Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | DSA-2700 | First vendor Publication | 2013-06-02 |
Vendor | Debian | Last vendor Modification | 2013-06-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. The oldstable distribution (squeeze) is not affected. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy3. For the unstable distribution (sid), these problems have been fixed in version 1.8.7-1. We recommend that you upgrade your wireshark packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2700 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16228 | |||
Oval ID: | oval:org.mitre.oval:def:16228 | ||
Title: | epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types | ||
Description: | epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3559 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16417 | |||
Oval ID: | oval:org.mitre.oval:def:16417 | ||
Title: | The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list | ||
Description: | The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3558 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16521 | |||
Oval ID: | oval:org.mitre.oval:def:16521 | ||
Title: | The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable | ||
Description: | The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3557 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16696 | |||
Oval ID: | oval:org.mitre.oval:def:16696 | ||
Title: | Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 | ||
Description: | Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3562 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16751 | |||
Oval ID: | oval:org.mitre.oval:def:16751 | ||
Title: | The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string | ||
Description: | The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3560 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16779 | |||
Oval ID: | oval:org.mitre.oval:def:16779 | ||
Title: | epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers | ||
Description: | epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3555 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19928 | |||
Oval ID: | oval:org.mitre.oval:def:19928 | ||
Title: | DSA-2700-1 wireshark - several | ||
Description: | Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2700-1 CVE-2013-3555 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3562 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25218 | |||
Oval ID: | oval:org.mitre.oval:def:25218 | ||
Title: | SUSE-SU-2013:1265-1 -- Security update for wireshark | ||
Description: | This wireshark version update to 1.8.8 includes several security and general bug fixes. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1265-1 CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 CVE-2013-2486 CVE-2013-2487 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | wireshark |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1276-1.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_wireshark_20130924.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1569.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-536.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0341.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0341.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0341.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140331_wireshark_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-17635.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_wireshark_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-251.nasl - Type : ACT_GATHER_INFO |
2013-11-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1569.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1569.nasl - Type : ACT_GATHER_INFO |
2013-10-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-17627.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2013-17661.nasl - Type : ACT_GATHER_INFO |
2013-08-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-05.nasl - Type : ACT_GATHER_INFO |
2013-07-31 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-8659.nasl - Type : ACT_GATHER_INFO |
2013-07-28 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-130711.nasl - Type : ACT_GATHER_INFO |
2013-06-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-172.nasl - Type : ACT_GATHER_INFO |
2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2700.nasl - Type : ACT_GATHER_INFO |
2013-05-22 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_8_7.nasl - Type : ACT_GATHER_INFO |
2013-05-22 | Name : The remote Windows host contains an application that is affected by a denial ... File : wireshark_1_6_15.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:57 |
|
2013-06-02 21:19:48 |
|