ID CVE-2011-2698 Type cve Reporter NVD Modified 2017-09-18T21:33:05
Description
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
{"openvas": [{"lastseen": "2018-09-14T15:43:14", "references": ["http://secunia.com/advisories/45086", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2"], "pluginID": "1361412562310802766", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "edition": 5, "reporter": "This script is Copyright (C) 2012 Greenbone Networks GmbH", "published": "2012-05-02T00:00:00", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2698"], "modified": "2018-09-13T00:00:00", "id": "OPENVAS:1361412562310802766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_ansi_map_dos_vuln_macosx.nasl 11374 2018-09-13 12:45:05Z asteins $\n#\n# Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802766\");\n script_version(\"$Revision: 11374 $\");\n script_cve_id(\"CVE-2011-2698\");\n script_bugtraq_id(49071);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-13 14:45:05 +0200 (Thu, 13 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-02 16:03:18 +0530 (Wed, 02 May 2012)\");\n script_name(\"Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_family(\"Denial of Service\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to crash an affected application,\n denying service to legitimate users.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.6.0\n Wireshark version 1.4.x to 1.4.7 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaw is caused to an infinite loop was found in the way ANSI A interface\n dissector of the Wireshark network traffic analyzer processed certain ANSI A\n MAP capture files. If Wireshark read a malformed packet off a network or\n opened a malicious packet capture file, it could lead to denial of service.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.4.8 or 1.6.1 or later,\n For updates refer to http://www.wireshark.org/download.html\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45086\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2011/07/20/2\");\n script_xref(name:\"URL\", value:\"http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwireVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wireVer){\n exit(0);\n}\n\nif(version_is_equal(version:wireVer, test_version:\"1.6.0\") ||\n version_in_range(version:wireVer, test_version:\"1.4.0\", test_version2:\"1.4.7\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:37", "references": ["http://secunia.com/advisories/45086", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2"], "pluginID": "1361412562310902721", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "edition": 3, "reporter": "Copyright (c) 2011 SecPod", "published": "2011-08-26T00:00:00", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2698"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310902721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_ansi_map_dos_vuln_win.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows attackers to crash an affected application,\n denying service to legitimate users.\n Impact Level: Application.\";\ntag_affected = \"Wireshark version 1.6.0\n Wireshark version 1.4.x through 1.4.7\";\ntag_insight = \"The flaw is caused to an infinite loop was found in the way ANSI A Interface\n dissector of the Wireshark network traffic analyser processed certain ANSI A\n MAP capture files. If Wireshark read a malformed packet off a network or\n opened a malicious packet capture file, it could lead to denial of service.\";\ntag_solution = \"Upgrade to Wireshark version 1.4.8 or 1.6.1 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902721\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-26 14:59:42 +0200 (Fri, 26 Aug 2011)\");\n script_cve_id(\"CVE-2011-2698\");\n script_bugtraq_id(49071);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_family(\"Denial of Service\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45086\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2011/07/20/2\");\n script_xref(name : \"URL\" , value : \"http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwireVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wireVer){\n exit(0);\n}\n\nif(version_is_equal(version:wireVer, test_version:\"1.6.0\") ||\n version_in_range(version:wireVer, test_version:\"1.4.0\", test_version2:\"1.4.7\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:17", "references": ["http://secunia.com/advisories/45086", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2"], "pluginID": "902721", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "edition": 2, "reporter": "Copyright (c) 2011 SecPod", "published": "2011-08-26T00:00:00", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2698"], "modified": "2017-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902721", "id": "OPENVAS:902721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_ansi_map_dos_vuln_win.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows attackers to crash an affected application,\n denying service to legitimate users.\n Impact Level: Application.\";\ntag_affected = \"Wireshark version 1.6.0\n Wireshark version 1.4.x through 1.4.7\";\ntag_insight = \"The flaw is caused to an infinite loop was found in the way ANSI A Interface\n dissector of the Wireshark network traffic analyser processed certain ANSI A\n MAP capture files. If Wireshark read a malformed packet off a network or\n opened a malicious packet capture file, it could lead to denial of service.\";\ntag_solution = \"Upgrade to Wireshark version 1.4.8 or 1.6.1 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(902721);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-26 14:59:42 +0200 (Fri, 26 Aug 2011)\");\n script_cve_id(\"CVE-2011-2698\");\n script_bugtraq_id(49071);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_family(\"Denial of Service\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45086\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2011/07/20/2\");\n script_xref(name : \"URL\" , value : \"http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwireVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wireVer){\n exit(0);\n}\n\nif(version_is_equal(version:wireVer, test_version:\"1.6.0\") ||\n version_in_range(version:wireVer, test_version:\"1.4.0\", test_version2:\"1.4.7\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:51", "references": ["http://secunia.com/advisories/45086", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2"], "pluginID": "802766", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "edition": 1, "reporter": "This script is Copyright (C) 2012 Greenbone Networks GmbH", "published": "2012-05-02T00:00:00", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2698"], "modified": "2017-04-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802766", "id": "OPENVAS:802766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_ansi_map_dos_vuln_macosx.nasl 5988 2017-04-20 09:02:29Z teissa $\n#\n# Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows attackers to crash an affected application,\n denying service to legitimate users.