ID CVE-2015-2191
Summary Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Mageia 4.0
    cpe:2.3:o:mageia:mageia:4.0
  • Wireshark 1.10.0
    cpe:2.3:a:wireshark:wireshark:1.10.0
  • Wireshark Wireshark 1.10.1
    cpe:2.3:a:wireshark:wireshark:1.10.1
  • Wireshark Wireshark 1.10.2
    cpe:2.3:a:wireshark:wireshark:1.10.2
  • Wireshark 1.10.3
    cpe:2.3:a:wireshark:wireshark:1.10.3
  • Wireshark 1.10.4
    cpe:2.3:a:wireshark:wireshark:1.10.4
  • Wireshark 1.10.5
    cpe:2.3:a:wireshark:wireshark:1.10.5
  • Wireshark 1.10.6
    cpe:2.3:a:wireshark:wireshark:1.10.6
  • Wireshark 1.10.7
    cpe:2.3:a:wireshark:wireshark:1.10.7
  • Wireshark 1.10.8
    cpe:2.3:a:wireshark:wireshark:1.10.8
  • Wireshark 1.10.9
    cpe:2.3:a:wireshark:wireshark:1.10.9
  • Wireshark 1.10.10
    cpe:2.3:a:wireshark:wireshark:1.10.10
  • Wireshark Wireshark 1.10.11
    cpe:2.3:a:wireshark:wireshark:1.10.11
  • Wireshark 1.10.12
    cpe:2.3:a:wireshark:wireshark:1.10.12
  • Wireshark 1.12.0
    cpe:2.3:a:wireshark:wireshark:1.12.0
  • Wireshark 1.12.1
    cpe:2.3:a:wireshark:wireshark:1.12.1
  • Wireshark Wireshark 1.12.2
    cpe:2.3:a:wireshark:wireshark:1.12.2
  • Wireshark 1.12.3
    cpe:2.3:a:wireshark:wireshark:1.12.3
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 5.0 (as of 29-08-2016 - 14:02)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Windows
    NASL id WIRESHARK_1_12_4.NASL
    description The version of Wireshark installed remote Windows host is 1.10.x prior to 1.10.13, or 1.12.x prior to 1.12.4. It is, therefore, affected by denial of service vulnerabilities in the following items : - ATN-CPDLC dissector (CVE-2015-2187) - WCP dissector (CVE-2015-2188) - pcapng file parser (CVE-2015-2189) - LLDP dissector (CVE-2015-2190) - TNEF dissector (CVE-2015-2191) - SCSI OSD dissector (CVE-2015-2192) A remote attacker can exploit these vulnerabilities to cause Wireshark to crash or consume excessive CPU resources, either by injecting a specially crafted packet onto the wire or by convincing a user to read a malformed packet trace or PCAP file. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 81672
    published 2015-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81672
    title Wireshark 1.10.x < 1.10.13 / 1.12.x < 1.12.4 Multiple DoS Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-226.NASL
    description Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13 : - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.1 3.html The following security issues were fixed in 1.12.4 : - The following security issues were fixed : - The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4 .html
    last seen 2019-02-21
    modified 2015-05-24
    plugin id 81869
    published 2015-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81869
    title openSUSE Security Update : wireshark (openSUSE-2015-226)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1460.NASL
    description From Red Hat Security Advisory 2015:1460 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a 'bad scriptlet' error message. With this update, shadow-utils are listed as required in the wireshark packages spec file, and kickstart installation no longer fails. (BZ#1121275) * Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug, and Wireshark now decodes elliptic curves types properly. (BZ#1131203) * Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, 'gtk_combo_box_text_new_with_entry', which was added in gtk version 2.24. With this update, a dependency on gtk2 has been added, and Wireshark now always starts as expected. (BZ#1160388) In addition, this update adds the following enhancements : * With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the '<(command_list)' syntax. When using process substitution with large files as input, Wireshark failed to decode such input. (BZ#1104210) * Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic. (BZ#1146578) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85112
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85112
    title Oracle Linux 6 : wireshark (ELSA-2015-1460)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1460.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a 'bad scriptlet' error message. With this update, shadow-utils are listed as required in the wireshark packages spec file, and kickstart installation no longer fails. (BZ#1121275) * Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug, and Wireshark now decodes elliptic curves types properly. (BZ#1131203) * Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, 'gtk_combo_box_text_new_with_entry', which was added in gtk version 2.24. With this update, a dependency on gtk2 has been added, and Wireshark now always starts as expected. (BZ#1160388) In addition, this update adds the following enhancements : * With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the '<(command_list)' syntax. When using process substitution with large files as input, Wireshark failed to decode such input. (BZ#1104210) * Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic. (BZ#1146578) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84952
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84952
    title RHEL 6 : wireshark (RHSA-2015:1460)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2393.NASL
    description From Red Hat Security Advisory 2015:2393 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87038
    published 2015-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87038
    title Oracle Linux 7 : wireshark (ELSA-2015-2393)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2393.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86988
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86988
    title RHEL 7 : wireshark (RHSA-2015:2393)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-198.NASL
    description The following vulnerabilities were discovered in the Squeeze's Wireshark version : CVE-2015-2188 The WCP dissector could crash CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash CVE-2014-8714 TN5250 infinite loops CVE-2014-8713 NCP crashes CVE-2014-8712 NCP crashes CVE-2014-8711 AMQP crash CVE-2014-8710 SigComp UDVM buffer overflow CVE-2014-6432 Sniffer file parser crash CVE-2014-6431 Sniffer file parser crash CVE-2014-6430 Sniffer file parser crash CVE-2014-6429 Sniffer file parser crash CVE-2014-6428 SES dissector crash CVE-2014-6423 MEGACO dissector infinite loop CVE-2014-6422 RTP dissector crash Since back-porting upstream patches to 1.2.11-6+squeeze15 did not fix all the outstanding issues and some issues are not even tracked publicly the LTS Team decided to sync squeeze-lts's wireshark package with wheezy-security to provide the best possible security support. Note that upgrading Wireshark from 1.2.x to 1.8.x introduces several backward-incompatible changes in package structure, shared library API/ABI, availability of dissectors and in syntax of command line parameters. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 83002
