Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0313 | First vendor Publication | 2009-03-04 |
Vendor | RedHat | Last vendor Modification | 2009-03-04 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 468166 - CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB). 468167 - CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets 468169 - CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type 468171 - CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length 468174 - CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector 468175 - CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets 472737 - CVE-2008-5285 wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request 485888 - CVE-2009-0599 wireshark: buffer overflows in NetScreen snoop file reader 485889 - CVE-2009-0600 wireshark: denial of service (application crash) via a crafted Tektronix K12 text capture file |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0313.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
64 % | CWE-399 | Resource Management Errors |
27 % | CWE-20 | Improper Input Validation |
9 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10223 | |||
Oval ID: | oval:org.mitre.oval:def:10223 | ||
Title: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Description: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4684 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10788 | |||
Oval ID: | oval:org.mitre.oval:def:10788 | ||
Title: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Description: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4685 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10853 | |||
Oval ID: | oval:org.mitre.oval:def:10853 | ||
Title: | Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. | ||
Description: | Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0600 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10955 | |||
Oval ID: | oval:org.mitre.oval:def:10955 | ||
Title: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Description: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4682 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11194 | |||
Oval ID: | oval:org.mitre.oval:def:11194 | ||
Title: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Description: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4681 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11351 | |||
Oval ID: | oval:org.mitre.oval:def:11351 | ||
Title: | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | ||
Description: | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5285 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14705 | |||
Oval ID: | oval:org.mitre.oval:def:14705 | ||
Title: | Vulnerability in wtap.c in Wireshark 0.99.7 through 1.0.3 | ||
Description: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4682 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14732 | |||
Oval ID: | oval:org.mitre.oval:def:14732 | ||
Title: | Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 | ||
Description: | Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0599 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14767 | |||
Oval ID: | oval:org.mitre.oval:def:14767 | ||
Title: | packet-frame vulnerability in Wireshark 0.99.2 through 1.0.3 | ||
Description: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4684 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14853 | |||
Oval ID: | oval:org.mitre.oval:def:14853 | ||
Title: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 | ||
Description: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4681 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14982 | |||
Oval ID: | oval:org.mitre.oval:def:14982 | ||
Title: | Vulnerability in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 | ||
Description: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4683 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15041 | |||
Oval ID: | oval:org.mitre.oval:def:15041 | ||
Title: | Wireshark 0.99.6 through 1.0.5 vulnerability via crafted Tektronix K12 text capture file | ||
Description: | Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0600 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15091 | |||
Oval ID: | oval:org.mitre.oval:def:15091 | ||
Title: | Vulnerability in packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 | ||
Description: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4680 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20196 | |||
Oval ID: | oval:org.mitre.oval:def:20196 | ||
Title: | DSA-1673-1 wireshark - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1673-1 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22684 | |||
Oval ID: | oval:org.mitre.oval:def:22684 | ||
Title: | ELSA-2009:0313: wireshark security update (Moderate) | ||
Description: | Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0313-01 CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2008-6472 CVE-2009-0599 CVE-2009-0600 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26194 | |||
Oval ID: | oval:org.mitre.oval:def:26194 | ||
Title: | Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark | ||
Description: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4685 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26525 | |||
Oval ID: | oval:org.mitre.oval:def:26525 | ||
Title: | Denial of service vulnerability in Wireshark via long SMTP request | ||
Description: | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5285 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29088 | |||
Oval ID: | oval:org.mitre.oval:def:29088 | ||
Title: | RHSA-2009:0313 -- wireshark security update (Moderate) | ||
Description: | Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0313 CESA-2009:0313-CentOS 3 CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2008-6472 CVE-2009-0599 CVE-2009-0600 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6223 | |||
Oval ID: | oval:org.mitre.oval:def:6223 | ||
Title: | Wireshark Denial of Service Vulnerability | ||
Description: | The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-6472 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8237 | |||
Oval ID: | oval:org.mitre.oval:def:8237 | ||
