10 - GLSA-200906-05

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Wireshark: Multiple vulnerabilities

Informations
Name	GLSA-200906-05	First vendor Publication	2009-06-30
Vendor	Gentoo	Last vendor Modification	2009-06-30
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution.

Background

Wireshark is a versatile network protocol analyzer.

Description

Multiple vulnerabilities have been discovered in Wireshark:

* David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB)
(CVE-2008-4680).

* Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681).

* A malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" triggers a failed assertion in wtap.c (CVE-2008-4682).

* An unchecked packet length parameter in the dissect_btacl()
function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683).

* A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684).

* Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931
dissector via certain packets that trigger an exception (CVE-2008-4685).

* The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285).

* The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472).

* babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599).

* A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600).

* A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601).

* THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210).

* An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266).

* Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP)
(CVE-2009-1268).

* Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269).

* The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829).

Impact

A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark.

Workaround

There is no known workaround at this time.

Resolution

All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"

References

[ 1 ] CVE-2008-4680 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680
[ 2 ] CVE-2008-4681 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681
[ 3 ] CVE-2008-4682 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682
[ 4 ] CVE-2008-4683 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683
[ 5 ] CVE-2008-4684 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684
[ 6 ] CVE-2008-4685 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685
[ 7 ] CVE-2008-5285 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285
[ 8 ] CVE-2008-6472 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472
[ 9 ] CVE-2009-0599 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599
[ 10 ] CVE-2009-0600 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600
[ 11 ] CVE-2009-0601 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601
[ 12 ] CVE-2009-1210 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
[ 13 ] CVE-2009-1266 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266
[ 14 ] CVE-2009-1268 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268
[ 15 ] CVE-2009-1269 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
[ 16 ] CVE-2009-1829 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200906-05.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200906-05.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7	Blind SQL Injection
CAPEC-8	Buffer Overflow in an API Call
CAPEC-9	Buffer Overflow in Local Command-Line Utilities
CAPEC-10	Buffer Overflow via Environment Variables
CAPEC-13	Subverting Environment Variable Values
CAPEC-14	Client-side Injection-induced Buffer Overflow
CAPEC-18	Embedding Scripts in Nonscript Elements
CAPEC-22	Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24	Filter Failure through Buffer Overflow
CAPEC-28	Fuzzing
CAPEC-31	Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32	Embedding Scripts in HTTP Query Strings
CAPEC-42	MIME Conversion
CAPEC-43	Exploiting Multiple Input Interpretation Layers
CAPEC-45	Buffer Overflow via Symbolic Links
CAPEC-46	Overflow Variables and Tags
CAPEC-47	Buffer Overflow via Parameter Expansion
CAPEC-52	Embedding NULL Bytes
CAPEC-53	Postfix, Null Terminate, and Backslash
CAPEC-63	Simple Script Injection
CAPEC-64	Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66	SQL Injection
CAPEC-67	String Format Overflow in syslog()
CAPEC-71	Using Unicode Encoding to Bypass Validation Logic
CAPEC-72	URL Encoding
CAPEC-73	User-Controlled Filename
CAPEC-78	Using Escaped Slashes in Alternate Encoding
CAPEC-79	Using Slashes in Alternate Encoding
CAPEC-80	Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81	Web Logs Tampering
CAPEC-83	XPath Injection
CAPEC-85	Client Network Footprinting (using AJAX/XSS)
CAPEC-86	Embedding Script (XSS ) in HTTP Headers
CAPEC-88	OS Command Injection
CAPEC-91	XSS in IMG Tags
CAPEC-99	XML Parser Attack
CAPEC-101	Server Side Include (SSI) Injection
CAPEC-104	Cross Zone Scripting
CAPEC-106	Cross Site Scripting through Log Files
CAPEC-108	Command Line Execution through SQL Injection
CAPEC-109	Object Relational Mapping Injection
CAPEC-110	SQL Injection through SOAP Parameter Tampering
CAPEC-171	Variable Manipulation

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-399	Resource Management Errors
29 %	CWE-20	Improper Input Validation
14 %	CWE-134	Uncontrolled Format String (CWE/SANS Top 25)
7 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10223

Oval ID:	oval:org.mitre.oval:def:10223
Title:	packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Description:	packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4684	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:10642

