ID CVE-2008-1070 Type cve Reporter cve@mitre.org Modified 2018-10-11T20:29:00
Description
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
{"openvas": [{"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-32.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60624", "id": "OPENVAS:60624", "title": "Gentoo Security Advisory GLSA 200803-32 (wireshark)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple Denial of Service vulnerabilities have been discovered in\nWireshark.\";\ntag_solution = \"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.8'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-32\nhttp://bugs.gentoo.org/show_bug.cgi?id=212149\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-32.\";\n\n \n\nif(description)\n{\n script_id(60624);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200803-32 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 0.99.8\"), vulnerable: make_list(\"lt 0.99.8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:16", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830532", "id": "OPENVAS:830532", "title": "Mandriva Update for wireshark MDVSA-2008:057 (wireshark)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:057 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A few vulnerabilities were found in Wireshark, that could cause it\n to crash or consume excessive memory under certain conditions.\n\n This update rovides Wireshark 0.99.8 which is not vulnerable to\n the issues.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00002.php\");\n script_id(830532);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:057\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:057 (wireshark)\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:55", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830532", "id": "OPENVAS:1361412562310830532", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2008:057 (wireshark)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:057 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A few vulnerabilities were found in Wireshark, that could cause it\n to crash or consume excessive memory under certain conditions.\n\n This update rovides Wireshark 0.99.8 which is not vulnerable to\n the issues.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830532\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:057\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:057 (wireshark)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.8~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:12", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860983", "id": "OPENVAS:860983", "title": "Fedora Update for wireshark FEDORA-2008-2941", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2008-2941\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html\");\n script_id(860983);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-2941\");\n script_cve_id(\"CVE-2008-1072\", \"CVE-2008-1563\", \"CVE-2008-1070\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1071\");\n script_name( \"Fedora Update for wireshark FEDORA-2008-2941\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:51", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860593", "id": "OPENVAS:860593", "title": "Fedora Update for wireshark FEDORA-2008-3040", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2008-3040\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html\");\n script_id(860593);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3040\");\n script_cve_id(\"CVE-2008-1072\", \"CVE-2008-1562\", \"CVE-2008-1070\", \"CVE-2008-1563\", \"CVE-2008-1561\", \"CVE-2008-1071\");\n script_name( \"Fedora Update for wireshark FEDORA-2008-3040\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880229", "id": "OPENVAS:880229", "title": "CentOS Update for wireshark CESA-2008:0890 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2008:0890 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in Wireshark. If Wireshark read\n a malformed packet off a network, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2008-3146)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\n CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\n CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n \n Additionally, this update changes the default Pluggable Authentication\n Modules (PAM) configuration to always prompt for the root password before\n each start of Wireshark. This avoids unintentionally running Wireshark with\n root privileges.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.3, and resolve these issues.\";\n\ntag_affected = \"wireshark on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015298.html\");\n script_id(880229);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0890\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_name( \"CentOS Update for wireshark CESA-2008:0890 centos4 x86_64\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~3.el4_7\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~3.el4_7\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:57", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880213", "id": "OPENVAS:1361412562310880213", "title": "CentOS Update for wireshark CESA-2008:0890 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2008:0890 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in Wireshark. If Wireshark read\n a malformed packet off a network, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2008-3146)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\n CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\n CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n \n Additionally, this update changes the default Pluggable Authentication\n Modules (PAM) configuration to always prompt for the root password before\n each start of Wireshark. This avoids unintentionally running Wireshark with\n root privileges.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.3, and resolve these issues.\";\n\ntag_affected = \"wireshark on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015297.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880213\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0890\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_name( \"CentOS Update for wireshark CESA-2008:0890 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~3.el4_7\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~3.el4_7\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:12", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870001", "id": "OPENVAS:1361412562310870001", "title": "RedHat Update for wireshark RHSA-2008:0890-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2008:0890-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in Wireshark. If Wireshark read\n a malformed packet off a network, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2008-3146)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\n CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\n CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n \n Additionally, this update changes the default Pluggable Authentication\n Modules (PAM) configuration to always prompt for the root password before\n each start of Wireshark. This avoids unintentionally running Wireshark with\n root privileges.