Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title wireshark security update
Informations
Name RHSA-2010:0360 First vendor Publication 2010-04-20
Vendor RedHat Last vendor Modification 2010-04-20
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.

An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377)

Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829)

Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector 512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector 513008 - CVE-2009-2560 Wireshark: various flaws in a) RADIUS, b) Bluetooth L2CAP, c) MIOP dissectors (DoS) 531260 - CVE-2009-3550 Wireshark: NULL pointer dereference in the DCERPC over SMB packet disassembly 532479 - CVE-2009-3829 wireshark: unsigned integer wrap vulnerability in ERF reader (VU#676492) 549578 - CVE-2009-4377 wireshark: invalid pointer dereference in SMB/SMB2 dissectors 559793 - CVE-2010-0304 wireshark: crash in LWRES dissector

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0360.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10103
 
Oval ID: oval:org.mitre.oval:def:10103
Title: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Description: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3550
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10403
 
Oval ID: oval:org.mitre.oval:def:10403
Title: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
Description: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2560
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11210
 
Oval ID: oval:org.mitre.oval:def:11210
Title: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
Description: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11643
 
Oval ID: oval:org.mitre.oval:def:11643
Title: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Description: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2562
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13282
 
Oval ID: oval:org.mitre.oval:def:13282
Title: DSA-1942-1 wireshark -- several
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues, which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included. For the old stable distribution, this problem has been fixed in version 0.99.4-5.etch.4. For the stable distribution, this problem has been fixed in version 1.0.2-3+lenny7. For the unstable distribution these problems have been fixed in version 1.2.3-1. We recommend that you upgrade your Wireshark packages.
Family: unix Class: patch
Reference(s): DSA-1942-1
CVE-2009-1268
CVE-2008-1829
CVE-2009-2560
CVE-2009-2562
CVE-2009-3241
CVE-2009-3550
CVE-2009-3829
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13361
 
Oval ID: oval:org.mitre.oval:def:13361
Title: DSA-1983-1 wireshark -- several
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4337 A NULL pointer dereference was found in the SMB/SMB2 dissectors. CVE-2010-0304 Several buffer overflows were found in the LWRES dissector. For the stable distribution, this problem has been fixed in version 1.0.2-3+lenny8. For the unstable distribution these problems have been fixed in version 1.2.6-1. We recommend that you upgrade your Wireshark packages.
Family: unix Class: patch
Reference(s): DSA-1983-1
CVE-2009-4377
CVE-2010-0304
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21253
 
Oval ID: oval:org.mitre.oval:def:21253
Title: RHSA-2010:0360: wireshark security update (Moderate)
Description: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Family: unix Class: patch
Reference(s): RHSA-2010:0360-01
CESA-2010:0360
CVE-2009-2560
CVE-2009-2562
CVE-2009-2563
CVE-2009-3550
CVE-2009-3829
CVE-2009-4377
CVE-2010-0304
Version: 94
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
CentOS Linux 5
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22891
 
Oval ID: oval:org.mitre.oval:def:22891
Title: ELSA-2010:0360: wireshark security update (Moderate)
Description: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Family: unix Class: patch
Reference(s): ELSA-2010:0360-01
CVE-2009-2560
CVE-2009-2562
CVE-2009-2563
CVE-2009-3550
CVE-2009-3829
CVE-2009-4377
CVE-2010-0304
Version: 33
Platform(s): Oracle Linux 5
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25534
 
Oval ID: oval:org.mitre.oval:def:25534
Title: NULL pointer dereference vulnerability in Wireshark via crafted packet
Description: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
Family: windows Class: vulnerability
Reference(s): CVE-2009-4377
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5625
 
Oval ID: oval:org.mitre.oval:def:5625
Title: DOS vulnerability in the AFS dissector in Wireshark.
Description: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2562
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5979
 
Oval ID: oval:org.mitre.oval:def:5979
Title: Wireshark Integer overflow vulnerability in wiretap/erf.c
Description: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3829
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6005
 
Oval ID: oval:org.mitre.oval:def:6005
Title: Wireshark DoS Vulnerability due to the DCERPC/NT dissector
Description: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3550
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6321
 
Oval ID: oval:org.mitre.oval:def:6321
Title: DOS vulnerability in the Infiniband dissector in Wireshark.
Description: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2563
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6416
 
Oval ID: oval:org.mitre.oval:def:6416
Title: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause DOS.
Description: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2560
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7075
 