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.6.0\n Wireshark version 1.4.x to 1.4.7 on Mac OS X\";\ntag_insight = \"The flaw is caused to an infinite loop was found in the way ANSI A interface\n dissector of the Wireshark network traffic analyzer processed certain ANSI A\n MAP capture files. If Wireshark read a malformed packet off a network or\n opened a malicious packet capture file, it could lead to denial of service.\";\ntag_solution = \"Upgrade to Wireshark version 1.4.8 or 1.6.1 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(802766);\n script_version(\"$Revision: 5988 $\");\n script_cve_id(\"CVE-2011-2698\");\n script_bugtraq_id(49071);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-20 11:02:29 +0200 (Thu, 20 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-02 16:03:18 +0530 (Wed, 02 May 2012)\");\n script_name(\"Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_family(\"Denial of Service\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45086\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2011/07/20/2\");\n script_xref(name : \"URL\" , value : \"http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nwireVer = \"\";\n\nwireVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wireVer){\n exit(0);\n}\n\nif(version_is_equal(version:wireVer, test_version:\"1.6.0\") ||\n version_in_range(version:wireVer, test_version:\"1.4.0\", test_version2:\"1.4.7\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:27", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html", "2011-9640"], "pluginID": "863402", "description": "Check for the Version of wireshark", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for wireshark FEDORA-2011-9640", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863402", "id": "OPENVAS:863402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-9640\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html\");\n script_id(863402);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9640\");\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-9640\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:02", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html", "2011-9640"], "pluginID": "1361412562310863402", "description": "Check for the Version of wireshark", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "title": "Fedora Update for wireshark FEDORA-2011-9640", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-9640\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863402\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9640\");\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-9640\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:46", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html", "2011-9638"], "pluginID": "863405", "description": "Check for the Version of wireshark", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for wireshark FEDORA-2011-9638", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863405", "id": "OPENVAS:863405", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-9638\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html\");\n script_id(863405);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9638\");\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-9638\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:42", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html", "2011-9638"], "pluginID": "1361412562310863405", "description": "Check for the Version of wireshark", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "title": "Fedora Update for wireshark FEDORA-2011-9638", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863405", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-9638\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863405\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9638\");\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-9638\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:38", "references": ["https://www.redhat.com/archives/rhsa-announce/2013-January/msg00008.html", "2013:0125-01"], "pluginID": "1361412562310870879", "description": "Check for the Version of wireshark", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-11T00:00:00", "title": "RedHat Update for wireshark RHSA-2013:0125-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870879", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2013:0125-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark, previously known as Ethereal, is a network protocol analyzer. It\n is used to capture and browse the traffic running on a computer network.\n\n A heap-based buffer overflow flaw was found in the way Wireshark handled\n Endace ERF (Extensible Record Format) capture files. If Wireshark opened a\n specially-crafted ERF capture file, it could crash or, possibly, execute\n arbitrary code as the user running Wireshark. (CVE-2011-4102)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\n CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\n CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\n The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\n were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\n Team.\n\n This update also fixes the following bugs:\n\n * When Wireshark starts with the X11 protocol being tunneled through an SSH\n connection, it automatically prepares its capture filter to omit the SSH\n packets. If the SSH connection was to a link-local IPv6 address including\n an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\n this address erroneously, constructed an incorrect capture filter and\n refused to capture packets. The "Invalid capture filter" message was\n displayed. With this update, parsing of link-local IPv6 addresses is fixed\n and Wireshark correctly prepares a capture filter to omit SSH packets over\n a link-local IPv6 connection. (BZ#438473)\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870879\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:41:44 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2175\", \"CVE-2011-2698\",\n \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\",\n \"CVE-2012-0067\", \"CVE-2012-4285\", \"CVE-2012-4289\", \"CVE-2012-4290\",\n \"CVE-2012-4291\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0125-01\");\n script_name(\"RedHat Update for wireshark RHSA-2013:0125-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~5.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~5.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~5.