Executive Summary

Summary
Titlewireshark security update
Informations
NameRHSA-2011:0370First vendor Publication2011-03-21
VendorRedHatLast vendor Modification2011-03-21
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
opened a specially-crafted capture file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2011-0024)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139,
CVE-2011-1140, CVE-2011-1141, CVE-2011-1143)

Users of Wireshark should upgrade to these updated packages, which contain
backported patches to correct these issues. All running instances of
Wireshark must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

639486 - CVE-2010-3445 wireshark: stack overflow in BER dissector
671331 - CVE-2011-0024 heap-based buffer overflow in wireshark < 1.2 when reading malformed capture files
676232 - CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)
681748 - CVE-2011-1139 Wireshark: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field
681754 - CVE-2011-1140 Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet
681756 - CVE-2011-1141 Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption
681760 - CVE-2011-1143 Wireshark: Null pointer dereference causing application crash when reading malformed pcap file

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0370.html

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14607
 
Oval ID: oval:org.mitre.oval:def:14607
Title: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12
Description: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3445
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14605
 
Oval ID: oval:org.mitre.oval:def:14605
Title: Vulnerability in pcap-ng processing in Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0
Description: Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0538
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14997
 
Oval ID: oval:org.mitre.oval:def:14997
Title: Vulnerability in wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3
Description: wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
Family: windows Class: vulnerability
Reference(s): CVE-2011-1139
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14715
 
Oval ID: oval:org.mitre.oval:def:14715
Title: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3
Description: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Family: windows Class: vulnerability
Reference(s): CVE-2011-1140
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21869
 
Oval ID: oval:org.mitre.oval:def:21869
Title: RHSA-2011:0369: wireshark security update (Moderate)
Description: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
Family: unix Class: patch
Reference(s): RHSA-2011:0369-01
CVE-2011-0444
CVE-2011-0538
CVE-2011-0713
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
Version: 81
Platform(s): Red Hat Enterprise Linux 6
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14974
 
Oval ID: oval:org.mitre.oval:def:14974
Title: Vulnerability in epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3
Description: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
Family: windows Class: vulnerability
Reference(s): CVE-2011-1141
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22896
 
Oval ID: oval:org.mitre.oval:def:22896
Title: ELSA-2011:0369: wireshark security update (Moderate)
Description: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
Family: unix Class: patch
Reference(s): ELSA-2011:0369-01
CVE-2011-0444
CVE-2011-0538
CVE-2011-0713
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
Version: 26
Platform(s): Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21771
 
Oval ID: oval:org.mitre.oval:def:21771
Title: RHSA-2011:0370: wireshark security update (Moderate)
Description: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
Family: unix Class: patch
Reference(s): RHSA-2011:0370-01
CESA-2011:0370
CVE-2010-3445
CVE-2011-0024
CVE-2011-0538
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
CVE-2011-1143
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16209
 
Oval ID: oval:org.mitre.oval:def:16209
Title: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file
Description: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
Family: windows Class: vulnerability
Reference(s): CVE-2011-1143
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23150
 
Oval ID: oval:org.mitre.oval:def:23150
Title: ELSA-2011:0370: wireshark security update (Moderate)
Description: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
Family: unix Class: patch
Reference(s): ELSA-2011:0370-01
CVE-2010-3445
CVE-2011-0024
CVE-2011-0538
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
CVE-2011-1143
Version: 30
Platform(s): Oracle Linux 4
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application47