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.3, and resolve these issues.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870001\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0890-01\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_name( \"RedHat Update for wireshark RHSA-2008:0890-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~4.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.3~4.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~4.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~3.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.3~3.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~3.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~EL3.3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.3~EL3.3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~EL3.3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:25", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880108", "id": "OPENVAS:1361412562310880108", "type": "openvas", "title": "CentOS Update for wireshark CESA-2008:0890 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2008:0890 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in Wireshark. If Wireshark read\n a malformed packet off a network, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2008-3146)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\n CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\n CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n \n Additionally, this update changes the default Pluggable Authentication\n Modules (PAM) configuration to always prompt for the root password before\n each start of Wireshark. This avoids unintentionally running Wireshark with\n root privileges.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.3, and resolve these issues.\";\n\ntag_affected = \"wireshark on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015281.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880108\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0890\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_name( \"CentOS Update for wireshark CESA-2008:0890 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~EL3.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~EL3.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:32", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880181", "id": "OPENVAS:1361412562310880181", "type": "openvas", "title": "CentOS Update for wireshark CESA-2008:0890 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2008:0890 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in Wireshark. If Wireshark read\n a malformed packet off a network, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2008-3146)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\n CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\n CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n \n Additionally, this update changes the default Pluggable Authentication\n Modules (PAM) configuration to always prompt for the root password before\n each start of Wireshark. This avoids unintentionally running Wireshark with\n root privileges.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.3, and resolve these issues.\";\n\ntag_affected = \"wireshark on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015282.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880181\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0890\");\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_name( \"CentOS Update for wireshark CESA-2008:0890 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.3~EL3.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.3~EL3.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-01-01T00:17:57", "bulletinFamily": "scanner", "description": "A few vulnerabilities were found in Wireshark, that could cause it to\ncrash or consume excessive memory under certain conditions.\n\nThis update rovides Wireshark 0.99.8 which is not vulnerable to the\nissues.", "modified": "2020-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2008-057.NASL", "href": "https://www.tenable.com/plugins/nessus/36386", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2008:057)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36386);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:50\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\");\n script_xref(name:\"MDVSA\", value:\"2008:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2008:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A few vulnerabilities were found in Wireshark, that could cause it to\ncrash or consume excessive memory under certain conditions.\n\nThis update rovides Wireshark 0.99.8 which is not vulnerable to the\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2008-01.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.8-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.8-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"tshark-0.99.8-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-0.99.8-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-tools-0.99.8-0.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.8-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libwireshark0-0.99.8-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tshark-0.99.8-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-0.99.8-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-tools-0.99.8-0.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwireshark-devel-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tshark-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"wireshark-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"wireshark-tools-0.99.8-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:47:53", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200803-32\n(Wireshark: Denial of Service)\n\n Multiple unspecified errors exist in the SCTP, SNMP, and TFTP\n dissectors.\n \nImpact :\n\n A remote attacker could cause a Denial of Service by sending a\n malformed packet.\n \nWorkaround :\n\n Disable the SCTP, SNMP, and TFTP dissectors.", "modified": "2020-01-02T00:00:00", "id": "GENTOO_GLSA-200803-32.NASL", "href": "https://www.tenable.com/plugins/nessus/31672", "published": "2008-03-26T00:00:00", "title": "GLSA-200803-32 : Wireshark: Denial of Service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-32.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31672);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\");\n script_bugtraq_id(28025);\n script_xref(name:\"GLSA\", value:\"200803-32\");\n\n script_name(english:\"GLSA-200803-32 : Wireshark: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-32\n(Wireshark: Denial of Service)\n\n Multiple unspecified errors exist in the SCTP, SNMP, and TFTP\n dissectors.