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:22", "references": ["http://linux.oracle.com/errata/ELSA-2013-0125.html"], "pluginID": "1361412562310123763", "description": "Oracle Linux Local Security Checks ELSA-2013-0125", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0125", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123763", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2013-0125.nasl 6558 2017-07-06 11:56:55Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123763\");\nscript_version(\"$Revision: 6558 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:08:12 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:56:55 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2013-0125\");\nscript_tag(name: \"insight\", value: \"ELSA-2013-0125 - wireshark security, bug fix, and enhancement update - [1.0.15-5.0.1.el5] - Added oracle-ocfs2-network.patch - increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633] [1.0.15-5] - fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290 (#849521) [1.0.15-4] - fixed NetDump dissector (#484999) [1.0.15-3] - fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 [1.0.15-2] - fixed tshark -s option (#580513) - fixed tshark exit code when dumpcap fails (#580510) - fixed editing of columns in Wireshark preferences (#493693) - added netdump protocol dissector (#484999) - fixed tshark / Wireshark automatic filter when started in ssh connection over IPv6 (#438473)\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2013-0125\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2013-0125.html\");\nscript_cve_id(\"CVE-2011-1958\",\"CVE-2011-1959\",\"CVE-2011-2175\",\"CVE-2011-2698\",\"CVE-2011-4102\",\"CVE-2012-0041\",\"CVE-2012-0042\",\"CVE-2012-0066\",\"CVE-2012-0067\",\"CVE-2012-4285\",\"CVE-2012-4289\",\"CVE-2012-4290\",\"CVE-2012-4291\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~5.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~5.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:48:30", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=723215", "http://www.nessus.org/u?83c115a2", "https://bugzilla.redhat.com/show_bug.cgi?id=719753"], "pluginID": "55807", "description": "Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite loop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2011-08-10T00:00:00", "title": "Fedora 15 : wireshark-1.4.8-1.fc15 (2011-9638)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9638.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55807", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9638.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55807);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:24 $\");\n\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_bugtraq_id(48506, 49071);\n script_xref(name:\"FEDORA\", value:\"2011-9638\");\n\n script_name(english:\"Fedora 15 : wireshark-1.4.8-1.fc15 (2011-9638)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite\nloop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=719753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723215\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83c115a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"wireshark-1.4.8-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:21", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=723215", "https://bugzilla.redhat.com/show_bug.cgi?id=719753", "http://www.nessus.org/u?6500f518"], "pluginID": "55808", "description": "Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite loop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2011-08-10T00:00:00", "title": "Fedora 14 : wireshark-1.4.8-1.fc14 (2011-9640)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9640.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9640.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55808);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_bugtraq_id(48506, 49071);\n script_xref(name:\"FEDORA\", value:\"2011-9640\");\n\n script_name(english:\"Fedora 14 : wireshark-1.4.8-1.fc14 (2011-9640)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite\nloop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=719753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723215\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6500f518\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"wireshark-1.4.8-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:10", "references": ["http://www.wireshark.org/security/wnpa-sec-2011-09.html", "http://www.wireshark.org/security/wnpa-sec-2011-10.html", "http://www.wireshark.org/security/wnpa-sec-2011-11.html"], "pluginID": "55510", "description": "The installed version of Wireshark is earlier than 1.2.18 / 1.4.8 / 1.6.1 and thus is potentially affected by multiple denial of service vulnerabilities:\n\n - An error in the Lucent / Ascend file parser can be exploited by specially crafted packets to cause high CPU usage. (CVE-2011-2597)\n\n - An error in the 'elem_cell_id_list' function of the ANSI MAP dissector can be exploited by a specially crafted MAP packet to cause a denial of service condition. (Issue #6044)", "edition": 5, "reporter": "Tenable", "published": "2011-07-05T00:00:00", "title": "Wireshark < 1.2.18 / 1.4.8 / 1.6.1 Multiple Denial of Service Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_2_18.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55510);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/06 14:03:17\");\n\n script_cve_id(\"CVE-2011-2597\", \"CVE-2011-2698\");\n script_bugtraq_id(48150, 48506, 49071);\n script_xref(name:\"Secunia\", value:\"45086\");\n\n script_name(english:\"Wireshark < 1.2.18 / 1.4.8 / 1.6.1 Multiple Denial of Service Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote host has an application that is affected by multiple \ndenial of service vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Wireshark is earlier than 1.2.18 / 1.4.8 /\n1.6.1 and thus is potentially affected by multiple denial of service \nvulnerabilities:\n\n - An error in the Lucent / Ascend file parser can be \n exploited by specially crafted packets to cause high \n CPU usage. (CVE-2011-2597)\n\n - An error in the 'elem_cell_id_list' function of the \n ANSI MAP dissector can be exploited by a specially \n crafted MAP packet to cause a denial of service \n condition. (Issue #6044)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2011-09.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2011-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2011-11.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Wireshark version 1.2.18 / 1.4.8 / 1.6.1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0, \"The 'SMB/Wireshark/*' KB items are missing.\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install (keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n ver = split(version, sep:\".\", keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (\n # Affects 1.2.0 - 1.2.17\n (ver[0] == 1 && ver[1] == 2 && ver[2] < 18)\n ||\n # Affects 1.4.0 - 1.4.7\n (ver[0] == 1 && ver[1] == 4 && ver[2] < 8)\n ||\n # Affects 1.6.0\n (ver[0] == 1 && ver[1] == 6 && ver[2] == 0)\n ) \n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.2.18 / 1.4.8 / 1.6.1\\n';\n else\n info2 += 'Version '+ version + ', under '+ installs[install] + '. ';\n}\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_warning(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_warning(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:42", "references": ["http://support.novell.com/security/cve/CVE-2011-1958.html", "http://support.novell.com/security/cve/CVE-2011-2698.html", "http://support.novell.com/security/cve/CVE-2011-2174.html", "http://support.novell.com/security/cve/CVE-2011-3483.html", "http://support.novell.com/security/cve/CVE-2011-1957.html", "https://bugzilla.novell.com/show_bug.cgi?id=718032", "http://support.novell.com/security/cve/CVE-2011-3360.html", "http://support.novell.com/security/cve/CVE-2011-2175.html", "http://support.novell.com/security/cve/CVE-2011-2597.html", "https://bugzilla.novell.com/show_bug.cgi?id=697516", "http://support.novell.com/security/cve/CVE-2011-3266.html", "http://support.novell.com/security/cve/CVE-2011-1959.html", "https://bugzilla.novell.com/show_bug.cgi?id=706728"], "pluginID": "57136", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958)", "edition": 4, "reporter": "Tenable", "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "modified": "2013-10-25T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:wireshark"], "id": "SUSE_11_WIRESHARK-111013.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57136", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57136);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:05 $\");\n\n script_cve_id(\"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3483\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter\n dictionary. (CVE-2011-1958)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2597.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2698.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3266.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3360.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5281.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark console.lua Pre-Loading Script Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.4-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.4-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:34", "references": ["http://support.novell.com/security/cve/CVE-2011-1958.html", "http://support.novell.com/security/cve/CVE-2011-2698.html", "http://support.novell.com/security/cve/CVE-2011-2174.html", "http://support.novell.com/security/cve/CVE-2011-3483.html", "http://support.novell.com/security/cve/CVE-2011-1957.html", "http://support.novell.com/security/cve/CVE-2011-3360.html", "http://support.novell.com/security/cve/CVE-2011-2175.html", "http://support.novell.com/security/cve/CVE-2011-2597.html", "http://support.novell.com/security/cve/CVE-2011-3266.html", "http://support.novell.com/security/cve/CVE-2011-1959.html"], "pluginID": "56617", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958)", "edition": 4, "reporter": "Tenable", "published": "2011-10-24T00:00:00", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "modified": "2013-08-16T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-7795.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56617);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2013/08/16 16:01:59 $\");\n\n script_cve_id(\"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3483\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter\n dictionary. (CVE-2011-1958)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2597.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2698.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3266.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3360.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7795.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark console.lua Pre-Loading Script Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-1.4.4-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-devel-1.4.4-0.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:43", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-January/003198.html"], "pluginID": "68696", "description": "From Red Hat Security Advisory 2013:0125 :\n\nUpdated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : wireshark (ELSA-2013-0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:wireshark"], "id": "ORACLELINUX_ELSA-2013-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0125 and \n# Oracle Linux Security Advisory ELSA-2013-0125 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68696);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2175\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-4285\", \"CVE-2012-4289\", \"CVE-2012-4290\", \"CVE-2012-4291\");\n script_bugtraq_id(48066, 49071, 50486, 51368, 51710, 55035);\n script_xref(name:\"RHSA\", value:\"2013:0125\");\n\n script_name(english:\"Oracle Linux 5 : wireshark (ELSA-2013-0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0125 :\n\nUpdated wireshark packages that fix several security issues, three\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer. It is used to capture and browse the traffic running on a\ncomputer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark\nhandled Endace ERF (Extensible Record Format) capture files. If\nWireshark opened a specially crafted ERF capture file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,\nCVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102\nissues were discovered by Huzaifa Sidhpurwala of the Red Hat Security\nResponse Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through\nan SSH connection, it automatically prepares its capture filter to\nomit the SSH packets. If the SSH connection was to a link-local IPv6\naddress including an interface name (for example ssh -X\n[ipv6addr]%eth0), Wireshark parsed this address erroneously,\nconstructed an incorrect capture filter and refused to capture\npackets. The 'Invalid capture filter' message was displayed. With this\nupdate, parsing of link-local IPv6 addresses is fixed and Wireshark\ncorrectly prepares a capture filter to omit SSH packets over a\nlink-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names\nwhen they were selected. With this update, the dialog is fixed and no\nlonger breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly\nanalyze the exit code of Dumpcap, Wireshark's packet capturing back\nend. As a result, TShark returned exit code 0 when Dumpcap failed to\nparse its command-line arguments. In this update, TShark correctly\npropagates the Dumpcap exit code and returns a non-zero exit code when\nDumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for\na value greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the '-s'\noption is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement. All running instances of Wireshark must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003198.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-1.0.15-5.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-1.0.15-5.