Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1100 | First vendor Publication | 2009-06-15 |
Vendor | RedHat | Last vendor Modification | 2009-06-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.8, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 493973 - CVE-2009-1210 wireshark: format string in PROFINET dissector 495119 - CVE-2009-1268 Wireshark CHAP dissector crash 495121 - CVE-2009-1269 Wireshark Tektronix .rf5 file crash 501929 - CVE-2009-1829 wireshark: PCNFSD dissector crash |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1100.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10642 | |||
Oval ID: | oval:org.mitre.oval:def:10642 | ||
Title: | Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | ||
Description: | Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1269 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10876 | |||
Oval ID: | oval:org.mitre.oval:def:10876 | ||
Title: | The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | ||
Description: | The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1268 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13753 | |||
Oval ID: | oval:org.mitre.oval:def:13753 | ||
Title: | DSA-1785-1 wireshark -- several | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector. CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash. CVE-2009-1269 Malformed Tektronix files could lead to a crash. The old stable distribution is only affected by the CPHAP crash, which doesn’t warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. For the stable distribution, these problems have been fixed in version 1.0.2-3+lenny5. For the unstable distribution, these problems have been fixed in version 1.0.7-1. We recommend that you upgrade your wireshark packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1785-1 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22056 | |||
Oval ID: | oval:org.mitre.oval:def:22056 | ||
Title: | ELSA-2009:1100: wireshark security update (Moderate) | ||
Description: | Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1100-01 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 CVE-2009-1829 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25945 | |||
Oval ID: | oval:org.mitre.oval:def:25945 | ||
Title: | Unspecified vulnerability in Wireshark via crafted PCNFSD packets | ||
Description: | Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1829 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28894 | |||
Oval ID: | oval:org.mitre.oval:def:28894 | ||
Title: | RHSA-2009:1100 -- wireshark security update (Moderate) | ||
Description: | Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.8, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1100 CESA-2009:1100-CentOS 3 CESA-2009:1100-CentOS 5 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 CVE-2009-1829 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5335 | |||
Oval ID: | oval:org.mitre.oval:def:5335 | ||
Title: | Wireshark CPHAP dissector Denial of Service Vulnerability | ||
Description: | The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1268 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5748 | |||
Oval ID: | oval:org.mitre.oval:def:5748 | ||
Title: | Wireshark Tektronix .rf5 Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1269 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5976 | |||
Oval ID: | oval:org.mitre.oval:def:5976 | ||
Title: | Wireshark PROFINET/DCP (PN-DCP) dissector Denial of Service Vulnerability | ||
Description: | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1210 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7530 | |||
Oval ID: | oval:org.mitre.oval:def:7530 | ||
Title: | DSA-1785 wireshark -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A format string vulnerability was discovered in the PROFINET dissector. The dissector for the Check Point High-Availability Protocol could be forced to crash. Malformed Tektronix files could lead to a crash. The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1785 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9270 | |||
Oval ID: | oval:org.mitre.oval:def:9270 | ||
Title: | Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. | ||
Description: | Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1829 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9526 | |||
Oval ID: | oval:org.mitre.oval:def:9526 | ||
Title: | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. | ||
Description: | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1210 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:1100 centos5 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:1100 centos3 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos3_i386.nasl |
2009-12-10 | Name : Debian Security Advisory DSA 1942-1 (wireshark) File : nvt/deb_1942_1.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-7998 (wireshark) File : nvt/fcore_2009_7998.nasl |
2009-10-13 | Name : SLES10: Security update for ethereal File : nvt/sles10_ethereal.nasl |
2009-10-11 | Name : SLES11: Security update for wireshark File : nvt/sles11_wireshark.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5050540.nasl |
2009-07-06 | Name : Gentoo Security Advisory GLSA 200906-05 (wireshark) File : nvt/glsa_200906_05.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1100 File : nvt/RHSA_2009_1100.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1100 (wireshark) File : nvt/ovcesa2009_1100.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5382 (wireshark) File : nvt/fcore_2009_5382.nasl |
2009-06-05 | Name : wireshark -- PCNFSD Dissector Denial of Service Vulnerability File : nvt/freebsd_ethereal9.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5339 (wireshark) File : nvt/fcore_2009_5339.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:125 (wireshark) File : nvt/mdksa_2009_125.nasl |
2009-06-01 | Name : Wireshark PCNFSD Dissector Denial of Service Vulnerability (Linux) File : nvt/secpod_wireshark_pcnfsd_dos_vuln_lin.nasl |
2009-06-01 | Name : Wireshark PCNFSD Dissector Denial of Service Vulnerability (Win) File : nvt/secpod_wireshark_pcnfsd_dos_vuln_win.nasl |
2009-05-20 | Name : Fedora Core 10 FEDORA-2009-3599 (wireshark) File : nvt/fcore_2009_3599.nasl |
2009-05-11 | Name : FreeBSD Ports: wireshark, wireshark-lite File : nvt/freebsd_wireshark2.nasl |
2009-05-05 | Name : Debian Security Advisory DSA 1785-1 (wireshark) File : nvt/deb_1785_1.nasl |
2009-04-20 | Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl |
2009-04-20 | Name : Wireshark Multiple Unspecified Vulnerability - Apr09 (Win) File : nvt/gb_wireshark_mult_vuln_apr09_win.nasl |
2009-04-20 | Name : Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux) File : nvt/gb_wireshark_mult_vuln_apr09_lin.nasl |
2009-04-15 | Name : Mandrake Security Advisory MDVSA-2009:088 (wireshark) File : nvt/mdksa_2009_088.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54629 | Wireshark PCNFSD Dissector Packet Handling DoS |
53670 | Wireshark CPHAP Dissector Crafted FWHA_MY_STATE Packet Handling DoS |
53669 | Wireshark Crafted RF5 File Handling DoS |
52996 | Wireshark PN-DCP Dissector Station Name Handling Format String |
Snort® IPS/IDS
Date | Description |
---|---|
2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43845 - Revision : 2 - Type : FILE-OTHER |
2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43844 - Revision : 2 - Type : FILE-OTHER |
2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43843 - Revision : 2 - Type : FILE-OTHER |
2017-09-06 | Wireshark PROFINET DCP response format string exploit attempt RuleID : 43842 - Revision : 2 - Type : FILE-OTHER |
2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43841 - Revision : 2 - Type : FILE-OTHER |
2017-09-06 | Wireshark PROFINET DCP response format string exploit attempt RuleID : 43840 - Revision : 2 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1100.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090615_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1942.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-6269.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-090525.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12424.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090525.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-090525.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-05.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1100.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1100.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-125.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a2d4a3304d5411de88110030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-6271.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5382.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5339.nasl - Type : ACT_GATHER_INFO |
2009-05-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3599.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_defce06839aa11dea493001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-05-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1785.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-088.nasl - Type : ACT_GATHER_INFO |
2009-04-10 | Name : The remote host has an application that is affected by multiple vulnerabilities. File : wireshark_1_0_7.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:35 |
|