ID CVE-2009-4377
Summary The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.9.7
    cpe:2.3:a:wireshark:wireshark:0.9.7
  • cpe:2.3:a:wireshark:wireshark:0.9.14
    cpe:2.3:a:wireshark:wireshark:0.9.14
  • Wireshark 0.99.6
    cpe:2.3:a:wireshark:wireshark:0.99.6
  • Wireshark 0.99.7
    cpe:2.3:a:wireshark:wireshark:0.99.7
  • Wireshark 0.99.5
    cpe:2.3:a:wireshark:wireshark:0.99.5
  • Wireshark 0.99.4
    cpe:2.3:a:wireshark:wireshark:0.99.4
  • Wireshark 0.99.3
    cpe:2.3:a:wireshark:wireshark:0.99.3
  • Wireshark 0.99.8
    cpe:2.3:a:wireshark:wireshark:0.99.8
  • cpe:2.3:a:wireshark:wireshark:0.9.2
    cpe:2.3:a:wireshark:wireshark:0.9.2
  • cpe:2.3:a:wireshark:wireshark:0.9.8
    cpe:2.3:a:wireshark:wireshark:0.9.8
  • cpe:2.3:a:wireshark:wireshark:0.9.5
    cpe:2.3:a:wireshark:wireshark:0.9.5
  • cpe:2.3:a:wireshark:wireshark:0.9.6
    cpe:2.3:a:wireshark:wireshark:0.9.6
  • cpe:2.3:a:wireshark:wireshark:0.9.10
    cpe:2.3:a:wireshark:wireshark:0.9.10
  • cpe:2.3:a:wireshark:wireshark:0.99.9
    cpe:2.3:a:wireshark:wireshark:0.99.9
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
  • cpe:2.3:a:wireshark:wireshark:0.99.6a
    cpe:2.3:a:wireshark:wireshark:0.99.6a
  • cpe:2.3:a:wireshark:wireshark:0.99.1
    cpe:2.3:a:wireshark:wireshark:0.99.1
  • cpe:2.3:a:wireshark:wireshark:0.99.0
    cpe:2.3:a:wireshark:wireshark:0.99.0
  • cpe:2.3:a:wireshark:wireshark:0.99
    cpe:2.3:a:wireshark:wireshark:0.99
  • Wireshark 1.0.6
    cpe:2.3:a:wireshark:wireshark:1.0.6
  • Wireshark 1.0.1
    cpe:2.3:a:wireshark:wireshark:1.0.1
  • Wireshark 1.0.4
    cpe:2.3:a:wireshark:wireshark:1.0.4
  • Wireshark 1.0.5
    cpe:2.3:a:wireshark:wireshark:1.0.5
  • Wireshark 1.0.7
    cpe:2.3:a:wireshark:wireshark:1.0.7
  • cpe:2.3:a:wireshark:wireshark:1.2
    cpe:2.3:a:wireshark:wireshark:1.2
  • Wireshark 1.0.9
    cpe:2.3:a:wireshark:wireshark:1.0.9
  • Wireshark 1.0.8
    cpe:2.3:a:wireshark:wireshark:1.0.8
  • Wireshark 1.2.3
    cpe:2.3:a:wireshark:wireshark:1.2.3
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • cpe:2.3:a:wireshark:wireshark:1.0
    cpe:2.3:a:wireshark:wireshark:1.0
  • Wireshark 1.0.2
    cpe:2.3:a:wireshark:wireshark:1.0.2
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.0.3
    cpe:2.3:a:wireshark:wireshark:1.0.3
  • Wireshark 1.2.2
    cpe:2.3:a:wireshark:wireshark:1.2.2
  • Wireshark 1.0.0
    cpe:2.3:a:wireshark:wireshark:1.0.0
  • Wireshark 1.2.4
    cpe:2.3:a:wireshark:wireshark:1.2.4
CVSS
Base: 4.3 (as of 22-12-2009 - 12:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13592.NASL
    description Various fixes were provided in wireshark 1.2.5 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.5.html for more details. Enhancements - introduced -devel package with autoconf support - enable Lua support Fedora Bug Fixes - the root warning dialog no longer shows up The following vulnerabilities have been fixed. See the security advisory for details and a workaround. http://www.wireshark.org/security/wnpa- sec-2009-09.html - The Daintree SNA file parser could overflow a buffer. (Bug 4294) CVE-2009-4376 - The SMB and SMB2 dissectors could crash. (Bug 4301) CVE-2009-4377 - The IPMI dissector could crash on Windows. (Bug 4319) The following bugs have been fixed: - Wireshark does not graph rtp streams. (Bug 3801) - Wireshark showing extraneous data in a TCP stream. (Bug 3955) - Wrong decoding of gtp.target identification. (Bug 3974) - TTE dissector bug. (Bug 4247) - Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255) - OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258) - Incorrect display of stream data using 'Follow tcp stream' option. (Bug 4288) - Custom RADIUS dictionary can cause a crash. (Bug 4316) Updated Protocol Support - DAP, eDonkey, GTP, IPMI, MIP, RADIUS, RANAP, SMB, SMB2, TCP, TTE, VNC, X.509sat Updated Capture File Support - Daintree SNA. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 43592
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43592
    title Fedora 12 : wireshark-1.2.5-3.fc12 (2009-13592)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201006-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below. Impact : A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 46772
    published 2010-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46772
    title GLSA-201006-05 : Wireshark: Multiple vulnerabilities
  • NASL family Windows
    NASL id WIRESHARK_1_2_5.NASL
    description The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities : - The Daintree SNA file parser can overflow a buffer. (Bug 4294) - The SMB and SMB2 dissectors can crash. (Bug 4301) - The IPMI dissector can crash on Windows. (Bug 4319) These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely (from the same network segment).
