ID CVE-2011-1143
Summary epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
References
Vulnerable Configurations
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
  • Wireshark 0.99.3
    cpe:2.3:a:wireshark:wireshark:0.99.3
  • Wireshark 0.99.4
    cpe:2.3:a:wireshark:wireshark:0.99.4
  • Wireshark 0.99.5
    cpe:2.3:a:wireshark:wireshark:0.99.5
  • Wireshark 0.99.6
    cpe:2.3:a:wireshark:wireshark:0.99.6
  • Wireshark 0.99.7
    cpe:2.3:a:wireshark:wireshark:0.99.7
  • Wireshark 0.99.8
    cpe:2.3:a:wireshark:wireshark:0.99.8
  • Wireshark 1.0.1
    cpe:2.3:a:wireshark:wireshark:1.0.1
  • Wireshark 1.0.5
    cpe:2.3:a:wireshark:wireshark:1.0.5
  • Wireshark 1.0.9
    cpe:2.3:a:wireshark:wireshark:1.0.9
  • Wireshark 1.0.10
    cpe:2.3:a:wireshark:wireshark:1.0.10
  • Wireshark 1.2.13
    cpe:2.3:a:wireshark:wireshark:1.2.13
  • Wireshark 1.2.5
    cpe:2.3:a:wireshark:wireshark:1.2.5
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.0.14
    cpe:2.3:a:wireshark:wireshark:1.0.14
  • Wireshark 1.0.6
    cpe:2.3:a:wireshark:wireshark:1.0.6
  • Wireshark 1.2.10
    cpe:2.3:a:wireshark:wireshark:1.2.10
  • cpe:2.3:a:wireshark:wireshark:1.2
    cpe:2.3:a:wireshark:wireshark:1.2
  • Wireshark 1.0.8
    cpe:2.3:a:wireshark:wireshark:1.0.8
  • Wireshark 1.2.3
    cpe:2.3:a:wireshark:wireshark:1.2.3
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 1.2.4
    cpe:2.3:a:wireshark:wireshark:1.2.4
  • Wireshark 1.2.2
    cpe:2.3:a:wireshark:wireshark:1.2.2
  • Wireshark 1.0.0
    cpe:2.3:a:wireshark:wireshark:1.0.0
  • Wireshark 1.0.12
    cpe:2.3:a:wireshark:wireshark:1.0.12
  • Wireshark 1.0.11
    cpe:2.3:a:wireshark:wireshark:1.0.11
  • Wireshark 1.4.2
    cpe:2.3:a:wireshark:wireshark:1.4.2
  • Wireshark 1.2.7
    cpe:2.3:a:wireshark:wireshark:1.2.7
  • Wireshark 1.4.1
    cpe:2.3:a:wireshark:wireshark:1.4.1
  • Wireshark 1.2.12
    cpe:2.3:a:wireshark:wireshark:1.2.12
  • Wireshark 1.2.6
    cpe:2.3:a:wireshark:wireshark:1.2.6
  • Wireshark 1.4.0
    cpe:2.3:a:wireshark:wireshark:1.4.0
  • Wireshark 1.2.11
    cpe:2.3:a:wireshark:wireshark:1.2.11
  • Wireshark 1.0.7
    cpe:2.3:a:wireshark:wireshark:1.0.7
  • Wireshark 1.2.14
    cpe:2.3:a:wireshark:wireshark:1.2.14
  • Wireshark 1.0.2
    cpe:2.3:a:wireshark:wireshark:1.0.2
  • Wireshark 1.0.3
    cpe:2.3:a:wireshark:wireshark:1.0.3
  • Wireshark 1.0.15
    cpe:2.3:a:wireshark:wireshark:1.0.15
  • Wireshark 1.0.16
    cpe:2.3:a:wireshark:wireshark:1.0.16
  • Wireshark 1.2.15
    cpe:2.3:a:wireshark:wireshark:1.2.15
  • Wireshark 1.2.9
    cpe:2.3:a:wireshark:wireshark:1.2.9
  • Wireshark 1.2.8
    cpe:2.3:a:wireshark:wireshark:1.2.8
  • Wireshark 1.0.13
    cpe:2.3:a:wireshark:wireshark:1.0.13
  • Wireshark 1.0.4
    cpe:2.3:a:wireshark:wireshark:1.0.4
  • Wireshark 1.4.3
    cpe:2.3:a:wireshark:wireshark:1.4.3
CVSS
Base: 4.3 (as of 03-03-2011 - 13:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Wireshark 1.4.3 NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability. CVE-2011-1143. Dos exploit for linux platform
id EDB-ID:35432
last seen 2016-02-04
modified 2011-03-01
published 2011-03-01
reporter Buildbot Builder
source https://www.exploit-db.com/download/35432/
title Wireshark 1.4.3 - NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-110331.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 53315
    published 2011-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53315
    title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_WIRESHARK-110411.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53809
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53809
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-71.NASL
    description Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69678
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69678
    title Amazon Linux AMI : wireshark (ALAS-2012-71)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_WIRESHARK-110411.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75772
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75772
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_WIRESHARK-110411.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues (CVE-2011-1138, CVE-2011-1139, CVE-2011-1140 CVE-2011-1143).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76043
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76043
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0347-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56426
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56426
    title GLSA-201110-02 : Wireshark: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2620.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52640
    published 2011-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52640
    title Fedora 13 : wireshark-1.2.15-1.fc13 (2011-2620)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2632.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52641
    published 2011-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52641
    title Fedora 14 : wireshark-1.4.4-1.fc14 (2011-2632)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0370.NASL
    description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52750
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52750
    title RHEL 4 / 5 : wireshark (RHSA-2011:0370)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-044.NASL
    description This advisory updates wireshark to the latest version (1.2.15), fixing several security issues : Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file (CVE-2011-0538). Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file (CVE-2011-0713). wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field (CVE-2011-1139). Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet (CVE-2011-1140). epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements (CVE-2011-1141). Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values (CVE-2011-1142). epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file (CVE-2011-1143). The updated packages have been upgraded to the latest 1.2.x version (1.2.15) and patched to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52593
