Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2008:215 | First vendor Publication | 2008-10-27 |
Vendor | Mandriva | Last vendor Modification | 2008-10-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A number of vulnerabilities were discovered in Wireshark that could cause it to crash or abort while processing malicious packets (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685). This update provides Wireshark 1.0.4, which is not vulnerable to these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
71 % | CWE-399 | Resource Management Errors |
29 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10223 | |||
Oval ID: | oval:org.mitre.oval:def:10223 | ||
Title: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Description: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4684 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10788 | |||
Oval ID: | oval:org.mitre.oval:def:10788 | ||
Title: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Description: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4685 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10955 | |||
Oval ID: | oval:org.mitre.oval:def:10955 | ||
Title: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Description: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4682 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11194 | |||
Oval ID: | oval:org.mitre.oval:def:11194 | ||
Title: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Description: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4681 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14705 | |||
Oval ID: | oval:org.mitre.oval:def:14705 | ||
Title: | Vulnerability in wtap.c in Wireshark 0.99.7 through 1.0.3 | ||
Description: | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4682 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14767 | |||
Oval ID: | oval:org.mitre.oval:def:14767 | ||
Title: | packet-frame vulnerability in Wireshark 0.99.2 through 1.0.3 | ||
Description: | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4684 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14853 | |||
Oval ID: | oval:org.mitre.oval:def:14853 | ||
Title: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 | ||
Description: | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4681 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14982 | |||
Oval ID: | oval:org.mitre.oval:def:14982 | ||
Title: | Vulnerability in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 | ||
Description: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4683 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15091 | |||
Oval ID: | oval:org.mitre.oval:def:15091 | ||
Title: | Vulnerability in packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 | ||
Description: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4680 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20196 | |||
Oval ID: | oval:org.mitre.oval:def:20196 | ||
Title: | DSA-1673-1 wireshark - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1673-1 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26194 | |||
Oval ID: | oval:org.mitre.oval:def:26194 | ||
Title: | Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark | ||
Description: | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4685 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8237 | |||
Oval ID: | oval:org.mitre.oval:def:8237 | ||
Title: | DSA-1673 wireshark -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: The GSM SMS dissector is vulnerable to denial of service. The PANA and KISMET dissectors are vulnerable to denial of service. The RMI dissector could disclose system memory. The packet reassembling module is vulnerable to denial of service. The zlib uncompression module is vulnerable to denial of service. The Bluetooth ACL dissector is vulnerable to denial of service. The PRP and MATE dissectors are vulnerable to denial of service. The Q931 dissector is vulnerable to denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1673 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9605 | |||
Oval ID: | oval:org.mitre.oval:def:9605 | ||
Title: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Description: | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4680 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9821 | |||
Oval ID: | oval:org.mitre.oval:def:9821 | ||
Title: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Description: | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4683 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos3 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos4 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos4_i386.nasl |
2009-10-13 | Name : SLES10: Security update for ethereal File : nvt/sles10_ethereal2.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5040200.nasl |
2009-07-06 | Name : Gentoo Security Advisory GLSA 200906-05 (wireshark) File : nvt/glsa_200906_05.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:215 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_215.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0313 (wireshark) File : nvt/ovcesa2009_0313.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0313 File : nvt/RHSA_2009_0313.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2008-12-03 | Name : Debian Security Advisory DSA 1673-1 (wireshark) File : nvt/deb_1673_1.nasl |
2008-10-24 | Name : Wireshark Multiple Vulnerabilities - Oct08 (Linux) File : nvt/gb_wireshark_mult_vuln_oct08_lin.nasl |
2008-10-24 | Name : Wireshark Multiple Vulnerabilities - Oct08 (Windows) File : nvt/gb_wireshark_mult_vuln_oct08_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49345 | Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af... |
49344 | Wireshark Multiple Post Dissector packet-frame Remote DoS |
49343 | Wireshark Bluetooth ACL Dissector packet-bthci_acl.c dissect_btacl Function R... |
49342 | Wireshark wtap.c Malformed NCF File Handling Remote DoS |
49341 | Wireshark Bluetooth RFCOMM Dissector Unspecified DoS |
49340 | Wireshark USB Dissector packet-usb.c Malformed URB Handling Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12323.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-5866.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_wireshark-081220.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-05.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-215.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5886.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1673.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-5783.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:45 |
|