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:49", "references": ["http://lists.opensuse.org/opensuse-updates/2011-10/msg00016.html", "https://bugzilla.novell.com/show_bug.cgi?id=718032", "https://bugzilla.novell.com/show_bug.cgi?id=697516", "https://bugzilla.novell.com/show_bug.cgi?id=706728"], "pluginID": "76045", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - CVE-2011-3266: Wireshark IKE dissector vulnerability\n\n - CVE-2011-3360: Wireshark Lua script execution vulnerability\n\n - CVE-2011-3483: Wireshark buffer exception handling vulnerability\n\n - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop\n\n - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop\n\n - CVE-2011-1957: Large/infinite loop in the DICOM dissector\n\n - CVE-2011-1959: A corrupted snoop file could crash Wireshark\n\n - CVE-2011-2174: Malformed compressed capture data could crash Wireshark\n\n - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark\n\n - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-debuginfo"], "id": "SUSE_11_4_WIRESHARK-111013.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-5278.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76045);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3483\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)\");\n script_summary(english:\"Check for the wireshark-5278 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of wireshark fixes the following vulnerabilities :\n\n - CVE-2011-3266: Wireshark IKE dissector vulnerability\n\n - CVE-2011-3360: Wireshark Lua script execution\n vulnerability\n\n - CVE-2011-3483: Wireshark buffer exception handling\n vulnerability\n\n - CVE-2011-2597: Lucent/Ascend file parser susceptible to\n infinite loop\n\n - CVE-2011-2698: ANSI MAP dissector susceptible to\n infinite loop\n\n - CVE-2011-1957: Large/infinite loop in the DICOM\n dissector\n\n - CVE-2011-1959: A corrupted snoop file could crash\n Wireshark\n\n - CVE-2011-2174: Malformed compressed capture data could\n crash Wireshark\n\n - CVE-2011-2175: A corrupted Visual Networks file could\n crash Wireshark\n\n - CVE-2011-1958: dereferene a NULL pointer if we had a\n corrupted Diameter dictionary\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-10/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718032\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark console.lua Pre-Loading Script Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-1.4.4-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debuginfo-1.4.4-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debugsource-1.4.4-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-devel-1.4.4-0.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:27", "references": ["http://www.nessus.org/u?326d493e", "http://www.nessus.org/u?d7538797"], "pluginID": "63570", "description": "Updated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ# 580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-01-17T00:00:00", "title": "CentOS 5 : wireshark (CESA-2013:0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:wireshark-gnome"], "id": "CENTOS_RHSA-2013-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0125 and \n# CentOS Errata and Security Advisory 2013:0125 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63570);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2175\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-4285\", \"CVE-2012-4289\", \"CVE-2012-4290\", \"CVE-2012-4291\");\n script_bugtraq_id(48066, 49071, 50486, 51368, 51710, 55035);\n script_xref(name:\"RHSA\", value:\"2013:0125\");\n\n script_name(english:\"CentOS 5 : wireshark (CESA-2013:0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues, three\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer. It is used to capture and browse the traffic running on a\ncomputer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark\nhandled Endace ERF (Extensible Record Format) capture files. If\nWireshark opened a specially crafted ERF capture file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,\nCVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102\nissues were discovered by Huzaifa Sidhpurwala of the Red Hat Security\nResponse Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through\nan SSH connection, it automatically prepares its capture filter to\nomit the SSH packets. If the SSH connection was to a link-local IPv6\naddress including an interface name (for example ssh -X\n[ipv6addr]%eth0), Wireshark parsed this address erroneously,\nconstructed an incorrect capture filter and refused to capture\npackets. The 'Invalid capture filter' message was displayed. With this\nupdate, parsing of link-local IPv6 addresses is fixed and Wireshark\ncorrectly prepares a capture filter to omit SSH packets over a\nlink-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names\nwhen they were selected. With this update, the dialog is fixed and no\nlonger breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly\nanalyze the exit code of Dumpcap, Wireshark's packet capturing back\nend. As a result, TShark returned exit code 0 when Dumpcap failed to\nparse its command-line arguments. In this update, TShark correctly\npropagates the Dumpcap exit code and returns a non-zero exit code when\nDumpcap fails. (BZ# 580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for\na value greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the '-s'\noption is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement. All running instances of Wireshark must be\nrestarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-January/019123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?326d493e\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-January/000457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7538797\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-1.0.15-5.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-1.0.15-5.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-12T09:58:08", "references": ["https://www.redhat.com/security/data/cve/CVE-2011-1958.html", "https://www.redhat.com/security/data/cve/CVE-2012-0067.html", "https://www.redhat.com/security/data/cve/CVE-2012-4291.html", "https://www.redhat.com/security/data/cve/CVE-2011-2698.html", "https://www.redhat.com/security/data/cve/CVE-2011-1959.html", "https://www.redhat.com/security/data/cve/CVE-2012-0041.html", "http://rhn.redhat.com/errata/RHSA-2013-0125.html", "https://www.redhat.com/security/data/cve/CVE-2012-4285.html", "https://www.redhat.com/security/data/cve/CVE-2011-4102.html", "https://www.redhat.com/security/data/cve/CVE-2012-0042.html", "https://www.redhat.com/security/data/cve/CVE-2012-4290.html", "https://www.redhat.com/security/data/cve/CVE-2012-0066.html", "https://www.redhat.com/security/data/cve/CVE-2012-4289.html", "https://www.redhat.com/security/data/cve/CVE-2011-2175.html"], "pluginID": "63408", "description": "Updated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-01-08T00:00:00", "title": "RHEL 5 : wireshark (RHSA-2013:0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2018-09-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo"], "id": "REDHAT-RHSA-2013-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0125. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63408);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2175\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-4285\", \"CVE-2012-4289\", \"CVE-2012-4290\", \"CVE-2012-4291\");\n script_bugtraq_id(48066, 49071, 50486, 51368, 51710, 55035);\n script_xref(name:\"RHSA\", value:\"2013:0125\");\n\n script_name(english:\"RHEL 5 : wireshark (RHSA-2013:0125)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues, three\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer. It is used to capture and browse the traffic running on a\ncomputer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark\nhandled Endace ERF (Extensible Record Format) capture files. If\nWireshark opened a specially crafted ERF capture file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,\nCVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102\nissues were discovered by Huzaifa Sidhpurwala of the Red Hat Security\nResponse Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through\nan SSH connection, it automatically prepares its capture filter to\nomit the SSH packets. If the SSH connection was to a link-local IPv6\naddress including an interface name (for example ssh -X\n[ipv6addr]%eth0), Wireshark parsed this address erroneously,\nconstructed an incorrect capture filter and refused to capture\npackets. The 'Invalid capture filter' message was displayed. With this\nupdate, parsing of link-local IPv6 addresses is fixed and Wireshark\ncorrectly prepares a capture filter to omit SSH packets over a\nlink-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names\nwhen they were selected. With this update, the dialog is fixed and no\nlonger breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly\nanalyze the exit code of Dumpcap, Wireshark's packet capturing back\nend. As a result, TShark returned exit code 0 when Dumpcap failed to\nparse its command-line arguments. In this update, TShark correctly\npropagates the Dumpcap exit code and returns a non-zero exit code when\nDumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for\na value greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the '-s'\noption is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement. All running instances of Wireshark must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0125.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2698.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-0042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4289.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4291.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4290.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0125\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-debuginfo-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-debuginfo-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-1.0.15-5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-5.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:42", "references": ["http://www.nessus.org/u?b497c1fe"], "pluginID": "63606", "description": "A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially- crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThis update also fixes the following bugs :\n\n - When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection.\n\n - Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names.\n\n - Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n\n - Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n\nThis update also adds the following enhancement :\n\n - In this update, support for the 'NetDump' protocol was added.\n\nAll running instances of Wireshark must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-01-17T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2013-01-17T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130108_WIRESHARK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63606);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/01/17 14:07:22 $\");\n\n script_cve_id(\"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2175\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-4285\", \"CVE-2012-4289\", \"CVE-2012-4290\", \"CVE-2012-4291\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way Wireshark\nhandled Endace ERF (Extensible Record Format) capture files. If\nWireshark opened a specially- crafted ERF capture file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,\nCVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThis update also fixes the following bugs :\n\n - When Wireshark starts with the X11 protocol being\n tunneled through an SSH connection, it automatically\n prepares its capture filter to omit the SSH packets. If\n the SSH connection was to a link-local IPv6 address\n including an interface name (for example ssh -X\n [ipv6addr]%eth0), Wireshark parsed this address\n erroneously, constructed an incorrect capture filter and\n refused to capture packets. The 'Invalid capture filter'\n message was displayed. With this update, parsing of\n link-local IPv6 addresses is fixed and Wireshark\n correctly prepares a capture filter to omit SSH packets\n over a link-local IPv6 connection.\n\n - Previously, Wireshark's column editing dialog malformed\n column names when they were selected. With this update,\n the dialog is fixed and no longer breaks column names.\n\n - Previously, TShark, the console packet analyzer, did not\n properly analyze the exit code of Dumpcap, Wireshark's\n packet capturing back end. As a result, TShark returned\n exit code 0 when Dumpcap failed to parse its\n command-line arguments. In this update, TShark correctly\n propagates the Dumpcap exit code and returns a non-zero\n exit code when Dumpcap fails.\n\n - Previously, the TShark '-s' (snapshot length) option\n worked only for a value greater than 68 bytes. If a\n lower value was specified, TShark captured just 68 bytes\n of incoming packets. With this update, the '-s' option\n is fixed and sizes lower than 68 bytes work as expected.\n\nThis update also adds the following enhancement :\n\n - In this update, support for the 'NetDump' protocol was\n added.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=1575\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b497c1fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.15-5.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-debuginfo-1.0.15-5.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.15-5.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-03-09T11:46:07", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0125.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-gnome-1.0.15-5.el5.i386.rpm", "packageName": "wireshark-gnome", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-gnome-1.0.15-5.el5.i386.rpm", "packageName": "wireshark-gnome", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.x86_64.rpm", "packageName": "wireshark", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.x86_64.rpm", "packageName": "wireshark", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.i386.rpm", "packageName": "wireshark", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.i386.rpm", "packageName": "wireshark", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-gnome-1.0.15-5.el5.x86_64.rpm", "packageName": "wireshark-gnome", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-gnome-1.0.15-5.el5.x86_64.rpm", "packageName": "wireshark-gnome", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.src.rpm", "packageName": "wireshark", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageFilename": "wireshark-1.0.15-5.el5.src.rpm", "packageName": "wireshark", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0125\n\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019123.