| nessus
via4
|
| NASL family | Windows | | NASL id | WIRESHARK_1_4_4.NASL | | description | The installed version of Wireshark is 1.0.x or 1.2.x less than 1.2.15
or 1.4.x less than 1.4.4. Such versions are affected by the following
vulnerabilities :
- The BER dissector may loop indefinitely. (Bug #1516)
- A crash can occur in the NTLMSSP dissector. (Bug #5157)
- An error exists in the processing of pcap-ng files
that causes the application to free an uninitialized
pointer. (Bug #5652)
- An error exists in the processing of packets having
large length in a pcap-ng file. This can result in
application crashes. (Bug #5661)
- A stack overflow vulnerability exists in the LDAP and
SMB dissectors. (Bug #5717)
- An error exists in the processing of malformed 6LoWPAN
packets. This affects only 32-bit platforms and can
result in application crashes. (Bug #5722)
- An error exists in the processing of large LDAP filter
strings that cause the application to consume excessive
amounts of memory. (Bug #5732) | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 52502 | | published | 2011-03-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52502 | | title | Wireshark < 1.2.15 / 1.4.4 Multiple Vulnerabilities |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201110-02.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201110-02
(Wireshark: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Wireshark. Please
review the CVE identifiers referenced below for details.
Impact :
A remote attacker could send specially crafted packets on a network
being monitored by Wireshark, entice a user to open a malformed packet
trace file using Wireshark, or deploy a specially crafted Lua script for
use by Wireshark, possibly resulting in the execution of arbitrary code,
or a Denial of Service condition.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-07-11 | | plugin id | 56426 | | published | 2011-10-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=56426 | | title | GLSA-201110-02 : Wireshark: Multiple vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_WIRESHARK-110331.NASL | | description | Wireshark was updated to version 1.4.4 to fix several security issues | | last seen | 2018-09-02 | | modified | 2018-06-29 | | plugin id | 53315 | | published | 2011-04-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=53315 | | title | SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_4_WIRESHARK-110411.NASL | | description | Wireshark was updated to version 1.4.4 to fix several security issues
(CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 76043 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76043 | | title | openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_2_WIRESHARK-110411.NASL | | description | Wireshark was updated to version 1.4.4 to fix several security issues
(CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 53809 | | published | 2011-05-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=53809 | | title | openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2012-71.NASL | | description | Several flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 69678 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69678 | | title | Amazon Linux AMI : wireshark (ALAS-2012-71) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_3_WIRESHARK-110411.NASL | | description | Wireshark was updated to version 1.4.4 to fix several security issues
(CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 75772 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=75772 | | title | openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2011-2648.NASL | | description | Several security bugs were fixed in this release :
- CVE-2011-0538: memory corruption when reading a
malformed pcap file
- CVE-2010-3445: stack overflow in BER dissector
- CVE-2011-1143: NULL pointer dereference causing
application crash when reading malformed pcap file
- CVE-2011-1140: Multiple stack consumption
vulnerabilities caused DoS via crafted SMB or CLDAP
packet
- CVE-2011-1138: Off-by-one error in the
dissect_6lowpan_iphc function causes application crash
(Denial Of Service)
- CVE-2011-1139: Denial Of Service (application crash)
via a pcap-ng file that contains a large packet-length
field
- CVE-2011-0713: heap-based buffer overflow when reading
malformed Nokia DCT3 phone signaling traces
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-20 | | plugin id | 52590 | | published | 2011-03-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52590 | | title | Fedora 15 : wireshark-1.4.4-1.fc15 (2011-2648) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2011-2632.NASL | | description | Several security bugs were fixed in this release :
- CVE-2011-0538: memory corruption when reading a
malformed pcap file
- CVE-2010-3445: stack overflow in BER dissector
- CVE-2011-1143: NULL pointer dereference causing
application crash when reading malformed pcap file
- CVE-2011-1140: Multiple stack consumption
vulnerabilities caused DoS via crafted SMB or CLDAP
packet
- CVE-2011-1141: Malformed LDAP filter string causes
Denial of Service via excessive memory consumption
- CVE-2011-1138: Off-by-one error in the
dissect_6lowpan_iphc function causes application crash
(Denial Of Service)
- CVE-2011-1139: Denial Of Service (application crash)
via a pcap-ng file that contains a large packet-length
field
- CVE-2011-0713: heap-based buffer overflow when reading
malformed Nokia DCT3 phone signaling traces
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 52641 | | published | 2011-03-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52641 | | title | Fedora 14 : wireshark-1.4.4-1.fc14 (2011-2632) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2011-0370.NASL | | description | Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
opened a specially crafted capture file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2010-3445,
CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141,
CVE-2011-1143)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 52757 | | published | 2011-03-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52757 | | title | CentOS 4 / 5 : wireshark (CESA-2011:0370) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20110321_WIRESHARK_ON_SL4_X.NASL | | description | A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
opened a specially crafted capture file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2010-3445,
CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141,
CVE-2011-1143)
All running instances of Wireshark must be restarted for the update to