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83002
    title Debian DLA-198-1 : wireshark security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_WIRESHARK_ON_SL7_X.NASL
    description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug : - Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. In addition, this update adds the following enhancement : - Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87578
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87578
    title Scientific Linux Security Update : wireshark on SL7.x x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3210.NASL
    description Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82511
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82511
    title Debian DSA-3210-1 : wireshark - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-580.NASL
    description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714 , CVE-2014-8712 , CVE-2014-8713 , CVE-2014-8711 , CVE-2014-8710 , CVE-2015-0562 , CVE-2015-0564 , CVE-2015-2189 , CVE-2015-2191)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 85453
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85453
    title Amazon Linux AMI : wireshark (ALAS-2015-580)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150722_WIRESHARK_ON_SL6_X.NASL
    description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : - Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. - Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a 'bad scriptlet' error message. With this update, shadow-utils are listed as required in the wireshark packages spec file, and kickstart installation no longer fails. - Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug, and Wireshark now decodes elliptic curves types properly. - Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, 'gtk_combo_box_text_new_with_entry', which was added in gtk version 2.24. With this update, a dependency on gtk2 has been added, and Wireshark now always starts as expected. In addition, this update adds the following enhancements : - With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the '<(command_list)' syntax. When using process substitution with large files as input, Wireshark failed to decode such input. - Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85208
    published 2015-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85208
    title Scientific Linux Security Update : wireshark on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2393.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87156
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87156
    title CentOS 7 : wireshark (CESA-2015:2393)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1460.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs : * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a 'bad scriptlet' error message. With this update, shadow-utils are listed as required in the wireshark packages spec file, and kickstart installation no longer fails. (BZ#1121275) * Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug, and Wireshark now decodes elliptic curves types properly. (BZ#1131203) * Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, 'gtk_combo_box_text_new_with_entry', which was added in gtk version 2.24. With this update, a dependency on gtk2 has been added, and Wireshark now always starts as expected. (BZ#1160388) In addition, this update adds the following enhancements : * With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the '<(command_list)' syntax. When using process substitution with large files as input, Wireshark failed to decode such input. (BZ#1104210) * Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic. (BZ#1146578) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85026
    published 2015-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85026
    title CentOS 6 : wireshark (CESA-2015:1460)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-183.NASL
    description Updated wireshark package fixes security vulnerabilies : The WCP dissector could crash (CVE-2015-2188). The pcapng file parser could crash (CVE-2015-2189). The TNEF dissector could go into an infinite loop (CVE-2015-2191).
    last seen 2019-01-03
    modified 2019-01-02
    plugin id 82458
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82458
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2015:183)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201510-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201510-03 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-10
    plugin id 86688
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86688
    title GLSA-201510-03 : Wireshark: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-150311.NASL
    description Wireshark was updated to version 1.10.13 fixing bugs and security issues : The following security issues have been fixed. - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] Further bug fixes and updated protocol support are listed in : https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html
    last seen 2019-02-21
    modified 2015-05-24
    plugin id 82523
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82523
    title SuSE 11.3 Security Update : wireshark (SAT Patch Number 10444)
redhat via4
advisories
bugzilla
id 1199167
title CVE-2015-2191 wireshark: The TNEF dissector could go into an infinite loop on 32-bit architectures (wnpa-sec-2015-10)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment wireshark is earlier than 0:1.8.10-17.el6
        oval oval:com.redhat.rhsa:tst:20151460007
      • comment wireshark is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100924006
    • AND
      • comment wireshark-devel is earlier than 0:1.8.10-17.el6
        oval oval:com.redhat.rhsa:tst:20151460009
      • comment wireshark-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100924010
    • AND
      • comment wireshark-gnome is earlier than 0:1.8.10-17.el6
        oval oval:com.redhat.rhsa:tst:20151460005
      • comment wireshark-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100924008
rhsa
id RHSA-2015:1460
released 2015-07-22
severity Moderate
title RHSA-2015:1460: wireshark security, bug fix, and enhancement update (Moderate)
rpms
  • wireshark-0:1.8.10-17.el6
  • wireshark-devel-0:1.8.10-17.el6
  • wireshark-gnome-0:1.8.10-17.el6
  • wireshark-0:1.10.14-7.el7
  • wireshark-devel-0:1.10.14-7.el7
  • wireshark-gnome-0:1.10.14-7.el7
refmap via4
bid 72941
confirm
debian DSA-3210
gentoo GLSA-201510-03
mandriva MDVSA-2015:183
sectrack 1031858
suse openSUSE-SU-2015:0489
Last major update 28-11-2016 - 14:19
Published 07-03-2015 - 21:59
Last modified 30-10-2018 - 12:27
Back to Top