Executive Summary

Summary
Title wireshark security update
Informations
Name RHSA-2009:0313 First vendor Publication 2009-03-04
Vendor RedHat Last vendor Modification 2009-03-04
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600)

Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

468166 - CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB). 468167 - CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets 468169 - CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type 468171 - CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length 468174 - CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector 468175 - CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets 472737 - CVE-2008-5285 wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request 485888 - CVE-2009-0599 wireshark: buffer overflows in NetScreen snoop file reader 485889 - CVE-2009-0600 wireshark: denial of service (application crash) via a crafted Tektronix K12 text capture file

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-0313.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-73 User-Controlled Filename
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 Web Logs Tampering
CAPEC-83 XPath Injection
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-91 XSS in IMG Tags
CAPEC-99 XML Parser Attack
CAPEC-101 Server Side Include (SSI) Injection
CAPEC-104 Cross Zone Scripting
CAPEC-106 Cross Site Scripting through Log Files
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-109 Object Relational Mapping Injection
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CAPEC-171 Variable Manipulation

CWE : Common Weakness Enumeration

% Id Name
64 % CWE-399 Resource Management Errors
27 % CWE-20 Improper Input Validation
9 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10223
 
Oval ID: oval:org.mitre.oval:def:10223
Title: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Description: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4684
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10788
 
Oval ID: oval:org.mitre.oval:def:10788
Title: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Description: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4685
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10853
 
Oval ID: oval:org.mitre.oval:def:10853
Title: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Description: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0600
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10955
 
Oval ID: oval:org.mitre.oval:def:10955
Title: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Description: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4682
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11194
 
Oval ID: oval:org.mitre.oval:def:11194
Title: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Description: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4681
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11351
 
Oval ID: oval:org.mitre.oval:def:11351
Title: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Description: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5285
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14705
 
Oval ID: oval:org.mitre.oval:def:14705
Title: Vulnerability in wtap.c in Wireshark 0.99.7 through 1.0.3
Description: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4682
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14732
 
Oval ID: oval:org.mitre.oval:def:14732
Title: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5
Description: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0599
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14767
 
Oval ID: oval:org.mitre.oval:def:14767
Title: packet-frame vulnerability in Wireshark 0.99.2 through 1.0.3
Description: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4684
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14853
 
Oval ID: oval:org.mitre.oval:def:14853
Title: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3
Description: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4681
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14982
 
Oval ID: oval:org.mitre.oval:def:14982
Title: Vulnerability in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3
Description: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4683
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15041
 
Oval ID: oval:org.mitre.oval:def:15041
Title: Wireshark 0.99.6 through 1.0.5 vulnerability via crafted Tektronix K12 text capture file
Description: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0600
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15091
 
Oval ID: oval:org.mitre.oval:def:15091
Title: Vulnerability in packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3
Description: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Family: windows Class: vulnerability
Reference(s): CVE-2008-4680
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20196
 
Oval ID: oval:org.mitre.oval:def:20196
Title: DSA-1673-1 wireshark - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark.
Family: unix Class: patch
Reference(s): DSA-1673-1
CVE-2008-3137
CVE-2008-3138
CVE-2008-3141
CVE-2008-3145
CVE-2008-3933
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22684
 
Oval ID: oval:org.mitre.oval:def:22684
Title: ELSA-2009:0313: wireshark security update (Moderate)
Description: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
Family: unix Class: patch
Reference(s): ELSA-2009:0313-01
CVE-2008-4680
CVE-2008-4681
CVE-2008-4682
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685
CVE-2008-5285
CVE-2008-6472
CVE-2009-0599
CVE-2009-0600
Version: 45
Platform(s): Oracle Linux 5
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26194
 
Oval ID: oval:org.mitre.oval:def:26194
Title: Use-after-free vulnerability in dissect_q931_cause_ie function in Wireshark
Description: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4685
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26525
 
Oval ID: oval:org.mitre.oval:def:26525
Title: Denial of service vulnerability in Wireshark via long SMTP request
Description: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Family: windows Class: vulnerability
Reference(s): CVE-2008-5285
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29088
 
Oval ID: oval:org.mitre.oval:def:29088
Title: RHSA-2009:0313 -- wireshark security update (Moderate)
Description: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599)
Family: unix Class: patch
Reference(s): RHSA-2009:0313
CESA-2009:0313-CentOS 3
CVE-2008-4680
CVE-2008-4681
CVE-2008-4682
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685
CVE-2008-5285
CVE-2008-6472
CVE-2009-0599
CVE-2009-0600
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6223
 
Oval ID: oval:org.mitre.oval:def:6223
Title: Wireshark Denial of Service Vulnerability
Description: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2008-6472
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8237
 
Oval ID: oval:org.mitre.oval:def:8237
Title: DSA-1673 wireshark -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: The GSM SMS dissector is vulnerable to denial of service. The PANA and KISMET dissectors are vulnerable to denial of service. The RMI dissector could disclose system memory. The packet reassembling module is vulnerable to denial of service. The zlib uncompression module is vulnerable to denial of service. The Bluetooth ACL dissector is vulnerable to denial of service. The PRP and MATE dissectors are vulnerable to denial of service. The Q931 dissector is vulnerable to denial of service.
Family: unix Class: patch
Reference(s): DSA-1673
CVE-2008-3137
CVE-2008-3138
CVE-2008-3141
CVE-2008-3145
CVE-2008-3933
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9605
 