Oval ID: oval:org.mitre.oval:def:7075
Title: DSA-1983 wireshark -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: A NULL pointer dereference was found in the SMB/SMB2 dissectors. Several buffer overflows were found in the LWRES dissector.
Family: unix Class: patch
Reference(s): DSA-1983
CVE-2009-4377
CVE-2010-0304
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7586
 
Oval ID: oval:org.mitre.oval:def:7586
Title: DSA-1942 wireshark -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: A NULL pointer dereference was found in the RADIUS dissector. A NULL pointer dereference was found in the DCERP/NT dissector. An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included.
Family: unix Class: patch
Reference(s): DSA-1942
CVE-2009-1268
CVE-2008-1829
CVE-2009-2560
CVE-2009-2562
CVE-2009-3241
CVE-2009-3550
CVE-2009-3829
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8490
 
Oval ID: oval:org.mitre.oval:def:8490
Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Description: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0304
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9564
 
Oval ID: oval:org.mitre.oval:def:9564
Title: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
Description: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4377
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9933
 
Oval ID: oval:org.mitre.oval:def:9933
Title: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Description: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0304
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9945
 
Oval ID: oval:org.mitre.oval:def:9945
Title: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Description: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3829
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 66

SAINT Exploits

Description Link
Wireshark LWRES dissector buffer overflow More info here

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for wireshark CESA-2010:0360 centos5 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-05 (wireshark)
File : nvt/glsa_201006_05.nasl
2010-04-29 Name : CentOS Update for wireshark CESA-2010:0360 centos3 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos3_i386.nasl
2010-04-29 Name : CentOS Update for wireshark CESA-2010:0360 centos4 i386
File : nvt/gb_CESA-2010_0360_wireshark_centos4_i386.nasl
2010-04-29 Name : RedHat Update for wireshark RHSA-2010:0360-01
File : nvt/gb_RHSA-2010_0360-01_wireshark.nasl
2010-03-05 Name : Fedora Update for wireshark FEDORA-2010-3556
File : nvt/gb_fedora_2010_3556_wireshark_fc12.nasl
2010-02-10 Name : Debian Security Advisory DSA 1983-1 (wireshark)
File : nvt/deb_1983_1.nasl
2010-02-10 Name : FreeBSD Ports: wireshark, wireshark-lite
File : nvt/freebsd_wireshark3.nasl
2010-02-08 Name : Wireshark Multiple Buffer Overflow Vulnerabilities (Linux)
File : nvt/gb_wireshark_mult_bof_vuln_lin.nasl
2010-02-08 Name : Wireshark Multiple Buffer Overflow Vulnerabilities (Win)
File : nvt/gb_wireshark_mult_bof_vuln_win.nasl
2010-02-08 Name : Mandriva Update for wireshark MDVSA-2010:031 (wireshark)
File : nvt/gb_mandriva_MDVSA_2010_031.nasl
2010-01-20 Name : Mandriva Update for wireshark MDVSA-2010:016 (wireshark)
File : nvt/gb_mandriva_MDVSA_2010_016.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13592 (wireshark)
File : nvt/fcore_2009_13592.nasl
2009-12-24 Name : Wireshark SMB Dissectors Denial of Service Vulnerability (Linux)
File : nvt/secpod_wireshark_smb_dos_vuln_lin.nasl
2009-12-14 Name : SLES11: Security update for wireshark
File : nvt/sles11_wireshark1.nasl
2009-12-10 Name : Fedora Core 10 FEDORA-2009-7998 (wireshark)
File : nvt/fcore_2009_7998.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:292-1 (wireshark)
File : nvt/mdksa_2009_292_1.nasl
2009-12-10 Name : Debian Security Advisory DSA 1942-1 (wireshark)
File : nvt/deb_1942_1.nasl
2009-12-03 Name : SLES10: Security update for ethereal
File : nvt/sles10_ethereal4.nasl
2009-12-03 Name : Gentoo Security Advisory GLSA 200911-05 (wireshark)
File : nvt/glsa_200911_05.nasl
2009-12-03 Name : SLES9: Security update for ethereal
File : nvt/sles9p5063382.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-9837 (wireshark)
File : nvt/fcore_2009_9837.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:292 (wireshark)
File : nvt/mdksa_2009_292.nasl
2009-11-04 Name : Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Linux)
File : nvt/gb_wireshark_dcerpcnt_dos_vuln_nov09_lin.nasl
2009-11-04 Name : Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Win)
File : nvt/gb_wireshark_wiretap_dos_vuln_nov09_win.nasl
2009-11-04 Name : Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux)
File : nvt/gb_wireshark_wiretap_dos_vuln_nov09_lin.nasl
2009-11-04 Name : Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win)
File : nvt/gb_wireshark_dcerpcnt_dos_vuln_nov09_win.nasl
2009-10-13 Name : SLES10: Security update for ethereal
File : nvt/sles10_ethereal1.nasl
2009-10-11 Name : SLES11: Security update for ethereal and wireshark
File : nvt/sles11_wireshark0.nasl
2009-10-10 Name : SLES9: Security update for ethereal
File : nvt/sles9p5056989.nasl
2009-09-15 Name : Gentoo Security Advisory GLSA 200909-16 (wireshark)
File : nvt/glsa_200909_16.nasl
2009-09-09 Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:194 (wireshark)
File : nvt/mdksa_2009_194.nasl
2009-07-22 Name : Wireshark Multiple Vulnerabilities - July09 (Win)
File : nvt/secpod_wireshark_mult_vuln_jul09_win.nasl
2009-07-22 Name : Wireshark Multiple Vulnerabilities - July09 (Linux)
File : nvt/secpod_wireshark_mult_vuln_jul09_lin.nasl
2009-07-22 Name : Wireshark Infiniband Dissector Denial of Service Vulnerability (Win)
File : nvt/secpod_wireshark_infiniband_dos_vuln_win.nasl
2009-07-22 Name : Wireshark Infiniband Dissector Denial of Service Vulnerability (Linux)
File : nvt/secpod_wireshark_infiniband_dos_vuln_lin.nasl
2009-07-22 Name : Wireshark AFS Dissector Denial of Service Vulnerability (Win)
File : nvt/secpod_wireshark_afs_dos_vuln_win.nasl
2009-07-22 Name : Wireshark AFS Dissector Denial of Service Vulnerability (Linux)
File : nvt/secpod_wireshark_afs_dos_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61987 Wireshark LWRES Dissector dissect_getaddrsbyname_request Remote Overflow