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000457.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0125.html", "edition": 3, "reporter": "CentOS Project", "published": "2013-01-09T19:42:29", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "wireshark security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2013-01-11T13:19:17", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019123.html", "id": "CESA-2013:0125", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:56", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0509.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "any", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0509\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0509.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-04-24T10:27:48", "title": "wireshark security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2012-04-24T10:27:48", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018591.html", "id": "CESA-2012:0509", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:32", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "x86_64", "packageFilename": "wireshark-gnome-1.0.15-5.0.1.el5.x86_64.rpm", "packageName": "wireshark-gnome", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "ia64", "packageFilename": "wireshark-1.0.15-5.0.1.el5.ia64.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "x86_64", "packageFilename": "wireshark-1.0.15-5.0.1.el5.x86_64.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "ia64", "packageFilename": "wireshark-gnome-1.0.15-5.0.1.el5.ia64.rpm", "packageName": "wireshark-gnome", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "src", "packageFilename": "wireshark-1.0.15-5.0.1.el5.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "src", "packageFilename": "wireshark-1.0.15-5.0.1.el5.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "src", "packageFilename": "wireshark-1.0.15-5.0.1.el5.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "i386", "packageFilename": "wireshark-1.0.15-5.0.1.el5.i386.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.0.15-5.0.1.el5", "arch": "i386", "packageFilename": "wireshark-gnome-1.0.15-5.0.1.el5.i386.rpm", "packageName": "wireshark-gnome", "operator": "lt"}], "description": "[1.0.15-5.0.1.el5]\r\n- Added oracle-ocfs2-network.patch\r\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\r\n \n[1.0.15-5]\r\n- fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290\r\n (#849521)\r\n \n[1.0.15-4]\r\n- fixed NetDump dissector (#484999)\r\n \n[1.0.15-3]\r\n- fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066\r\n CVE-2012-0067\r\n \n[1.0.15-2]\r\n- fixed tshark -s option (#580513)\r\n- fixed tshark exit code when dumpcap fails (#580510)\r\n- fixed editing of columns in Wireshark preferences (#493693)\r\n- added netdump protocol dissector (#484999)\r\n- fixed tshark / Wireshark automatic filter when started in ssh connection\r\n over IPv6 (#438473)", "edition": 3, "reporter": "Oracle", "published": "2013-01-11T00:00:00", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "modified": "2013-01-11T00:00:00", "id": "ELSA-2013-0125", "href": "http://linux.oracle.com/errata/ELSA-2013-0125.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:36", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "i686", "packageFilename": "wireshark-1.2.15-2.0.1.el6_2.1.i686.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "i686", "packageFilename": "wireshark-1.2.15-2.0.1.el6_2.1.i686.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "x86_64", "packageFilename": "wireshark-1.2.15-2.0.1.el6_2.1.x86_64.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "x86_64", "packageFilename": "wireshark-devel-1.2.15-2.0.1.el6_2.1.x86_64.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "i686", "packageFilename": "wireshark-devel-1.2.15-2.0.1.el6_2.1.i686.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "i686", "packageFilename": "wireshark-devel-1.2.15-2.0.1.el6_2.1.i686.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "x86_64", "packageFilename": "wireshark-gnome-1.2.15-2.0.1.el6_2.1.x86_64.rpm", "packageName": "wireshark-gnome", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "src", "packageFilename": "wireshark-1.2.15-2.0.1.el6_2.1.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "src", "packageFilename": "wireshark-1.2.15-2.0.1.el6_2.1.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.2.15-2.0.1.el6_2.1", "arch": "i686", "packageFilename": "wireshark-gnome-1.2.15-2.0.1.el6_2.1.i686.rpm", "packageName": "wireshark-gnome", "operator": "lt"}], "description": "[1.2.15-2.0.1.el6_2.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.2.15-2.1]\n- security patches\n- Resolves: CVE-2011-1143\n CVE-2011-1590\n CVE-2011-1957\n CVE-2011-1959\n CVE-2011-2174\n CVE-2011-2175 CVE-2011-1958\n CVE-2011-2597 CVE-2011-2698\n CVE-2011-4102\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\n CVE-2012-0042\n CVE-2012-1595", "edition": 3, "reporter": "Oracle", "published": "2012-04-23T00:00:00", "title": "wireshark security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2012-04-23T00:00:00", "id": "ELSA-2012-0509", "href": "http://linux.oracle.com/errata/ELSA-2012-0509.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:08", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "i686", "packageFilename": "wireshark-gnome-1.8.10-4.0.1.el6.i686.rpm", "packageName": "wireshark-gnome", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "x86_64", "packageFilename": "wireshark-1.8.10-4.0.1.el6.x86_64.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "x86_64", "packageFilename": "wireshark-gnome-1.8.10-4.0.1.el6.x86_64.rpm", "packageName": "wireshark-gnome", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "i686", "packageFilename": "wireshark-devel-1.8.10-4.0.1.el6.i686.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "i686", "packageFilename": "wireshark-devel-1.8.10-4.0.1.el6.i686.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "i686", "packageFilename": "wireshark-1.8.10-4.0.1.el6.i686.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "i686", "packageFilename": "wireshark-1.8.10-4.0.1.el6.i686.