Oval ID:	oval:org.mitre.oval:def:10642
Title:	Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
Description:	Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1269	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.8-EL3.1 AND wireshark-gnome is earlier than 0:1.0.8-EL3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el4_8.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el5_3.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1

Definition Id: oval:org.mitre.oval:def:10788

Oval ID:	oval:org.mitre.oval:def:10788
Title:	Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Description:	Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4685	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:10853

Oval ID:	oval:org.mitre.oval:def:10853
Title:	Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Description:	Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0600	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:10876

Oval ID:	oval:org.mitre.oval:def:10876
Title:	The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
Description:	The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1268	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.8-EL3.1 AND wireshark-gnome is earlier than 0:1.0.8-EL3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el4_8.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el5_3.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1

Definition Id: oval:org.mitre.oval:def:10955

Oval ID:	oval:org.mitre.oval:def:10955
Title:	wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Description:	wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4682	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:11194

Oval ID:	oval:org.mitre.oval:def:11194
Title:	Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Description:	Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4681	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:11351

Oval ID:	oval:org.mitre.oval:def:11351
Title:	Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Description:	Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5285	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:13753

Oval ID:	oval:org.mitre.oval:def:13753
Title:	DSA-1785-1 wireshark -- several
Description:	Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector. CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash. CVE-2009-1269 Malformed Tektronix files could lead to a crash. The old stable distribution is only affected by the CPHAP crash, which doesn’t warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. For the stable distribution, these problems have been fixed in version 1.0.2-3+lenny5. For the unstable distribution, these problems have been fixed in version 1.0.7-1. We recommend that you upgrade your wireshark packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1785-1 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	wireshark
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa Packages section wireshark-dev DPKG is earlier than 1.0.2-3+lenny5 AND wireshark-common DPKG is earlier than 1.0.2-3+lenny5 AND tshark DPKG is earlier than 1.0.2-3+lenny5 AND wireshark DPKG is earlier than 1.0.2-3+lenny5

Definition Id: oval:org.mitre.oval:def:14705

Oval ID:	oval:org.mitre.oval:def:14705
Title:	Vulnerability in wtap.c in Wireshark 0.99.7 through 1.0.3
Description:	wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4682	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.7 through 1.0.3

Definition Id: oval:org.mitre.oval:def:14732

Oval ID:	oval:org.mitre.oval:def:14732
Title:	Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5
Description:	Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0599	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.7 through 1.0.5

Definition Id: oval:org.mitre.oval:def:14767

Oval ID:	oval:org.mitre.oval:def:14767
Title:	packet-frame vulnerability in Wireshark 0.99.2 through 1.0.3
Description:	packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4684	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.2 through 1.0.3

Definition Id: oval:org.mitre.oval:def:14853

Oval ID:	oval:org.mitre.oval:def:14853
Title:	Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3
Description:	Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4681	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.7 through 1.0.3

Definition Id: oval:org.mitre.oval:def:14982

Oval ID:	oval:org.mitre.oval:def:14982
Title:	Vulnerability in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3
Description:	The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4683	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.2 through 1.0.3

Definition Id: oval:org.mitre.oval:def:15041

Oval ID:	oval:org.mitre.oval:def:15041
Title:	Wireshark 0.99.6 through 1.0.5 vulnerability via crafted Tektronix K12 text capture file
Description:	Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0600	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.6 through 1.0.5

Definition Id: oval:org.mitre.oval:def:15091

Oval ID:	oval:org.mitre.oval:def:15091
Title:	Vulnerability in packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3
Description:	packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4680	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.7 through 1.0.3

Definition Id: oval:org.mitre.oval:def:20196

Oval ID:	oval:org.mitre.oval:def:20196
Title:	DSA-1673-1 wireshark - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark.
Family:	unix	Class:	patch
Reference(s):	DSA-1673-1 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	wireshark
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND wireshark DPKG is earlier than 0:0.99.4-5.etch.3

Definition Id: oval:org.mitre.oval:def:22056

Oval ID:	oval:org.mitre.oval:def:22056
Title:	ELSA-2009:1100: wireshark security update (Moderate)
Description:	Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1100-01 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 CVE-2009-1829	Version:	21
Platform(s):	Oracle Linux 5	Product(s):	wireshark
Definition Synopsis:
Oracle Linux 5.x rpm test wireshark is earlier than 0:1.0.8-1.el5_3.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1