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52593
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2011:044)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0509.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58849
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58849
    title CentOS 6 : wireshark (CESA-2012:0509)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0370.NASL
    description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 52757
    published 2011-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52757
    title CentOS 4 / 5 : wireshark (CESA-2011:0370)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0509.NASL
    description From Red Hat Security Advisory 2012:0509 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68516
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68516
    title Oracle Linux 6 : wireshark (ELSA-2012-0509)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2648.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 52590
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52590
    title Fedora 15 : wireshark-1.4.4-1.fc15 (2011-2648)
  • NASL family Windows
    NASL id WIRESHARK_1_4_4.NASL
    description The installed version of Wireshark is 1.0.x or 1.2.x less than 1.2.15 or 1.4.x less than 1.4.4. Such versions are affected by the following vulnerabilities : - The BER dissector may loop indefinitely. (Bug #1516) - A crash can occur in the NTLMSSP dissector. (Bug #5157) - An error exists in the processing of pcap-ng files that causes the application to free an uninitialized pointer. (Bug #5652) - An error exists in the processing of packets having large length in a pcap-ng file. This can result in application crashes. (Bug #5661) - A stack overflow vulnerability exists in the LDAP and SMB dissectors. (Bug #5717) - An error exists in the processing of malformed 6LoWPAN packets. This affects only 32-bit platforms and can result in application crashes. (Bug #5722) - An error exists in the processing of large LDAP filter strings that cause the application to consume excessive amounts of memory. (Bug #5732)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52502
    published 2011-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52502
    title Wireshark < 1.2.15 / 1.4.4 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0370.NASL
    description From Red Hat Security Advisory 2011:0370 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68232
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68232
    title Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110321_WIRESHARK_ON_SL4_X.NASL
    description A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60991
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60991
    title Scientific Linux Security Update : wireshark on SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0509.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58841
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58841
    title RHEL 6 : wireshark (RHSA-2012:0509)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120423_WIRESHARK_ON_SL6_X.NASL
    description Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61303
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61303
    title Scientific Linux Security Update : wireshark on SL6.x i386/x86_64
oval via4
accepted 2013-08-19T04:01:27.808-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
family windows
id oval:org.mitre.oval:def:16209
status accepted
submitted 2013-04-26T11:00:00.748+04:00
title epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file
version 7
redhat via4
advisories
bugzilla
id 681760
title CVE-2011-1143 Wireshark: Null pointer dereference causing application crash when reading malformed pcap file
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment wireshark is earlier than 0:1.0.15-2.el4
          oval oval:com.redhat.rhsa:tst:20110370002
        • comment wireshark is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726003
      • AND
        • comment wireshark-gnome is earlier than 0:1.0.15-2.el4
          oval oval:com.redhat.rhsa:tst:20110370004
        • comment wireshark-gnome is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment wireshark is earlier than 0:1.0.15-1.el5_6.4
          oval oval:com.redhat.rhsa:tst:20110370007
        • comment wireshark is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066011
      • AND
        • comment wireshark-gnome is earlier than 0:1.0.15-1.el5_6.4
          oval oval:com.redhat.rhsa:tst:20110370009
        • comment wireshark-gnome is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066013
rhsa
id RHSA-2011:0370
released 2011-03-21
severity Moderate
title RHSA-2011:0370: wireshark security update (Moderate)
rpms
  • wireshark-0:1.0.15-2.el4
  • wireshark-gnome-0:1.0.15-2.el4
  • wireshark-0:1.0.15-1.el5_6.4
  • wireshark-gnome-0:1.0.15-1.el5_6.4
  • wireshark-0:1.2.15-2.el6_2.1
  • wireshark-devel-0:1.2.15-2.el6_2.1
  • wireshark-gnome-0:1.2.15-2.el6_2.1
refmap via4
bid 46796
cert-vn VU#215900
confirm
fedora
  • FEDORA-2011-2620
  • FEDORA-2011-2632
  • FEDORA-2011-2648
sectrack 1025148
secunia
  • 43759
  • 43821
  • 44169
  • 48947
suse openSUSE-SU-2011:0347
vupen
  • ADV-2011-0626
  • ADV-2011-0719
Last major update 02-11-2013 - 23:11
Published 02-03-2011 - 20:00
Last modified 18-09-2017 - 21:32
Back to Top