take effect. | | last seen | 2019-01-16 | | modified | 2018-12-31 | | plugin id | 60991 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=60991 | | title | Scientific Linux Security Update : wireshark on SL4.x, SL5.x i386/x86_64 |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2011-2620.NASL | | description | Several security bugs were fixed in this release :
- CVE-2011-0538: memory corruption when reading a
malformed pcap file
- CVE-2010-3445: stack overflow in BER dissector
- CVE-2011-1143: NULL pointer dereference causing
application crash when reading malformed pcap file
- CVE-2011-1140: Multiple stack consumption
vulnerabilities caused DoS via crafted SMB or CLDAP
packet
- CVE-2011-1141: Malformed LDAP filter string causes
Denial of Service via excessive memory consumption
- CVE-2011-1138: Off-by-one error in the
dissect_6lowpan_iphc function causes application crash
(Denial Of Service)
- CVE-2011-1139: Denial Of Service (application crash)
via a pcap-ng file that contains a large packet-length
field
- CVE-2011-0713: heap-based buffer overflow when reading
malformed Nokia DCT3 phone signaling traces
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 52640 | | published | 2011-03-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52640 | | title | Fedora 13 : wireshark-1.2.15-1.fc13 (2011-2620) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20120423_WIRESHARK_ON_SL6_X.NASL | | description | Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Several flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2011-1143,
CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,
CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,
CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-12-31 | | plugin id | 61303 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=61303 | | title | Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2012-0509.NASL | | description | From Red Hat Security Advisory 2012:0509 :
Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Several flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2011-1143,
CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,
CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,
CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 68516 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68516 | | title | Oracle Linux 6 : wireshark (ELSA-2012-0509) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2011-0370.NASL | | description | From Red Hat Security Advisory 2011:0370 :
Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
opened a specially crafted capture file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2010-3445,
CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141,
CVE-2011-1143)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 68232 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68232 | | title | Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2012-0509.NASL | | description | Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Several flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2011-1143,
CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,
CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,
CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-11-26 | | plugin id | 58841 | | published | 2012-04-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58841 | | title | RHEL 6 : wireshark (RHSA-2012:0509) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2011-044.NASL | | description | This advisory updates wireshark to the latest version (1.2.15), fixing
several security issues :
Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer
during processing of a .pcap file in the pcap-ng format, which allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via a malformed file
(CVE-2011-0538).
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0
through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to
cause a denial of service (application crash) or possibly have
unspecified other impact via a long record in a Nokia DCT3 trace file
(CVE-2011-0713).
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through
1.4.3 allows remote attackers to cause a denial of service
(application crash) via a pcap-ng file that contains a large
packet-length field (CVE-2011-1139).
Multiple stack consumption vulnerabilities in the
dissect_ms_compressed_string and dissect_mscldap_string functions in
Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow
remote attackers to cause a denial of service (infinite recursion) via
a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet
(CVE-2011-1140).
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through
1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a
denial of service (memory consumption) via (1) a long LDAP filter
string or (2) an LDAP filter string containing many elements
(CVE-2011-1141).
Stack consumption vulnerability in the dissect_ber_choice function in
the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through
1.4.4 might allow remote attackers to cause a denial of service
(infinite loop) via vectors involving self-referential ASN.1 CHOICE
values (CVE-2011-1142).
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark
before 1.4.4 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted .pcap
file (CVE-2011-1143).
The updated packages have been upgraded to the latest 1.2.x version
(1.2.15) and patched to correct these issues. | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 52593 | | published | 2011-03-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52593 | | title | Mandriva Linux Security Advisory : wireshark (MDVSA-2011:044) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2012-0509.NASL | | description | Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Several flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2011-1143,
CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,
CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,
CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 58849 | | published | 2012-04-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=58849 | | title | CentOS 6 : wireshark (CESA-2012:0509) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2011-0370.NASL | | description | Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
A heap-based buffer overflow flaw was found in Wireshark. If Wireshark
opened a specially crafted capture file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2010-3445,
CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141,
CVE-2011-1143)
Users of Wireshark should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect. | | last seen | 2019-01-16 | | modified | 2018-11-26 | | plugin id | 52750 | | published | 2011-03-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=52750 | | title | RHEL 4 / 5 : wireshark (RHSA-2011:0370) |
|