Definition Id: oval:org.mitre.oval:def:22684

Oval ID:	oval:org.mitre.oval:def:22684
Title:	ELSA-2009:0313: wireshark security update (Moderate)
Description:	Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0313-01 CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2008-6472 CVE-2009-0599 CVE-2009-0600	Version:	45
Platform(s):	Oracle Linux 5	Product(s):	wireshark
Definition Synopsis:
Oracle Linux 5.x rpm test wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:25945

Oval ID:	oval:org.mitre.oval:def:25945
Title:	Unspecified vulnerability in Wireshark via crafted PCNFSD packets
Description:	Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1829	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Check if version of Wireshark is 0.8.20 through 1.0.7

Definition Id: oval:org.mitre.oval:def:26194

Oval ID:	oval:org.mitre.oval:def:26194
Title:	Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark
Description:	Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-4685	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Check if version of Wireshark is 0.10.3 through 1.0.3

Definition Id: oval:org.mitre.oval:def:26525

Oval ID:	oval:org.mitre.oval:def:26525
Title:	Denial of service vulnerability in Wireshark via long SMTP request
Description:	Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-5285	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Check if version of Wireshark is less than or equal to 1.0.4

Definition Id: oval:org.mitre.oval:def:28894

Oval ID:	oval:org.mitre.oval:def:28894
Title:	RHSA-2009:1100 -- wireshark security update (Moderate)
Description:	Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.8, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1100 CESA-2009:1100-CentOS 3 CESA-2009:1100-CentOS 5 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 CVE-2009-1829	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5	Product(s):	wireshark
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1 AND wireshark is earlier than 0:1.0.8-1.el5_3.1 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section wireshark is earlier than 0:1.0.8-EL3.1 AND wireshark-gnome is earlier than 0:1.0.8-EL3.1 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section wireshark is earlier than 0:1.0.8-1.el4_8.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el4_8.1

Definition Id: oval:org.mitre.oval:def:29088

Oval ID:	oval:org.mitre.oval:def:29088
Title:	RHSA-2009:0313 -- wireshark security update (Moderate)
Description:	Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0313 CESA-2009:0313-CentOS 3 CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2008-6472 CVE-2009-0599 CVE-2009-0600	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3	Product(s):	wireshark
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section wireshark-gnome is earlier than 0:1.0.6-2.el5_3 AND wireshark is earlier than 0:1.0.6-2.el5_3 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7

Definition Id: oval:org.mitre.oval:def:5335

Oval ID:	oval:org.mitre.oval:def:5335
Title:	Wireshark CPHAP dissector Denial of Service Vulnerability
Description:	The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1268	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.9.6 through 1.0.6

Definition Id: oval:org.mitre.oval:def:5748

Oval ID:	oval:org.mitre.oval:def:5748
Title:	Wireshark Tektronix .rf5 Denial of Service Vulnerability
Description:	Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1269	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.6 through 1.0.6

Definition Id: oval:org.mitre.oval:def:5976

Oval ID:	oval:org.mitre.oval:def:5976
Title:	Wireshark PROFINET/DCP (PN-DCP) dissector Denial of Service Vulnerability
Description:	Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1210	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Wireshark version is less than or equal to 1.0.6

Definition Id: oval:org.mitre.oval:def:6223

Oval ID:	oval:org.mitre.oval:def:6223
Title:	Wireshark Denial of Service Vulnerability
Description:	The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-6472	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 0.99.7 through 1.0.4

Definition Id: oval:org.mitre.oval:def:7530

Oval ID:	oval:org.mitre.oval:def:7530
Title:	DSA-1785 wireshark -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A format string vulnerability was discovered in the PROFINET dissector. The dissector for the Check Point High-Availability Protocol could be forced to crash. Malformed Tektronix files could lead to a crash. The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release.
Family:	unix	Class:	patch
Reference(s):	DSA-1785 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269	Version:	3
Platform(s):	Debian GNU/Linux 5.0	Product(s):	wireshark
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa Packages section wireshark-dev is earlier than 1.0.2-3+lenny5 AND wireshark-common is earlier than 1.0.2-3+lenny5 AND tshark is earlier than 1.0.2-3+lenny5 AND wireshark is earlier than 1.0.2-3+lenny5