Wireshark is prone to an overflow condition. The dissect_getaddrsbyname_request() function fails to properly sanitize user-supplied input resulting in a sta overflow.ck With a specially crafted packet, a context-dependent attacker can potentially cause arbitrary code execution.
61178 Wireshark SMB / SMB2 Dissector Remote DoS

59478 Wireshark wiretap/erf.c Unsigned Integer Wrap ERF File Handling Overflow

59461 Wireshark RADIUS Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the RADIUS dissector occurs, and will result in loss of availability for the service.
59460 Wireshark DCERPC/NT Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer dereference error within the DCERPC/NT dissector occurs, and will result in loss of availability for the service.
56021 Wireshark MIOP Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when the MIOP dissector processes packets with malformed Unique ID lengths (>=256 bytes), and will result in loss of availability for the service.
56020 Wireshark RADIUS Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted RADIUS packets are dissected, and will result in loss of availability for the platform.
56019 Wireshark Bluetooth L2CAP Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified condition occurs, and will result in loss of availability for the service.
56018 Wireshark Infiniband Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified condition involving the Infiniband dissector occurs, and will result in loss of availability for the platform.
56017 Wireshark AFS Dissector Unspecified DoS

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified condition related to the AFS dissector occurs, and will result in loss of availability for the service.

Snort® IPS/IDS

Date Description
2014-01-10 Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt
RuleID : 17544 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100420_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-100228.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6890.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6628.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-016.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3556.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-05.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2010-04-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0360.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12593.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-100203.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-100203.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_wireshark-100203.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-100301.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6889.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1983.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1942.nasl - Type : ACT_GATHER_INFO
2010-02-10 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bb0a879515dc11dfbf0a002170daae37.nasl - Type : ACT_GATHER_INFO
2010-02-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-031.nasl - Type : ACT_GATHER_INFO
2010-01-29 Name : The remote host has an application that is affected by several buffer overflows.
File : wireshark_1_2_6.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13592.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote host has an application that is affected by multiple vulnerabilities
File : wireshark_1_2_5.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-7998.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-292.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6627.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-091125.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12530.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-05.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9837.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_wireshark-6444.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_ethereal-090818.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12485.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ethereal-6443.nasl - Type : ACT_GATHER_INFO
2009-09-21 Name : The remote host has an application that is affected by multiple vulnerabilities.
File : wireshark_1_0_9.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200909-16.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_wireshark-090818.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_wireshark-090818.nasl - Type : ACT_GATHER_INFO
2009-08-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-194.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote host has an application that is affected by multiple vulnerabilities.
File : wireshark_1_2_1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:53:27
  • Multiple Updates