\n \nImpact :\n\n A remote attacker could cause a Denial of Service by sending a\n malformed packet.\n \nWorkaround :\n\n Disable the SCTP, SNMP, and TFTP dissectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 0.99.8\"), vulnerable:make_list(\"lt 0.99.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:06:25", "bulletinFamily": "scanner", "description": "Upgrade to 1.0.0 fixes several security flaws (wireshark crashes, see\nBZ references).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2008-3040.NASL", "href": "https://www.tenable.com/plugins/nessus/31829", "published": "2008-04-11T00:00:00", "title": "Fedora 8 : wireshark-1.0.0-1.fc8 (2008-3040)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3040.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31829);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\");\n script_bugtraq_id(28025, 28485);\n script_xref(name:\"FEDORA\", value:\"2008-3040\");\n\n script_name(english:\"Fedora 8 : wireshark-1.0.0-1.fc8 (2008-3040)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 1.0.0 fixes several security flaws (wireshark crashes, see\nBZ references).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009253.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c642d6c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"wireshark-1.0.0-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:06:25", "bulletinFamily": "scanner", "description": "Upgrade to 1.0.0 fixes several security flaws (wireshark crashes, see\nBZ references).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2008-2941.NASL", "href": "https://www.tenable.com/plugins/nessus/31817", "published": "2008-04-11T00:00:00", "title": "Fedora 7 : wireshark-1.0.0-1.fc7 (2008-2941)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2941.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31817);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\");\n script_bugtraq_id(28025, 28485);\n script_xref(name:\"FEDORA\", value:\"2008-2941\");\n\n script_name(english:\"Fedora 7 : wireshark-1.0.0-1.fc7 (2008-2941)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 1.0.0 fixes several security flaws (wireshark crashes, see\nBZ references).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=440015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbc127b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"wireshark-1.0.0-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T01:37:06", "bulletinFamily": "scanner", "description": "Multiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.", "modified": "2020-01-02T00:00:00", "id": "SL_20081001_WIRESHARK_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60479", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60479);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0810&L=scientific-linux-errata&T=0&P=384\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f85c945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-1.0.3-EL3.3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-gnome-1.0.3-EL3.3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"wireshark-1.0.3-3.el4_7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"wireshark-gnome-1.0.3-3.el4_7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.3-4.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T06:41:52", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2008-0890.NASL", "href": "https://www.tenable.com/plugins/nessus/34326", "published": "2008-10-02T00:00:00", "title": "CentOS 3 / 4 / 5 : wireshark (CESA-2008:0890)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0890 and \n# CentOS Errata and Security Advisory 2008:0890 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34326);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_bugtraq_id(28025, 28485, 30020, 30181, 31009);\n script_xref(name:\"RHSA\", value:\"2008:0890\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : wireshark (CESA-2008:0890)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015281.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca1ababf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015282.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dbb3197\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015283.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce4d9856\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3efc196\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015290.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc966927\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61878bf6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eabadb13\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015298.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d42afa4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-1.0.3-EL3.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-gnome-1.0.3-EL3.3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-1.0.3-3.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-1.0.3-3.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-1.0.3-3.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.3-3.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-gnome-1.0.3-3.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.3-3.el4_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-1.0.3-4.el5_2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-1.0.3-4.el5_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:00:58", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0890 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.", "modified": "2020-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2008-0890.NASL", "href": "https://www.tenable.com/plugins/nessus/67748", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2008-0890)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0890 and \n# Oracle Linux Security Advisory ELSA-2008-0890 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67748);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_bugtraq_id(28025, 28485, 30020, 30181, 31009);\n script_xref(name:\"RHSA\", value:\"2008:0890\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2008-0890)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0890 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000747.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000749.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-1.0.3-0.1.EL3.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-1.0.3-0.1.EL3.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.3-0.1.EL3.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.3-0.1.EL3.3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"wireshark-1.0.3-3.0.1.el4_7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"wireshark-gnome-1.0.3-3.0.1.el4_7\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"wireshark-1.0.3-4.0.1.el5_2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-1.0.3-4.0.1.