Definition Id: oval:org.mitre.oval:def:8237

Oval ID:	oval:org.mitre.oval:def:8237
Title:	DSA-1673 wireshark -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: The GSM SMS dissector is vulnerable to denial of service. The PANA and KISMET dissectors are vulnerable to denial of service. The RMI dissector could disclose system memory. The packet reassembling module is vulnerable to denial of service. The zlib uncompression module is vulnerable to denial of service. The Bluetooth ACL dissector is vulnerable to denial of service. The PRP and MATE dissectors are vulnerable to denial of service. The Q931 dissector is vulnerable to denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-1673 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	wireshark
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section wireshark-dev is earlier than 0.99.4-5.etch.3 AND tshark is earlier than 0.99.4-5.etch.3 AND ethereal-dev is earlier than 0.99.4-5.etch.3 AND tethereal is earlier than 0.99.4-5.etch.3 AND wireshark-common is earlier than 0.99.4-5.etch.3 AND ethereal is earlier than 0.99.4-5.etch.3 AND ethereal-common is earlier than 0.99.4-5.etch.3 AND wireshark is earlier than 0.99.4-5.etch.3

Definition Id: oval:org.mitre.oval:def:9270

Oval ID:	oval:org.mitre.oval:def:9270
Title:	Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Description:	Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1829	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.8-EL3.1 AND wireshark-gnome is earlier than 0:1.0.8-EL3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el4_8.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el5_3.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1

Definition Id: oval:org.mitre.oval:def:9526

Oval ID:	oval:org.mitre.oval:def:9526
Title:	Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Description:	Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1210	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.8-EL3.1 AND wireshark-gnome is earlier than 0:1.0.8-EL3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el4_8.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.8-1.el5_3.1 AND wireshark-gnome is earlier than 0:1.0.8-1.el5_3.1

Definition Id: oval:org.mitre.oval:def:9605

Oval ID:	oval:org.mitre.oval:def:9605
Title:	packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Description:	packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4680	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:9629

Oval ID:	oval:org.mitre.oval:def:9629
Title:	The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Description:	The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-6472	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:9677

Oval ID:	oval:org.mitre.oval:def:9677
Title:	Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Description:	Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0599	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

Definition Id: oval:org.mitre.oval:def:9821

Oval ID:	oval:org.mitre.oval:def:9821
Title:	The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Description:	The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4683	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.6-EL3.3 AND wireshark-gnome is earlier than 0:1.0.6-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el4_7 AND wireshark-gnome is earlier than 0:1.0.6-2.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.6-2.el5_3 AND wireshark-gnome is earlier than 0:1.0.6-2.el5_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wireshark cpe:2.3:a:wireshark:wireshark:1.0.7:::::::* cpe:2.3:a:wireshark:wireshark:1.0.6:::::::* cpe:2.3:a:wireshark:wireshark:1.0.5:::::::* cpe:2.3:a:wireshark:wireshark:1.0.4:::::::* cpe:2.3:a:wireshark:wireshark:1.0.3:::::::* cpe:2.3:a:wireshark:wireshark:1.0.2:::::::* cpe:2.3:a:wireshark:wireshark:1.0.1:::::::* cpe:2.3:a:wireshark:wireshark:1.0.0:::::::* cpe:2.3:a:wireshark:wireshark:1.0:::::::* cpe:2.3:a:wireshark:wireshark:0.99.9:::::::* cpe:2.3:a:wireshark:wireshark:0.99.8:::::::* cpe:2.3:a:wireshark:wireshark:0.99.7:::::::* cpe:2.3:a:wireshark:wireshark:0.99.6a:::::::* cpe:2.3:a:wireshark:wireshark:0.99.6:::::::* cpe:2.3:a:wireshark:wireshark:0.99.5:::::::* cpe:2.3:a:wireshark:wireshark:0.99.4:::::::* cpe:2.3:a:wireshark:wireshark:0.99.3:::::::* cpe:2.3:a:wireshark:wireshark:0.99.2:::::::* cpe:2.3:a:wireshark:wireshark:0.99.1:::::::* cpe:2.3:a:wireshark:wireshark:0.99.0:::::::* cpe:2.3:a:wireshark:wireshark:0.99:::::::* cpe:2.3:a:wireshark:wireshark:0.9.8:::::::* cpe:2.3:a:wireshark:wireshark:0.9.7:::::::* cpe:2.3:a:wireshark:wireshark:0.9.6:::::::* cpe:2.3:a:wireshark:wireshark:0.9.5:::::::* cpe:2.3:a:wireshark:wireshark:0.9.2:::::::* cpe:2.3:a:wireshark:wireshark:0.9.15:::::::* cpe:2.3:a:wireshark:wireshark:0.9.14:::::::* cpe:2.3:a:wireshark:wireshark:0.9.10:::::::* cpe:2.3:a:wireshark:wireshark:0.8.20:::::::* cpe:2.3:a:wireshark:wireshark:0.8.19:::::::* cpe:2.3:a:wireshark:wireshark:0.8.16:::::::* cpe:2.3:a:wireshark:wireshark:0.7.9:::::::* cpe:2.3:a:wireshark:wireshark:0.6:::::::* cpe:2.3:a:wireshark:wireshark:0.10.9:::::::* cpe:2.3:a:wireshark:wireshark:0.10.8:::::::* cpe:2.3:a:wireshark:wireshark:0.10.7:::::::* cpe:2.3:a:wireshark:wireshark:0.10.6:::::::* cpe:2.3:a:wireshark:wireshark:0.10.5:::::::* cpe:2.3:a:wireshark:wireshark:0.10.4:::::::* cpe:2.3:a:wireshark:wireshark:0.10.3:::::::* cpe:2.3:a:wireshark:wireshark:0.10.2:::::::* cpe:2.3:a:wireshark:wireshark:0.10.14:::::::* cpe:2.3:a:wireshark:wireshark:0.10.13:::::::* cpe:2.3:a:wireshark:wireshark:0.10.12:::::::* cpe:2.3:a:wireshark:wireshark:0.10.11:::::::* cpe:2.3:a:wireshark:wireshark:0.10.10:::::::* cpe:2.3:a:wireshark:wireshark:0.10.1:::::::* cpe:2.3:a:wireshark:wireshark:0.10:::::::* cpe:2.3:a:wireshark:wireshark::::::::	50