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "x86_64", "packageFilename": "wireshark-devel-1.8.10-4.0.1.el6.x86_64.rpm", "packageName": "wireshark-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "src", "packageFilename": "wireshark-1.8.10-4.0.1.el6.src.rpm", "packageName": "wireshark", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.8.10-4.0.1.el6", "arch": "src", "packageFilename": "wireshark-1.8.10-4.0.1.el6.src.rpm", "packageName": "wireshark", "operator": "lt"}], "description": "[1.8.10-4.0.1.el6]\r\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\r\n \n[1.8.10-4]\r\n- fix memory leak when reassemblying a packet\r\n- Related: #711024\r\n \n[1.8.10-3]\r\n- fix config.h conflict\r\n- Related: #711024\r\n \n[1.8.10-2]\r\n- do not configure with setcap-install\r\n- Related: #711024\r\n \n[1.8.10-1]\r\n- upgrade to 1.8.10\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html\r\n- Related: #711024\r\n \n[1.8.8-10]\r\n- fix consolehelper path for dumpcap\r\n- Related: #711024\r\n \n[1.8.8-9]\r\n- fix dumpcap group\r\n- Related: #711024\r\n \n[1.8.8-8]\r\n- fix tshark output streams and formatting for -L, -D\r\n- Resolves: #1004636\r\n \n[1.8.8-7]\r\n- fix double free in wiretap/netmon.c\r\n- Related: #711024\r\n \n[1.8.8-6]\r\n- security patches\r\n- Resolves: CVE-2013-4927\r\n CVE-2013-4931\r\n CVE-2013-4932\r\n CVE-2013-4933\r\n CVE-2013-4934\r\n CVE-2013-4935\r\n CVE-2013-3557\r\n \n[1.8.8-5]\r\n- fix desktop file\r\n- Related: #711024\r\n \n[1.8.8-4]\r\n- fix tap-iostat buffer overflow\r\n- fix dcom string overrun\r\n- fix sctp bytes graph crash\r\n- fix airpcap dialog crash\r\n- Related: #711024\r\n \n[1.8.8-3]\r\n- fix dumpcap privileges to 755\r\n- Related: #711024\r\n \n[1.8.8-2]\r\n- new sources\r\n- Related: #711024\r\n \n[1.8.8-1]\r\n- upgrade to 1.8.8\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\r\n- Resolves: #711024\r\n- Resolves: #858976\r\n- Resolves: #699636\r\n- Resolves: #750712\r\n- Resolves: #832021\r\n- Resolves: #889346\r\n- Resolves: #659661\r\n- Resolves: #715560\r\n \n[1.2.15-3]\r\n- security patches\r\n- Resolves: CVE-2011-1143\r\n CVE-2011-1590\r\n CVE-2011-1957\r\n CVE-2011-1959\r\n CVE-2011-2174\r\n CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2597 CVE-2011-2698\r\n CVE-2011-4102\r\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\r\n CVE-2012-0042\r\n CVE-2012-1595", "edition": 3, "reporter": "Oracle", "published": "2013-11-25T00:00:00", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5598", "CVE-2013-3561", "CVE-2011-2174", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-5595", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2013-4933", "CVE-2012-4288", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-4292", "CVE-2013-4927", "CVE-2012-5599", "CVE-2013-3559", "CVE-2012-6060", "CVE-2013-4932", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-2392", "CVE-2012-6056", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2012-4290", "CVE-2011-1143", "CVE-2012-5600", "CVE-2013-4083", "CVE-2012-6061", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-6062", "CVE-2013-4935", "CVE-2013-4081", "CVE-2013-3557", "CVE-2012-6059", "CVE-2011-1958", "CVE-2013-4934", "CVE-2012-5597", "CVE-2013-5721", "CVE-2012-3825"], "modified": "2013-11-25T00:00:00", "id": "ELSA-2013-1569", "href": "http://linux.oracle.com/errata/ELSA-2013-1569.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:20:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.0.15-5.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.0.15-5.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.0.15-5.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.0.15-5.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.0.15-5.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.0.15-5.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.0.15-5.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark", "packageFilename": "wireshark-1.0.15-5.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.0.15-5.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.0.15-5.el5", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.0.15-5.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Wireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n", "reporter": "RedHat", "published": "2013-01-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0125) Moderate: wireshark security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2175", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-4285", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:15:55", "id": "RHSA-2013:0125", "href": "https://access.redhat.com/errata/RHSA-2013:0125", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-06-06T18:05:58", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "src", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "i686", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "x86_64", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc64", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc64", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc64", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "ppc64", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390x", "packageName": "wireshark-debuginfo", "packageFilename": "wireshark-debuginfo-1.2.15-2.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390x", "packageName": "wireshark-devel", "packageFilename": "wireshark-devel-1.2.15-2.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390x", "packageName": "wireshark-gnome", "packageFilename": "wireshark-gnome-1.2.15-2.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.2.15-2.el6_2.1", "arch": "s390x", "packageName": "wireshark", "packageFilename": "wireshark-1.2.15-2.el6_2.1.s390x.rpm", "operator": "lt"}], "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2012-04-23T04:00:00", "type": "redhat", "title": "(RHSA-2012:0509) Moderate: wireshark security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:26", "id": "RHSA-2012:0509", "href": "https://access.redhat.com/errata/RHSA-2012:0509", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133", "https://bugs.gentoo.org/show_bug.cgi?id=339401", "https://bugs.gentoo.org/show_bug.cgi?id=330479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1956", "https://bugs.gentoo.org/show_bug.cgi?id=369683", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3266", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2992", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4538", "https://bugs.gentoo.org/show_bug.cgi?id=386179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958", "https://bugs.gentoo.org/show_bug.cgi?id=354197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1591", "https://bugs.gentoo.org/show_bug.cgi?id=350551", "https://bugs.gentoo.org/show_bug.cgi?id=383823", "https://bugs.gentoo.org/show_bug.cgi?id=381551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175", "https://bugs.gentoo.org/show_bug.cgi?id=363895", "https://bugs.gentoo.org/show_bug.cgi?id=323859", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138", "https://bugs.gentoo.org/show_bug.cgi?id=373961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2995", "https://bugs.gentoo.org/show_bug.cgi?id=346191", "https://bugs.gentoo.org/show_bug.cgi?id=357237"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-analyzer/wireshark", "operator": "lt"}], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "reporter": "Gentoo Foundation", "published": "2011-10-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "modified": "2011-10-09T00:00:00", "id": "GLSA-201110-02", "href": "https://security.gentoo.org/glsa/201110-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
