ID CVE-2006-4331
Summary Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
References
Vulnerable Configurations
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
CVSS
Base: 5.0 (as of 26-08-2006 - 17:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-152.NASL
    description Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were discovered in versions of wireshark less than 0.99.3, as well as an off-by-one error in the IPsec ESP preference parser if compiled with ESP decryption support. This updated provides wireshark 0.99.3a which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23898
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23898
    title Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-26 (Wireshark: Multiple vulnerabilities) The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact : An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround : Disable the SCSI and Q.2931 dissectors with the 'Analyse' and 'Enabled protocols' menus. Make sure the ESP decryption is disabled, with the 'Edit -> Preferences -> Protocols -> ESP' menu.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 22288
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22288
    title GLSA-200608-26 : Wireshark: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0658.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 22344
    published 2006-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22344
    title RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-2029.NASL
    description A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. CVE-2006-4333: If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27206
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27206
    title openSUSE 10 Security Update : ethereal (ethereal-2029)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0658.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22337
    published 2006-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22337
    title CentOS 3 / 4 : wireshark (CESA-2006:0658)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0726.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740) A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574) From Red Hat Security Advisory 2006:0658 : Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) From Red Hat Security Advisory 2006:0602 : In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal's protocol dissectors. It was possible for Ethereal to crash or stop responding if it read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629, CVE-2006-3631) Several buffer overflow bugs were found in Ethereal's ANSI MAP, NCP NMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3630, CVE-2006-3632) Several format string bugs were found in Ethereal's Checkpoint FW-1, MQ, XML, and NTP dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3628)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67418
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67418
    title Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602)
oval via4
  • accepted 2013-04-29T04:01:59.195-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
    family unix
    id oval:org.mitre.oval:def:10125
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
    version 23
  • accepted 2013-08-19T04:00:21.770-04:00
    class vulnerability
    contributors
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    comment Wireshark is installed on the system.
    oval oval:org.mitre.oval:def:6589
    description Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
    family windows
    id oval:org.mitre.oval:def:14587
    status accepted
    submitted 2012-02-27T15:34:33.178-04:00
    title Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark 0.99.2
    version 8
redhat via4
advisories
rhsa
id RHSA-2006:0658
refmap via4
bid 19690
cert-vn VU#638376
confirm
gentoo GLSA-200608-26
mandriva MDKSA-2006:152
sectrack 1016736
secunia
  • 21597
  • 21619
  • 21649
  • 21682
  • 21885
  • 22378
vupen ADV-2006-3370
xf wireshark-esp-offbyone(28553)
Last major update 13-08-2012 - 22:00
Published 24-08-2006 - 16:04
Last modified 10-10-2017 - 21:31
Back to Top