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for wireshark CESA-2009:1100 centos5 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos5_i386.nasl
2011-08-09	Name : CentOS Update for wireshark CESA-2009:1100 centos3 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos3_i386.nasl
2011-08-09	Name : CentOS Update for wireshark CESA-2009:0313 centos4 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos4_i386.nasl
2011-08-09	Name : CentOS Update for wireshark CESA-2009:0313 centos3 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos3_i386.nasl
2009-12-10	Name : Debian Security Advisory DSA 1942-1 (wireshark) File : nvt/deb_1942_1.nasl
2009-12-10	Name : Fedora Core 10 FEDORA-2009-7998 (wireshark) File : nvt/fcore_2009_7998.nasl
2009-10-13	Name : SLES10: Security update for ethereal File : nvt/sles10_ethereal.nasl
2009-10-13	Name : SLES10: Security update for ethereal File : nvt/sles10_ethereal2.nasl
2009-10-11	Name : SLES11: Security update for wireshark File : nvt/sles11_wireshark.nasl
2009-10-10	Name : SLES9: Security update for ethereal File : nvt/sles9p5050540.nasl
2009-10-10	Name : SLES9: Security update for ethereal File : nvt/sles9p5040200.nasl
2009-07-06	Name : Gentoo Security Advisory GLSA 200906-05 (wireshark) File : nvt/glsa_200906_05.nasl
2009-06-23	Name : RedHat Security Advisory RHSA-2009:1100 File : nvt/RHSA_2009_1100.nasl
2009-06-23	Name : CentOS Security Advisory CESA-2009:1100 (wireshark) File : nvt/ovcesa2009_1100.nasl
2009-06-15	Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl
2009-06-05	Name : wireshark -- PCNFSD Dissector Denial of Service Vulnerability File : nvt/freebsd_ethereal9.nasl
2009-06-05	Name : Fedora Core 10 FEDORA-2009-5382 (wireshark) File : nvt/fcore_2009_5382.nasl
2009-06-05	Name : Fedora Core 9 FEDORA-2009-5339 (wireshark) File : nvt/fcore_2009_5339.nasl
2009-06-05	Name : Mandrake Security Advisory MDVSA-2009:125 (wireshark) File : nvt/mdksa_2009_125.nasl
2009-06-01	Name : Wireshark PCNFSD Dissector Denial of Service Vulnerability (Win) File : nvt/secpod_wireshark_pcnfsd_dos_vuln_win.nasl
2009-06-01	Name : Wireshark PCNFSD Dissector Denial of Service Vulnerability (Linux) File : nvt/secpod_wireshark_pcnfsd_dos_vuln_lin.nasl
2009-05-20	Name : Fedora Core 10 FEDORA-2009-3599 (wireshark) File : nvt/fcore_2009_3599.nasl
2009-05-11	Name : FreeBSD Ports: wireshark, wireshark-lite File : nvt/freebsd_wireshark2.nasl
2009-05-05	Name : Debian Security Advisory DSA 1785-1 (wireshark) File : nvt/deb_1785_1.nasl
2009-04-20	Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl
2009-04-20	Name : Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux) File : nvt/gb_wireshark_mult_vuln_apr09_lin.nasl
2009-04-20	Name : Wireshark Multiple Unspecified Vulnerability - Apr09 (Win) File : nvt/gb_wireshark_mult_vuln_apr09_win.nasl
2009-04-15	Name : Mandrake Security Advisory MDVSA-2009:088 (wireshark) File : nvt/mdksa_2009_088.nasl
2009-04-09	Name : Mandriva Update for wireshark MDVSA-2008:215 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_215.nasl