Oval ID: oval:org.mitre.oval:def:9605
Title: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Description: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Family: unix Class: vulnerability
Reference(s): CVE-2008-4680
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9629
 
Oval ID: oval:org.mitre.oval:def:9629
Title: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Description: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-6472
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9677
 
Oval ID: oval:org.mitre.oval:def:9677
Title: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Description: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0599
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9821
 
Oval ID: oval:org.mitre.oval:def:9821
Title: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Description: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4683
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 48

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for wireshark CESA-2009:0313 centos3 i386
File : nvt/gb_CESA-2009_0313_wireshark_centos3_i386.nasl
2011-08-09 Name : CentOS Update for wireshark CESA-2009:0313 centos4 i386
File : nvt/gb_CESA-2009_0313_wireshark_centos4_i386.nasl
2009-10-13 Name : SLES10: Security update for ethereal
File : nvt/sles10_ethereal2.nasl
2009-10-10 Name : SLES9: Security update for ethereal
File : nvt/sles9p5040200.nasl
2009-07-06 Name : Gentoo Security Advisory GLSA 200906-05 (wireshark)
File : nvt/glsa_200906_05.nasl
2009-04-09 Name : Mandriva Update for wireshark MDVSA-2008:215 (wireshark)
File : nvt/gb_mandriva_MDVSA_2008_215.nasl
2009-04-09 Name : Mandriva Update for wireshark MDVSA-2008:242 (wireshark)
File : nvt/gb_mandriva_MDVSA_2008_242.nasl
2009-03-31 Name : wireshark -- multiple vulnerabilities
File : nvt/freebsd_ethereal8.nasl
2009-03-20 Name : Fedora Core 9 FEDORA-2009-1877 (wireshark)
File : nvt/fcore_2009_1877.nasl
2009-03-18 Name : Wireshark Denial of Service Vulnerability (Linux)
File : nvt/gb_wireshark_mult_vuln_mar09_lin.nasl
2009-03-18 Name : Wireshark Denial of Service Vulnerability (Win)
File : nvt/gb_wireshark_mult_vuln_mar09_win.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0313 (wireshark)
File : nvt/ovcesa2009_0313.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0313
File : nvt/RHSA_2009_0313.nasl
2009-03-07 Name : Fedora Core 10 FEDORA-2009-1798 (wireshark)
File : nvt/fcore_2009_1798.nasl
2009-03-02 Name : SuSE Security Summary SUSE-SR:2009:005
File : nvt/suse_sr_2009_005.nasl
2009-03-02 Name : Mandrake Security Advisory MDVSA-2009:058 (wireshark)
File : nvt/mdksa_2009_058.nasl
2009-02-20 Name : Wireshark Multiple Vulnerabilities Feb-09 (Windows)
File : nvt/gb_wireshark_mult_vuln_feb09_win.nasl
2009-02-20 Name : Wireshark Multiple Vulnerabilities Feb 09 (Linux)
File : nvt/gb_wireshark_mult_vuln_feb09_lin.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2008-12-10 Name : wireshark -- SMTP Processing Denial of Service Vulnerability
File : nvt/freebsd_wireshark1.nasl
2008-12-04 Name : Wireshark SMTP Processing Denial of Service Vulnerability (Linux)
File : nvt/gb_wireshark_smtp_dos_vuln_lin.nasl
2008-12-04 Name : Wireshark SMTP Processing Denial of Service Vulnerability (Win)
File : nvt/gb_wireshark_smtp_dos_vuln_win.nasl
2008-12-03 Name : Debian Security Advisory DSA 1673-1 (wireshark)
File : nvt/deb_1673_1.nasl
2008-10-24 Name : Wireshark Multiple Vulnerabilities - Oct08 (Windows)
File : nvt/gb_wireshark_mult_vuln_oct08_win.nasl
2008-10-24 Name : Wireshark Multiple Vulnerabilities - Oct08 (Linux)
File : nvt/gb_wireshark_mult_vuln_oct08_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52719 Wireshark WLCCP Dissector Packet Handling Infinite Loop DoS

51987 Wireshark Crafted Tektronix K12 Text Capture File Handling DoS

51815 Wireshark wiretap/netscreen.c NetScreen Snoop Capture File Handling Overflow

50069 Wireshark SMTP Dissector Packet Handling Infinite Loop DoS

49345 Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af...

49344 Wireshark Multiple Post Dissector packet-frame Remote DoS

49343 Wireshark Bluetooth ACL Dissector packet-bthci_acl.c dissect_btacl Function R...

49342 Wireshark wtap.c Malformed NCF File Handling Remote DoS

49341 Wireshark Bluetooth RFCOMM Dissector Unspecified DoS

49340 Wireshark USB Dissector packet-usb.c Malformed URB Handling Remote DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-5866.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12323.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-081220.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-090218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-081220.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-090107.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-090218.nasl - Type : ACT_GATHER_INFO
2009-07-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200906-05.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-215.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-242.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-058.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1798.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f6f19735924549188a6087948ebb4907.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1877.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0313.nasl - Type : ACT_GATHER_INFO
2009-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_wireshark-6007.nasl - Type : ACT_GATHER_INFO
2009-02-10 Name : The remote host has an application that is susceptible to multiple denial of ...
File : wireshark_1_0_6.nasl - Type : ACT_GATHER_INFO
2008-12-26 Name : The remote openSUSE host is missing a security update.
File : suse_wireshark-5886.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_baece347c48911dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_wireshark-5783.nasl - Type : ACT_GATHER_INFO
2008-12-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1673.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:17
  • Multiple Updates