Title: | DSA-1673 wireshark -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: The GSM SMS dissector is vulnerable to denial of service. The PANA and KISMET dissectors are vulnerable to denial of service. The RMI dissector could disclose system memory. The packet reassembling module is vulnerable to denial of service. The zlib uncompression module is vulnerable to denial of service. The Bluetooth ACL dissector is vulnerable to denial of service. The PRP and MATE dissectors are vulnerable to denial of service. The Q931 dissector is vulnerable to denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1673 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9605 | |||
Oval ID: | oval:org.mitre.oval:def:9605 | ||
Title: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Description: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4680 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9629 | |||
Oval ID: | oval:org.mitre.oval:def:9629 | ||
Title: | The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||
Description: | The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-6472 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9677 | |||
Oval ID: | oval:org.mitre.oval:def:9677 | ||
Title: | Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | ||
Description: | Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0599 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9821 | |||
Oval ID: | oval:org.mitre.oval:def:9821 | ||
Title: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Description: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4683 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos3 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos4 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos4_i386.nasl |
2009-10-13 | Name : SLES10: Security update for ethereal File : nvt/sles10_ethereal2.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5040200.nasl |
2009-07-06 | Name : Gentoo Security Advisory GLSA 200906-05 (wireshark) File : nvt/glsa_200906_05.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:215 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_215.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:242 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_242.nasl |
2009-03-31 | Name : wireshark -- multiple vulnerabilities File : nvt/freebsd_ethereal8.nasl |
2009-03-20 | Name : Fedora Core 9 FEDORA-2009-1877 (wireshark) File : nvt/fcore_2009_1877.nasl |
2009-03-18 | Name : Wireshark Denial of Service Vulnerability (Linux) File : nvt/gb_wireshark_mult_vuln_mar09_lin.nasl |
2009-03-18 | Name : Wireshark Denial of Service Vulnerability (Win) File : nvt/gb_wireshark_mult_vuln_mar09_win.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0313 (wireshark) File : nvt/ovcesa2009_0313.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0313 File : nvt/RHSA_2009_0313.nasl |
2009-03-07 | Name : Fedora Core 10 FEDORA-2009-1798 (wireshark) File : nvt/fcore_2009_1798.nasl |
2009-03-02 | Name : SuSE Security Summary SUSE-SR:2009:005 File : nvt/suse_sr_2009_005.nasl |
2009-03-02 | Name : Mandrake Security Advisory MDVSA-2009:058 (wireshark) File : nvt/mdksa_2009_058.nasl |
2009-02-20 | Name : Wireshark Multiple Vulnerabilities Feb-09 (Windows) File : nvt/gb_wireshark_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Wireshark Multiple Vulnerabilities Feb 09 (Linux) File : nvt/gb_wireshark_mult_vuln_feb09_lin.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2008-12-10 | Name : wireshark -- SMTP Processing Denial of Service Vulnerability File : nvt/freebsd_wireshark1.nasl |
2008-12-04 | Name : Wireshark SMTP Processing Denial of Service Vulnerability (Linux) File : nvt/gb_wireshark_smtp_dos_vuln_lin.nasl |
2008-12-04 | Name : Wireshark SMTP Processing Denial of Service Vulnerability (Win) File : nvt/gb_wireshark_smtp_dos_vuln_win.nasl |
2008-12-03 | Name : Debian Security Advisory DSA 1673-1 (wireshark) File : nvt/deb_1673_1.nasl |
2008-10-24 | Name : Wireshark Multiple Vulnerabilities - Oct08 (Windows) File : nvt/gb_wireshark_mult_vuln_oct08_win.nasl |
2008-10-24 | Name : Wireshark Multiple Vulnerabilities - Oct08 (Linux) File : nvt/gb_wireshark_mult_vuln_oct08_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52719 | Wireshark WLCCP Dissector Packet Handling Infinite Loop DoS |
51987 | Wireshark Crafted Tektronix K12 Text Capture File Handling DoS |
51815 | Wireshark wiretap/netscreen.c NetScreen Snoop Capture File Handling Overflow |
50069 | Wireshark SMTP Dissector Packet Handling Infinite Loop DoS |
49345 | Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af... |
49344 | Wireshark Multiple Post Dissector packet-frame Remote DoS |
49343 | Wireshark Bluetooth ACL Dissector packet-bthci_acl.c dissect_btacl Function R... |
49342 | Wireshark wtap.c Malformed NCF File Handling Remote DoS |
49341 | Wireshark Bluetooth RFCOMM Dissector Unspecified DoS |
49340 | Wireshark USB Dissector packet-usb.c Malformed URB Handling Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-5866.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12323.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-081220.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-090218.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-081220.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090107.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090218.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-05.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-215.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-242.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-058.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1798.nasl - Type : ACT_GATHER_INFO |
2009-03-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f6f19735924549188a6087948ebb4907.nasl - Type : ACT_GATHER_INFO |
2009-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1877.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2009-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-6007.nasl - Type : ACT_GATHER_INFO |
2009-02-10 | Name : The remote host has an application that is susceptible to multiple denial of ... File : wireshark_1_0_6.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5886.nasl - Type : ACT_GATHER_INFO |
2008-12-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_baece347c48911dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5783.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1673.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:17 |
|