2009-04-09	Name : Mandriva Update for wireshark MDVSA-2008:242 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_242.nasl
2009-03-31	Name : wireshark -- multiple vulnerabilities File : nvt/freebsd_ethereal8.nasl
2009-03-20	Name : Fedora Core 9 FEDORA-2009-1877 (wireshark) File : nvt/fcore_2009_1877.nasl
2009-03-18	Name : Wireshark Denial of Service Vulnerability (Win) File : nvt/gb_wireshark_mult_vuln_mar09_win.nasl
2009-03-18	Name : Wireshark Denial of Service Vulnerability (Linux) File : nvt/gb_wireshark_mult_vuln_mar09_lin.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0313 (wireshark) File : nvt/ovcesa2009_0313.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0313 File : nvt/RHSA_2009_0313.nasl
2009-03-07	Name : Fedora Core 10 FEDORA-2009-1798 (wireshark) File : nvt/fcore_2009_1798.nasl
2009-03-02	Name : Mandrake Security Advisory MDVSA-2009:058 (wireshark) File : nvt/mdksa_2009_058.nasl
2009-03-02	Name : SuSE Security Summary SUSE-SR:2009:005 File : nvt/suse_sr_2009_005.nasl
2009-02-20	Name : Wireshark Multiple Vulnerabilities Feb 09 (Linux) File : nvt/gb_wireshark_mult_vuln_feb09_lin.nasl
2009-02-20	Name : Wireshark Multiple Vulnerabilities Feb-09 (Windows) File : nvt/gb_wireshark_mult_vuln_feb09_win.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl
2008-12-10	Name : wireshark -- SMTP Processing Denial of Service Vulnerability File : nvt/freebsd_wireshark1.nasl
2008-12-04	Name : Wireshark SMTP Processing Denial of Service Vulnerability (Linux) File : nvt/gb_wireshark_smtp_dos_vuln_lin.nasl
2008-12-04	Name : Wireshark SMTP Processing Denial of Service Vulnerability (Win) File : nvt/gb_wireshark_smtp_dos_vuln_win.nasl
2008-12-03	Name : Debian Security Advisory DSA 1673-1 (wireshark) File : nvt/deb_1673_1.nasl
2008-10-24	Name : Wireshark Multiple Vulnerabilities - Oct08 (Linux) File : nvt/gb_wireshark_mult_vuln_oct08_lin.nasl
2008-10-24	Name : Wireshark Multiple Vulnerabilities - Oct08 (Windows) File : nvt/gb_wireshark_mult_vuln_oct08_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54629	Wireshark PCNFSD Dissector Packet Handling DoS
53903	Wireshark Unspecified Issue
53670	Wireshark CPHAP Dissector Crafted FWHA_MY_STATE Packet Handling DoS
53669	Wireshark Crafted RF5 File Handling DoS
52996	Wireshark PN-DCP Dissector Station Name Handling Format String
52719	Wireshark WLCCP Dissector Packet Handling Infinite Loop DoS
52157	Wireshark HOME Environment Variable Local Format String
51987	Wireshark Crafted Tektronix K12 Text Capture File Handling DoS
51815	Wireshark wiretap/netscreen.c NetScreen Snoop Capture File Handling Overflow
50069	Wireshark SMTP Dissector Packet Handling Infinite Loop DoS
49345	Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af...
49344	Wireshark Multiple Post Dissector packet-frame Remote DoS
49343	Wireshark Bluetooth ACL Dissector packet-bthci_acl.c dissect_btacl Function R...
49342	Wireshark wtap.c Malformed NCF File Handling Remote DoS
49341	Wireshark Bluetooth RFCOMM Dissector Unspecified DoS
49340	Wireshark USB Dissector packet-usb.c Malformed URB Handling Remote DoS

