireshark FEDORA-2007-207 File : nvt/gb_fedora_2007_207_wireshark_fc5.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200608-26 (wireshark) File : nvt/glsa_200608_26.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1171-1 (ethereal) File : nvt/deb_1171_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 28199 | Wireshark Q.2931 Dissector Crafted Packet Remote DoS |
| 28197 | Wireshark w/ ESP Decryption IPsec ESP Preference Parser Off-by-one |
| 28196 | Wireshark SCSI Dissector Unspecified DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0726.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-2028.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ethereal-2029.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1140.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1141.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-936.nasl - Type : ACT_GATHER_INFO |
| 2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-152.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1171.nasl - Type : ACT_GATHER_INFO |
| 2006-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0658.nasl - Type : ACT_GATHER_INFO |
| 2006-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0658.nasl - Type : ACT_GATHER_INFO |
| 2006-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-26.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:50:11 |
|
