ID CVE-2011-0445
Summary The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
References
Vulnerable Configurations
  • Wireshark 1.4.2
    cpe:2.3:a:wireshark:wireshark:1.4.2
  • Wireshark 1.4.1
    cpe:2.3:a:wireshark:wireshark:1.4.1
  • Wireshark 1.4.0
    cpe:2.3:a:wireshark:wireshark:1.4.0
CVSS
Base: 5.0 (as of 13-01-2011 - 10:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-110331.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 53315
    published 2011-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53315
    title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0460.NASL
    description - Mon Jan 17 2011 Jan Safranek - 1.2.14-1 - upgrade to 1.2.14 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 4.html - Wed Jan 5 2011 Jan Safranek - 1.2.13-2 - fixed buffer overflow in ENTTEC dissector (#666897) - Mon Nov 22 2010 Jan Safranek - 1.2.13-1 - upgrade to 1.2.13 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 3.html - Mon Sep 13 2010 Jan Safranek - 1.2.11-1 - upgrade to 1.2.11 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 1.html - Resolves: #632539 - Tue Aug 24 2010 Jan Safranek - 1.2.10-1 - upgrade to 1.2.10 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 0.html - Resolves: #625940 CVE-2010-2287 CVE-2010-2286 CVE-2010-2284 CVE-2010-2283 - Mon May 17 2010 Radek Vokal - 1.2.8-3 - removing traling bracket from python_sitearch (#592391) - Fri May 7 2010 Radek Vokal - 1.2.8-2 - add libtool patch - Fri May 7 2010 Radek Vokal - 1.2.8-1 - use sitearch instead of sitelib to avoid pyo and pyc conflicts - upgrade to 1.2.8 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.8 .html - rebuild with GeoIP support (needs to be turned on in IP protocol preferences) - bring back -pie Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51854
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51854
    title Fedora 13 : wireshark-1.2.14-1.fc13 (2011-0460)
  • NASL family Windows
    NASL id WIRESHARK_1_4_3.NASL
    description The installed version of Wireshark is 1.2.x less than 1.2.14 or 1.4.x less than 1.4.3. Such versions are affected by the following vulnerabilities : - An error exists in the MAC-LTE dissector that allows a series of malformed packets to cause a buffer overflow. (5530) - An error exists in the ENTTEC dissector that allows a series of malformed packets to cause a buffer overflow. (5539) - An error exists in the ASN.1 BER dissector that allows a series of malformed packets to make Wireshark exit prematurely. (5537)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 51458
    published 2011-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51458
    title Wireshark < 1.2.14 / 1.4.3 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0450.NASL
    description - Mon Jan 17 2011 Jan Safranek - 1.4.2-3 - upgrade to 1.4.3 - see http://www.wireshark.org/docs/relnotes/wireshark-1.4.3 .html - Wed Jan 5 2011 Jan Safranek - 1.4.2-2 - fixed buffer overflow in ENTTEC dissector (#666897) - Mon Nov 22 2010 Jan Safranek - 1.4.2-1 - upgrade to 1.4.2 - see http://www.wireshark.org/docs/relnotes/wireshark-1.4.2 .html - Mon Nov 1 2010 Jan Safranek - 1.4.1-2 - temporarily disable zlib until https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=49 55 is resolved (#643461) - Fri Oct 22 2010 Jan Safranek - 1.4.1-1 - upgrade to 1.4.1 - see http://www.wireshark.org/docs/relnotes/wireshark-1.4.1 .html - Own the %{_libdir}/wireshark dir (#644508) - associate *.pcap files with wireshark (#641163) - Tue Oct 5 2010 jkeating - 1.4.0-2.1 - Rebuilt for gcc bug 634757 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 51853
    published 2011-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51853
    title Fedora 14 : wireshark-1.4.3-1.fc14 (2011-0450)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56426
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56426
    title GLSA-201110-02 : Wireshark: Multiple vulnerabilities
oval via4
accepted 2013-08-19T04:00:19.142-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
family windows
id oval:org.mitre.oval:def:14505
status accepted
submitted 2012-02-27T15:34:33.178-04:00
title Vulnerability in ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2
version 8
refmap via4
bid 45775
confirm
fedora
  • FEDORA-2011-0450
  • FEDORA-2011-0460
osvdb 70402
secunia 43175
vupen
  • ADV-2011-0079
  • ADV-2011-0270
xf wireshark-asn1ber-dissector-dos(64625)
Last major update 13-08-2012 - 23:23
Published 12-01-2011 - 20:00
Last modified 18-09-2017 - 21:32
Back to Top