Snort® IPS/IDS

Date	Description
2017-09-06	Wireshark PROFINET DCP request format string exploit attempt RuleID : 43845 - Revision : 2 - Type : FILE-OTHER
2017-09-06	Wireshark PROFINET DCP request format string exploit attempt RuleID : 43844 - Revision : 2 - Type : FILE-OTHER
2017-09-06	Wireshark PROFINET DCP request format string exploit attempt RuleID : 43843 - Revision : 2 - Type : FILE-OTHER
2017-09-06	Wireshark PROFINET DCP response format string exploit attempt RuleID : 43842 - Revision : 2 - Type : FILE-OTHER
2017-09-06	Wireshark PROFINET DCP request format string exploit attempt RuleID : 43841 - Revision : 2 - Type : FILE-OTHER
2017-09-06	Wireshark PROFINET DCP response format string exploit attempt RuleID : 43840 - Revision : 2 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1100.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090615_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1942.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12424.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-090525.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-5866.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12323.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-6269.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-081220.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-090218.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-090525.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-081220.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090525.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090107.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_wireshark-090218.nasl - Type : ACT_GATHER_INFO
2009-07-01	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-05.nasl - Type : ACT_GATHER_INFO
2009-06-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1100.nasl - Type : ACT_GATHER_INFO
2009-06-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1100.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-125.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a2d4a3304d5411de88110030843d3802.nasl - Type : ACT_GATHER_INFO
2009-05-27	Name : The remote openSUSE host is missing a security update. File : suse_wireshark-6271.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote Fedora host is missing a security update. File : fedora_2009-5382.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote Fedora host is missing a security update. File : fedora_2009-5339.nasl - Type : ACT_GATHER_INFO
2009-05-18	Name : The remote Fedora host is missing a security update. File : fedora_2009-3599.nasl - Type : ACT_GATHER_INFO
2009-05-11	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_defce06839aa11dea493001b77d09812.nasl - Type : ACT_GATHER_INFO
2009-05-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1785.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-088.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-058.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-242.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-215.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-1798.nasl - Type : ACT_GATHER_INFO
2009-04-10	Name : The remote host has an application that is affected by multiple vulnerabilities. File : wireshark_1_0_7.nasl - Type : ACT_GATHER_INFO
2009-03-23	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f6f19735924549188a6087948ebb4907.nasl - Type : ACT_GATHER_INFO
2009-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2009-1877.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2009-02-23	Name : The remote openSUSE host is missing a security update. File : suse_wireshark-6007.nasl - Type : ACT_GATHER_INFO
2009-02-10	Name : The remote host has an application that is susceptible to multiple denial of ... File : wireshark_1_0_6.nasl - Type : ACT_GATHER_INFO
2008-12-26	Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5886.nasl - Type : ACT_GATHER_INFO
2008-12-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_baece347c48911dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5783.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1673.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:34	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	44
CWE ID(s)	15
Oval ID(s)	36
CPE ID(s)	50
osvdb(s)	16
Openvas Exploit(s)	50
Snort® Rule(s)	6
Nessus® Exploit(s)	44

	Related
10	CVE-2009-1266
10	CVE-2009-1210
5	CVE-2009-1829
5	CVE-2009-1269
5	CVE-2009-0599
5	CVE-2008-5285
5	CVE-2008-4685
5	CVE-2008-4683
5	CVE-2008-4682
4.3	CVE-2009-1268
4.3	CVE-2009-0600
4.3	CVE-2008-6472
4.3	CVE-2008-4684
4.3	CVE-2008-4681
4.3	CVE-2008-4680
2.1	CVE-2009-0601
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 16 more Alert(s)