ID CVE-2009-3551
Summary Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:1.2
    cpe:2.3:a:wireshark:wireshark:1.2
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
CVSS
Base: 5.0 (as of 02-11-2009 - 07:45)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12530.NASL
    description This is an update of wireshark to fix multiple vulnerabilities : - CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549) - CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. (CVE-2009-3550) - CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. (CVE-2009-3551) - CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. (CVE-2009-2560)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42947
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42947
    title SuSE9 Security Update : ethereal (YOU Patch Number 12530)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-6628.NASL
    description Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM))
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49845
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49845
    title SuSE 10 Security Update : ethereal (ZYPP Patch Number 6628)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_WIRESHARK-091125.NASL
    description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42953
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42953
    title openSUSE Security Update : wireshark (wireshark-1600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ETHEREAL-6627.NASL
    description Update of wireshark to fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM))
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42958
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42958
    title SuSE 10 Security Update : ethereal (ZYPP Patch Number 6627)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_WIRESHARK-091125.NASL
    description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42955
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42955
    title openSUSE Security Update : wireshark (wireshark-1600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_WIRESHARK-091125.NASL
    description Version upgrade of wireshark fix multiple vulnerabilities : - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42950
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42950
    title openSUSE Security Update : wireshark (wireshark-1600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-091125.NASL
    description Version upgrade of wireshark fix multiple vulnerabilities : - The Paltalk dissector could crash on alignment-sensitive processors. (CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM)) - The DCERPC/NT dissector could crash. (CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM)) - The SMB dissector could crash. (CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM)) - The RADIUS dissector could crash. (CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM)) - Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. (CVE-2009-3829). (CVSS v2 Base Score: 9.3 (HIGH))
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43085
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43085
    title SuSE 11 Security Update : wireshark (SAT Patch Number 1606)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829). The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551). Impact : A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 42915
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42915
    title GLSA-200911-05 : Wireshark: Multiple vulnerabilities
oval via4
accepted 2013-08-19T04:05:04.757-04:00
class vulnerability
contributors
  • name Prabhu S A
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
family windows
id oval:org.mitre.oval:def:6049
status accepted
submitted 2009-11-17T15:11:12
title Wireshark Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector to cause DoS Vulnerability
version 12
refmap via4
bid 36846
confirm
secunia
  • 37175
  • 37409
vupen ADV-2009-3061
xf wireshark-negprotresponse-dos(54018)
statements via4
contributor Tomas Hoger
lastmodified 2009-11-02
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 21-08-2010 - 01:36
Published 30-10-2009 - 16:30
Last modified 18-09-2017 - 21:29
Back to Top