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for wireshark CESA-2011:0370 centos5 x86_64
File : nvt/gb_CESA-2011_0370_wireshark_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for wireshark CESA-2012:0509 centos6
File : nvt/gb_CESA-2012_0509_wireshark_centos6.nasl
2012-07-09Name : RedHat Update for wireshark RHSA-2012:0509-01
File : nvt/gb_RHSA-2012_0509-01_wireshark.nasl
2012-06-27Name : Wireshark Multiple Vulnerabilities March-11 (Mac OS X)
File : nvt/gb_wireshark_mult_vuln_mar11_macosx.nasl
2012-06-27Name : Wireshark Denial of Service Vulnerability-02 March 11 (Mac OS X)
File : nvt/gb_wireshark_dos_vuln02_mar11_macosx.nasl
2012-06-27Name : Wireshark Multiple Vulnerabilities-01 March 11 (Mac OS X)
File : nvt/gb_wireshark_mult_vuln01_mar11_macosx.nasl
2012-06-06Name : RedHat Update for wireshark RHSA-2011:0369-01
File : nvt/gb_RHSA-2011_0369-01_wireshark.nasl
2012-05-04Name : Wireshark BER Dissector Stack Consumption Vulnerability (Mac OS X)
File : nvt/gb_wireshark_ber_dissector_stack_consumption_vuln_macosx.nasl
2012-04-25Name : Wireshark Denial of Service Vulnerability (Mac OS X)
File : nvt/secpod_wireshark_dos_vuln_macosx.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-02 (wireshark)
File : nvt/glsa_201110_02.nasl
2011-08-09Name : CentOS Update for wireshark CESA-2011:0370 centos5 i386
File : nvt/gb_CESA-2011_0370_wireshark_centos5_i386.nasl
2011-05-12Name : Debian Security Advisory DSA 2201-1 (wireshark)
File : nvt/deb_2201_1.nasl
2011-03-25Name : CentOS Update for wireshark CESA-2011:0370 centos4 i386
File : nvt/gb_CESA-2011_0370_wireshark_centos4_i386.nasl
2011-03-24Name : RedHat Update for wireshark RHSA-2011:0370-01
File : nvt/gb_RHSA-2011_0370-01_wireshark.nasl
2011-03-15Name : Mandriva Update for wireshark MDVSA-2011:044 (wireshark)
File : nvt/gb_mandriva_MDVSA_2011_044.nasl
2011-03-15Name : Fedora Update for wireshark FEDORA-2011-2620
File : nvt/gb_fedora_2011_2620_wireshark_fc13.nasl
2011-03-15Name : Fedora Update for wireshark FEDORA-2011-2632
File : nvt/gb_fedora_2011_2632_wireshark_fc14.nasl
2011-03-09Name : Wireshark Multiple Vulnerabilities - March-11 (Windows)
File : nvt/gb_wireshark_mult_vuln_mar11_win.nasl
2011-03-09Name : Wireshark Multiple Vulnerabilities March-11 (Windows)
File : nvt/gb_wireshark_mult_vuln_mar11_win01.nasl
2011-03-09Name : Wireshark Denial of Service Vulnerability March-11 (Windows)
File : nvt/gb_wireshark_dos_vuln_mar11_win02.nasl
2011-02-15Name : Wireshark Denial of Service Vulnerability (Linux)
File : nvt/gb_wireshark_dos_vuln_lin.nasl
2011-02-15Name : Wireshark Denial of Service Vulnerability (Windows)
File : nvt/gb_wireshark_dos_vuln_win.nasl
2010-12-09Name : Wireshark BER Dissector Stack Consumption Vulnerability (Win)
File : nvt/gb_wireshark_ber_dissector_stack_consumption_vuln_win.nasl
2010-11-17Name : FreeBSD Ports: wireshark
File : nvt/freebsd_wireshark5.nasl
2010-10-19Name : Mandriva Update for wireshark MDVSA-2010:200 (wireshark)
File : nvt/gb_mandriva_MDVSA_2010_200.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
73403Wireshark wiretap/pcapng.c Crafted Capture File Overflow DoS
71556Wireshark pcap-ng File Handling Memory Corruption
71555Wireshark pcap-ng Large packet-length Field DoS
71553Wireshark Multiple Function SMB Packet Handling DoS
71552Wireshark Multiple Function CLDAP Packet Handling DoS
71550Wireshark LDAP Dissector Filter String Memory Consumption DoS
71548Wireshark NTLMSSP Dissector PCAP File Handling DoS
68129Wireshark ASN.1 BER Dissector epan/dissectors/packet-ber.c dissect_unknown_be...

Metasploit Database

idDescription
2011-03-01 Wireshark CLDAP Dissector DOS

Nessus® Vulnerability Scanner

DateDescription
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-71.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0369.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0370.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110321_wireshark_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120423_wireshark_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101130_wireshark_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-04-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2012-04-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0509.nasl - Type : ACT_GATHER_INFO
2011-10-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-02.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote SuSE system is missing a security patch for wireshark
File : suse_11_1_wireshark-101222.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote SuSE system is missing a security patch for wireshark
File : suse_11_2_wireshark-101222.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote SuSE system is missing a security patch for wireshark
File : suse_11_2_wireshark-110411.nasl - Type : ACT_GATHER_INFO
2011-04-07Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-110331.nasl - Type : ACT_GATHER_INFO
2011-03-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2201.nasl - Type : ACT_GATHER_INFO
2011-03-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0370.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0369.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0370.nasl - Type : ACT_GATHER_INFO
2011-03-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-2620.nasl - Type : ACT_GATHER_INFO
2011-03-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-2632.nasl - Type : ACT_GATHER_INFO
2011-03-09Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-044.nasl - Type : ACT_GATHER_INFO
2011-03-09Name : The remote Fedora host is missing a security update.
File : fedora_2011-2648.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Windows host contains an application that is affected by multiple ...
File : wireshark_1_4_4.nasl - Type : ACT_GATHER_INFO
2010-12-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0924.nasl - Type : ACT_GATHER_INFO
2010-11-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2127.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b2eaa7c2e64a11dfbc650022156e8794.nasl - Type : ACT_GATHER_INFO
2010-10-14Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-200.nasl - Type : ACT_GATHER_INFO
2010-10-14Name : The remote Windows host contains an application that is vulnerable to a denia...
File : wireshark_1_4_1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:30
  • Multiple Updates