ID CVE-2006-4333
Summary The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.10.4
    cpe:2.3:a:wireshark:wireshark:0.10.4
  • cpe:2.3:a:wireshark:wireshark:0.10.13
    cpe:2.3:a:wireshark:wireshark:0.10.13
  • cpe:2.3:a:wireshark:wireshark:0.99
    cpe:2.3:a:wireshark:wireshark:0.99
  • cpe:2.3:a:wireshark:wireshark:0.99.1
    cpe:2.3:a:wireshark:wireshark:0.99.1
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
CVSS
Base: 5.4 (as of 27-08-2006 - 15:54)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-152.NASL
    description Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were discovered in versions of wireshark less than 0.99.3, as well as an off-by-one error in the IPsec ESP preference parser if compiled with ESP decryption support. This updated provides wireshark 0.99.3a which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23898
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23898
    title Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-26 (Wireshark: Multiple vulnerabilities) The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact : An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround : Disable the SCSI and Q.2931 dissectors with the 'Analyse' and 'Enabled protocols' menus. Make sure the ESP decryption is disabled, with the 'Edit -> Preferences -> Protocols -> ESP' menu.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 22288
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22288
    title GLSA-200608-26 : Wireshark: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1171.NASL
    description Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4333 It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3241 It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion. - CVE-2005-3242 It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption. - CVE-2005-3243 It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows. - CVE-2005-3244 It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop. - CVE-2005-3246 It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a NULL pointer dereference. - CVE-2005-3248 It was discovered that the X11 dissector is vulnerable to denial of service caused by a division through zero. This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which was introduced in a previous DSA.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22713
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22713
    title Debian DSA-1171-1 : ethereal - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0658.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 22344
    published 2006-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22344
    title RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-2029.NASL
    description A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. CVE-2006-4333: If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27206
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27206
    title openSUSE 10 Security Update : ethereal (ethereal-2029)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0658.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22337
    published 2006-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22337
    title CentOS 3 / 4 : wireshark (CESA-2006:0658)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-2028.NASL
    description A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. - If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. (CVE-2006-4333) The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29419
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29419
    title SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0726.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. From Red Hat Security Advisory 2006:0726 : Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740) A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574) From Red Hat Security Advisory 2006:0658 : Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) From Red Hat Security Advisory 2006:0602 : In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal's protocol dissectors. It was possible for Ethereal to crash or stop responding if it read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629, CVE-2006-3631) Several buffer overflow bugs were found in Ethereal's ANSI MAP, NCP NMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3630, CVE-2006-3632) Several format string bugs were found in Ethereal's Checkpoint FW-1, MQ, XML, and NTP dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3628)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67418
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67418
    title Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602)
oval via4
accepted 2013-04-29T04:15:48.444-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
family unix
id oval:org.mitre.oval:def:11801
status accepted
submitted 2010-07-09T03:56:16-04:00
title The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
version 24
redhat via4
advisories
bugzilla
id 204066
title wireshark doesn't work as non root user
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0658
released 2006-09-12
severity Low
title RHSA-2006:0658: wireshark security update (Low)
refmap via4
bid 19690
bugtraq 20060825 rPSA-2006-0158-1 tshark wireshark
cert-vn VU#696896
confirm
debian DSA-1171
gentoo GLSA-200608-26
mandriva MDKSA-2006:152
sectrack 1016736
secunia
  • 21597
  • 21619
  • 21649
  • 21682
  • 21813
  • 21885
  • 22378
vupen ADV-2006-3370
xf
  • wireshark-esp-offbyone(28553)
  • wireshark-sscop-dos(28556)
Last major update 07-03-2011 - 21:40
Published 24-08-2006 - 16:04
Last modified 17-10-2018 - 17:34
Back to Top