ID CVE-2007-3393
Summary Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
References
Vulnerable Configurations
  • Wireshark 0.99.5
    cpe:2.3:a:wireshark:wireshark:0.99.5
CVSS
Base: 5.0 (as of 26-06-2007 - 11:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-12 (Wireshark: Multiple vulnerabilities) Wireshark doesn't properly handle chunked encoding in HTTP responses (CVE-2007-3389), iSeries capture files (CVE-2007-3390), certain types of DCP ETSI packets (CVE-2007-3391), and SSL or MMS packets (CVE-2007-3392). An off-by-one error has been discovered in the DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets (CVE-2007-3393). Impact : A remote attacker could send specially crafted packets on a network being monitored with Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running Wireshark which might be the root user, or a Denial of Service. Workaround : In order to prevent root compromise, take network captures with tcpdump and analyze them running Wireshark as a least privileged user.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25918
    published 2007-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25918
    title GLSA-200708-12 : Wireshark: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WIRESHARK-3886.NASL
    description Various security problems were fixed in the wireshark 0.99.6 release, which were backported : CVE-2007-3389: Wireshark allowed remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. CVE-2007-3390: Wireshark when running on certain systems, allowed remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. CVE-2007-3391: Wireshark allowed remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. CVE-2007-3392: Wireshark allowed remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark allowed remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27478
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27478
    title openSUSE 10 Security Update : wireshark (wireshark-3886)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0709.NASL
    description New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.6, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67054
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67054
    title CentOS 4 : wireshark (CESA-2007:0709)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11574.NASL
    description Various security problems were fixed in the wireshark 0.99.6 release, which were backported to ethereal (predecessor of wireshark) : - Wireshark allowed remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. (CVE-2007-3389) - Wireshark when running on certain systems, allowed remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. (CVE-2007-3390) - Wireshark allowed remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. (CVE-2007-3391) - Wireshark allowed remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. (CVE-2007-3392) - Off-by-one error in the DHCP/BOOTP dissector in Wireshark allowed remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. (CVE-2007-3393)
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 41137
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41137
    title SuSE9 Security Update : ethereal (YOU Patch Number 11574)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0059.NASL
    description From Red Hat Security Advisory 2008:0059 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67643
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67643
    title Oracle Linux 3 : wireshark (ELSA-2008-0059)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-3885.NASL
    description Various security problems were fixed in the wireshark 0.99.6 release, which were backported to ethereal (predecessor of wireshark) : CVE-2007-3389: Wireshark allowed remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. CVE-2007-3390: Wireshark when running on certain systems, allowed remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. CVE-2007-3391: Wireshark allowed remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. CVE-2007-3392: Wireshark allowed remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark allowed remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27208
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27208
    title openSUSE 10 Security Update : ethereal (ethereal-3885)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1322.NASL
    description Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3390 Off-by-one overflows were discovered in the iSeries dissector. - CVE-2007-3392 The MMS and SSL dissectors could be forced into an infinite loop. - CVE-2007-3393 An off-by-one overflow was discovered in the DHCP/BOOTP dissector. The oldstable distribution (sarge) is not affected by these problems. (In Sarge Wireshark used to be called Ethereal).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25616
    published 2007-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25616
    title Debian DSA-1322-1 : wireshark - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-145.NASL
    description A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or exhaustion of system memory. This updated provides wireshark 0.99.6 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25698
    published 2007-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25698
    title Mandrake Linux Security Advisory : wireshark (MDKSA-2007:145)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_WIRESHARK_ON_SL5_X.NASL
    description Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60291
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60291
    title Scientific Linux Security Update : wireshark on SL5.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7FADC0492BA011DC93770016179B2DD5.NASL
    description wireshark Team reports : It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 25679
    published 2007-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25679
    title FreeBSD : wireshark -- Multiple problems (7fadc049-2ba0-11dc-9377-0016179b2dd5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-3888.NASL
    description Various security problems were fixed in the wireshark 0.99.6 release, which were backported to ethereal (predecessor of wireshark) : - Wireshark allowed remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. (CVE-2007-3389) - Wireshark when running on certain systems, allowed remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. (CVE-2007-3390) - Wireshark allowed remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. (CVE-2007-3391) - Wireshark allowed remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. (CVE-2007-3392) - Off-by-one error in the DHCP/BOOTP dissector in Wireshark allowed remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. (CVE-2007-3393)
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 29421
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29421
    title SuSE 10 Security Update : ethereal (ZYPP Patch Number 3888)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_WIRESHARK_ON_SL4_X.NASL
    description Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60312
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60312
    title Scientific Linux Security Update : wireshark on SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0710.NASL
    description New Wireshark packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 5. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Users of Wireshark and Ethereal should upgrade to these updated packages, containing Wireshark version 0.99.6, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 27833
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27833
    title RHEL 5 : wireshark (RHSA-2007:0710)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0059.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30035
    published 2008-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30035
    title RHEL 3 : wireshark (RHSA-2008:0059)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0709.NASL
    description New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.6, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 28238
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28238
    title RHEL 4 : wireshark (RHSA-2007:0709)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0059.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30044
    published 2008-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30044
    title CentOS 3 : wireshark (CESA-2008:0059)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080121_WIRESHARK_ON_SL3_X.NASL
    description Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60350
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60350
    title Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64
oval via4
accepted 2013-04-29T04:10:42.876-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
family unix
id oval:org.mitre.oval:def:11010
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
version 24
redhat via4
advisories
  • bugzilla
    id 246229
    title CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment wireshark is earlier than 0:0.99.6-EL4.1
          oval oval:com.redhat.rhsa:tst:20070709002
        • comment wireshark is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726003
      • AND
        • comment wireshark-gnome is earlier than 0:0.99.6-EL4.1
          oval oval:com.redhat.rhsa:tst:20070709004
        • comment wireshark-gnome is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726005
    rhsa
    id RHSA-2007:0709
    released 2007-11-15
    severity Low
    title RHSA-2007:0709: wireshark security and bug fix update (Low)
  • bugzilla
    id 246229
    title CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment wireshark is earlier than 0:0.99.6-1.el5
          oval oval:com.redhat.rhsa:tst:20070710002
        • comment wireshark is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066011
      • AND
        • comment wireshark-gnome is earlier than 0:0.99.6-1.el5
          oval oval:com.redhat.rhsa:tst:20070710004
        • comment wireshark-gnome is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066013
    rhsa
    id RHSA-2007:0710
    released 2007-11-07
    severity Low
    title RHSA-2007:0710: wireshark security update (Low)
  • rhsa
    id RHSA-2008:0059
rpms
  • wireshark-0:0.99.6-EL4.1
  • wireshark-gnome-0:0.99.6-EL4.1
  • wireshark-0:0.99.6-1.el5
  • wireshark-gnome-0:0.99.6-1.el5
  • libsmi-0:0.4.5-3.el3
  • libsmi-devel-0:0.4.5-3.el3
  • wireshark-0:0.99.7-EL3.1
  • wireshark-gnome-0:0.99.7-EL3.1
refmap via4
bid 24662
confirm
debian DSA-1322
gentoo GLSA-200708-12
mandriva MDKSA-2007:145
osvdb 37639
sectrack 1018315
secunia
  • 22588
  • 25833
  • 25877
  • 25987
  • 26004
  • 26499
  • 28583
suse SUSE-SR:2007:015
vupen ADV-2007-2353
xf wireshark-dhcpbootp-dos(35113)
Last major update 30-10-2012 - 22:38
Published 25-06-2007 - 20:30
Last modified 10-10-2017 - 21:32
Back to Top