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:13:18", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2008-0890.NASL", "href": "https://www.tenable.com/plugins/nessus/34328", "published": "2008-10-02T00:00:00", "title": "RHEL 3 / 4 / 5 : wireshark (RHSA-2008:0890)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0890. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34328);\n script_version (\"1.32\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-1070\", \"CVE-2008-1071\", \"CVE-2008-1072\", \"CVE-2008-1561\", \"CVE-2008-1562\", \"CVE-2008-1563\", \"CVE-2008-3137\", \"CVE-2008-3138\", \"CVE-2008-3141\", \"CVE-2008-3145\", \"CVE-2008-3146\", \"CVE-2008-3932\", \"CVE-2008-3933\", \"CVE-2008-3934\");\n script_bugtraq_id(28025, 28485, 30020, 30181, 31009);\n script_xref(name:\"RHSA\", value:\"2008:0890\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : wireshark (RHSA-2008:0890)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-1070,\nCVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562,\nCVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141,\nCVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password\nbefore each start of Wireshark. This avoids unintentionally running\nWireshark with root privileges.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.3, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3934\"\n );\n # http://www.wireshark.org/docs/relnotes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/\"\n );\n # http://www.wireshark.org/security/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0890\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0890\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-1.0.3-EL3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-gnome-1.0.3-EL3.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-1.0.3-3.el4_7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-gnome-1.0.3-3.el4_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-1.0.3-4.el5_2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.3-4.el5_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a network protocol analyzer with a graphical front-end. \n\n### Description\n\nMultiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors. \n\n### Impact\n\nA remote attacker could cause a Denial of Service by sending a malformed packet. \n\n### Workaround\n\nDisable the SCTP, SNMP, and TFTP dissectors. \n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-0.99.8\"", "modified": "2008-03-24T00:00:00", "published": "2008-03-24T00:00:00", "id": "GLSA-200803-32", "href": "https://security.gentoo.org/glsa/200803-32", "type": "gentoo", "title": "Wireshark: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "description": "Multiple DoS conditions.", "modified": "2008-03-02T00:00:00", "published": "2008-03-02T00:00:00", "id": "SECURITYVULNS:VULN:8738", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8738", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "rPath Security Advisory: 2008-0092-1\r\nPublished: 2008-02-29\r\nProducts:\r\n rPath Linux 1\r\n\r\nRating: Major\r\nExposure Level Classification:\r\n Indirect User Deterministic Denial of Service\r\nUpdated Versions:\r\n tshark=conary.rpath.com@rpl:1/0.99.8-0.1-1\r\n wireshark=conary.rpath.com@rpl:1/0.99.8-0.1-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-2296\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072\r\n\r\nDescription:\r\n Previous versions of the wireshark package are vulnerable\r\n to multiple types of Denial of Service attacks, including\r\n crashes and excessive memory consumption. It has not been\r\n determined that these vulnerabilities can be exploited to\r\n execute malicious code.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2008-0092\r\n\r\nCopyright 2008 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "modified": "2008-03-02T00:00:00", "published": "2008-03-02T00:00:00", "id": "SECURITYVULNS:DOC:19321", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19321", "title": "rPSA-2008-0092-1 tshark wireshark", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "unix", "description": "[1.0.3-4.0.1.el5_2]\n- Add oracle-ocfs2-network.patch\n[1.0.3-4]\n- fix pam session file, wireshark requires root pswd everytime its started\n[1.0.3-3]\n- fix pie flags\n[1.0.3-1]\n- upgrade to 1.0.3\n- fixes several security issues\n- Resolves: #461569", "modified": "2008-10-01T00:00:00", "published": "2008-10-01T00:00:00", "id": "ELSA-2008-0890", "href": "http://linux.oracle.com/errata/ELSA-2008-0890.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:14", "bulletinFamily": "unix", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark read\na malformed packet off a network, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\nCVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\nCVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password before\neach start of Wireshark. This avoids unintentionally running Wireshark with\nroot privileges.\n\nUsers of wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.3, and resolve these issues.", "modified": "2017-09-08T12:06:02", "published": "2008-10-01T04:00:00", "id": "RHSA-2008:0890", "href": "https://access.redhat.com/errata/RHSA-2008:0890", "type": "redhat", "title": "(RHSA-2008:0890) Moderate: wireshark security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:15", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0890\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark read\na malformed packet off a network, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2008-3146)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,\nCVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,\nCVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)\n\nAdditionally, this update changes the default Pluggable Authentication\nModules (PAM) configuration to always prompt for the root password before\neach start of Wireshark. This avoids unintentionally running Wireshark with\nroot privileges.\n\nUsers of wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.3, and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027319.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027320.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027321.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027322.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027323.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027328.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027329.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027332.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027335.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027336.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0890.html", "modified": "2008-10-04T00:45:23", "published": "2008-10-01T18:17:23", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/027319.html", "id": "CESA-2008:0890", "title": "wireshark security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
