ID CVE-2009-3241
Summary Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
References
Vulnerable Configurations
  • Wireshark 0.99.7
    cpe:2.3:a:wireshark:wireshark:0.99.7
  • cpe:2.3:a:wireshark:wireshark:1.0
    cpe:2.3:a:wireshark:wireshark:1.0
  • Wireshark 1.0.1
    cpe:2.3:a:wireshark:wireshark:1.0.1
  • Wireshark 1.0.2
    cpe:2.3:a:wireshark:wireshark:1.0.2
  • Wireshark 1.0.3
    cpe:2.3:a:wireshark:wireshark:1.0.3
  • Wireshark 1.0.6
    cpe:2.3:a:wireshark:wireshark:1.0.6
  • Wireshark 1.0.7
    cpe:2.3:a:wireshark:wireshark:1.0.7
  • Wireshark 1.0.8
    cpe:2.3:a:wireshark:wireshark:1.0.8
  • cpe:2.3:a:wireshark:wireshark:1.2
    cpe:2.3:a:wireshark:wireshark:1.2
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.0.5
    cpe:2.3:a:wireshark:wireshark:1.0.5
  • Wireshark 0.99.8
    cpe:2.3:a:wireshark:wireshark:0.99.8
  • cpe:2.3:a:wireshark:wireshark:0.99.9
    cpe:2.3:a:wireshark:wireshark:0.99.9
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 0.99.6
    cpe:2.3:a:wireshark:wireshark:0.99.6
  • cpe:2.3:a:wireshark:wireshark:0.99.6a
    cpe:2.3:a:wireshark:wireshark:0.99.6a
  • Wireshark 1.0.4
    cpe:2.3:a:wireshark:wireshark:1.0.4
  • Wireshark 1.0.0
    cpe:2.3:a:wireshark:wireshark:1.0.0
CVSS
Base: 7.8 (as of 18-09-2009 - 11:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description Wireshark 1.2.1 OpcUa Dissector Unspecified Resource Exhaustion DoS. CVE-2009-3241 . Dos exploit for linux platform
id EDB-ID:33222
last seen 2016-02-03
modified 2009-09-15
published 2009-09-15
reporter Buildbot Builder
source https://www.exploit-db.com/download/33222/
title Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion DoS
nessus via4
  • NASL family Windows
    NASL id WIRESHARK_1_2_2.NASL
    description The installed version of Wireshark or Ethereal is affected by multiple issues : - The GSM A RR dissector could crash. (Bug 3893) - The OpcUa dissector could use excessive CPU and memory. (Bug 3986) - The TLS dissector could crash on some platforms. (Bug 4008) - Wireshark could crash while reading an 'ERF' file. (Bug 3849) These vulnerabilities could result in a denial of service. A remote attacker could exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues could be exploited remotely (from the same network segment).
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40999
    published 2009-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40999
    title Wireshark / Ethereal 0.9.6 to 1.2.1 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WIRESHARK-6533.NASL
    description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42070
    published 2009-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42070
    title openSUSE 10 Security Update : wireshark (wireshark-6533)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_WIRESHARK-091005.NASL
    description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42068
    published 2009-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42068
    title openSUSE Security Update : wireshark (wireshark-1363)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-270.NASL
    description A vulnerability has been found and corrected in wireshark : Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets (CVE-2009-3241). This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 42096
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42096
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2009:270)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_WIRESHARK-091006.NASL
    description Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42069
    published 2009-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42069
    title openSUSE Security Update : wireshark (wireshark-1363)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-9837.NASL
    description Update to Wireshark 1.2.2 fixing multiple security issues: http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0 - The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0 * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0 * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0 * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0 (Issues from wnpa-sec-2009-04 does not affect users of Wireshark 1.2.1 packages from updates-testing.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42387
    published 2009-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42387
    title Fedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1942.NASL
    description Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. - CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. - CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241 ), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44807
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44807
    title Debian DSA-1942-1 : wireshark - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 42915
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42915
    title GLSA-200911-05 : Wireshark: Multiple vulnerabilities
oval via4
accepted 2013-08-19T04:05:05.857-04:00
class vulnerability
contributors
  • name Prabhu.S.A
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
family windows
id oval:org.mitre.oval:def:6162
status accepted
submitted 2009-09-24T15:11:12
title DOS vulnerability in the OpcUa (OPC UA) dissector in Wireshark.
version 7
refmap via4
bid 36408
confirm
debian DSA-1942
misc https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986
secunia
  • 36754
  • 37409
  • 37477
suse SUSE-SR:2009:016
statements via4
contributor Tomas Hoger
lastmodified 2009-09-30
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 21-08-2010 - 01:35
Published 18-09-2009 - 06:30
Last modified 18-09-2017 - 21:29
Back to Top