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 43350
    published 2009-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43350
    title Wireshark / Ethereal 0.9.0 to 1.2.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_WIRESHARK-100203.NASL
    description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45074
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45074
    title openSUSE Security Update : wireshark (wireshark-1900)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100420_WIRESHARK_ON_SL3_X.NASL
    description An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) All running instances of Wireshark must be restarted for the update to take effect. Note: libsmi was added to SL4 and SL5 because it was a new dependency for wireshark and older versions of SL4 and SL5 did not have libsmi.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60785
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60785
    title Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1983.NASL
    description Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4377 A NULL pointer dereference was found in the SMB/SMB2 dissectors. - CVE-2010-0304 Several buffer overflows were found in the LWRES dissector.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44847
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44847
    title Debian DSA-1983-1 : wireshark - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-031.NASL
    description This advisory updates Wireshark to the version 1.0.11, which fixes the following vulnerabilities : The SMB and SMB2 dissectors could crash (CVE-2009-4377). The Infiniband dissector could crash on some platforms (CVE-2009-2563). Several buffer overflows were discovered and fixed in the LWRES dissector.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 44385
    published 2010-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44385
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2010:031)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0360.NASL
    description From Red Hat Security Advisory 2010:0360 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 68032
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68032
    title Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0360)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-100301.NASL
    description This update of wireshark fixes : - Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. (CVE-2009-4376) - Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. (CVE-2009-4377) - Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. (CVE-2009-2563) - Several buffer overflows in the LWRES dissector. (CVE-2010-0304)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 45077
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45077
    title SuSE 11 Security Update : wireshark (SAT Patch Number 2082)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-016.NASL
    description This advisory updates wireshark to the latest 1.2.5 version, fixing several bugs and two security issues : - The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet (CVE-2009-4377) - Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet (CVE-2009-4376)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48169
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48169
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2010:016)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_WIRESHARK-100203.NASL
    description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45076
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45076
    title openSUSE Security Update : wireshark (wireshark-1900)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-100228.NASL
    description This update of wireshark fixes : - Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. (CVE-2009-4376) - Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. (CVE-2009-4377) - Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. (CVE-2009-2563) - Several buffer overflows in the LWRES dissector. (CVE-2010-0304)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51635
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51635
    title SuSE 11 Security Update : wireshark (SAT Patch Number 2082)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0360.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46301
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46301
    title RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0360)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_WIRESHARK-100203.NASL
    description This update of wireshark fixes : - CVE-2009-4376: Remote attackers could potentially trigger a buffer overflow in the Daintree SNA file parser. - CVE-2009-4377: Specially crafted packets could cause the SMB and SMB2 dissector to crash wireshark. - CVE-2009-2563: Unspecified vulnerability in the Infiniband dissector allows remote attackers to cause a denial of service. - CVE-2010-0304: Several buffer overflows in the LWRES dissector.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45072
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45072
    title openSUSE Security Update : wireshark (wireshark-1900)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0360.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45594
    published 2010-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45594
    title CentOS 3 / 4 / 5 : wireshark (CESA-2010:0360)
oval via4
accepted 2013-04-29T04:20:18.464-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
family unix
id oval:org.mitre.oval:def:9564
status accepted
submitted 2010-07-09T03:56:16-04:00
title The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
version 24
redhat via4
rpms
  • wireshark-0:1.0.11-EL3.6
  • wireshark-gnome-0:1.0.11-EL3.6
  • wireshark-0:1.0.11-1.el4_8.5
  • wireshark-gnome-0:1.0.11-1.el4_8.5
  • wireshark-0:1.0.11-1.el5_5.5
  • wireshark-gnome-0:1.0.11-1.el5_5.5
refmap via4
bid 37407
confirm
debian DSA-1983
fedora FEDORA-2009-13592
mandriva MDVSA-2010:031
osvdb 61178
sectrack 1023374
secunia
  • 37842
  • 37916
vupen ADV-2009-3596
Last major update 21-08-2010 - 01:37
Published 21-12-2009 - 16:30
Last modified 18-09-2017 - 21:29
Back to Top