ID CVE-2015-0564 Type cve Reporter cve@mitre.org Modified 2019-12-27T16:08:00
Description
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
{"openvas": [{"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0562", "CVE-2015-0564"], "description": "Multiple vulnerabilities were discovered\nin the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial\nof service.", "modified": "2019-03-18T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310703141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703141", "type": "openvas", "title": "Debian Security Advisory DSA 3141-1 (wireshark - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3141.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3141-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703141\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-0562\", \"CVE-2015-0564\");\n script_name(\"Debian Security Advisory DSA 3141-1 (wireshark - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3141.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy14.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-3.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered\nin the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0562", "CVE-2015-0564"], "description": "Multiple vulnerabilities were discovered\nin the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial\nof service.", "modified": "2017-07-07T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:703141", "href": "http://plugins.openvas.org/nasl.php?oid=703141", "type": "openvas", "title": "Debian Security Advisory DSA 3141-1 (wireshark - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3141.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3141-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703141);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0562\", \"CVE-2015-0564\");\n script_name(\"Debian Security Advisory DSA 3141-1 (wireshark - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-27 00:00:00 +0100 (Tue, 27 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3141.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wireshark on Debian Linux\");\n script_tag(name: \"insight\", value: \"Wireshark is a network 'sniffer' - a\ntool that captures and analyzes packets off the wire. Wireshark can decode too many\nprotocols to list here.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy14.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-3.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered\nin the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial\nof service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "description": "This host is installed with Wireshark\n and is prone to multiple denial-of-service vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-14T00:00:00", "id": "OPENVAS:1361412562310805323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805323", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln01_jan15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Mac OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805323\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0564\", \"CVE-2015-0563\", \"CVE-2015-0562\", \"CVE-2015-0561\",\n \"CVE-2015-0560\", \"CVE-2015-0559\");\n script_bugtraq_id(71922, 71916, 71921, 71917, 71919, 71918);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-14 08:43:33 +0530 (Wed, 14 Jan 2015)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial-of-service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error within the SMTP dissector.\n\n - An error within the DEC DNA Routing Protocol dissector.\n\n - An error within the LPP dissector.\n\n - Two errors within the WCCP dissector.\n\n - An error when decypting TLS/SSL sessions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct multiple denial-of-service attacks.\");\n\n script_tag(name:\"affected\", value:\"Wireshark 1.10.x before 1.10.12 and\n 1.12.x before 1.12.3 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.10.12,\n 1.12.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62020\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-01.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-02.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-03.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-04.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-04.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:wirVer, test_version:\"1.10.0\", test_version2:\"1.10.11\") ||\n version_in_range(version:wirVer, test_version:\"1.12.0\", test_version2:\"1.12.2\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "description": "This host is installed with Wireshark\n and is prone to multiple denial-of-service vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-14T00:00:00", "id": "OPENVAS:1361412562310805322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805322", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln01_jan15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805322\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0564\", \"CVE-2015-0563\", \"CVE-2015-0562\", \"CVE-2015-0561\",\n \"CVE-2015-0560\", \"CVE-2015-0559\");\n script_bugtraq_id(71922, 71916, 71921, 71917, 71919, 71918);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-14 08:43:33 +0530 (Wed, 14 Jan 2015)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial-of-service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error within the SMTP dissector.\n\n - An error within the DEC DNA Routing Protocol dissector.\n\n - An error within the LPP dissector.\n\n - Two errors within the WCCP dissector.\n\n - An error when decypting TLS/SSL sessions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to conduct multiple denial-of-service attacks.\");\n\n script_tag(name:\"affected\", value:\"Wireshark 1.10.x before 1.10.12 and\n 1.12.x before 1.12.3 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.10.12,\n 1.12.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62020\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-01.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-02.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-03.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-04.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-04.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:wirVer, test_version:\"1.10.0\", test_version2:\"1.10.11\") ||\n version_in_range(version:wirVer, test_version:\"1.12.0\", test_version2:\"1.12.2\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871408", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2015:1460-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2015:1460-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871408\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\",\n \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\",\n \"CVE-2015-2191\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:26:28 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for wireshark RHSA-2015:1460-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wireshark, previously known as Ethereal, is a network protocol analyzer,\nwhich is used to capture and browse the traffic running on a computer\nnetwork.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713,\nCVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189,\nCVE-2015-2191)\n\nThis update also fixes the following bugs:\n\n * Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been added\nto Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065)\n\n * Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad scriptlet'\nerror message. With this update, shadow-utils are listed as required in the\nwireshark packages spec file, and kickstart installation no longer fails.\n(BZ#1121275)\n\n * Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client Hello.\nConsequently, Wireshark incorrectly displayed elliptic curves types as\ndata. A patch has been applied to address this bug, and Wireshark now\ndecodes elliptic curves types properly. (BZ#1131203)\n\n * Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to start\nunder certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version 2.24.\nWith this update, a dependency on gtk2 has been added, and Wireshark now\nalways starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements:\n\n * With this update, the Wireshark tool supports process substitution, which\nfeeds the output of a process (or processes) into the standard input of\nanother process using the ' (command_list)' syntax. When using process\nsubstitution with large files as input, Wireshark failed to decode such\ninput. (BZ#1104210)\n\n * Wireshark has been enhanced to enable capturing packets with nanosecond\ntime stamp precision, which allows better analysis of recorded network\ntraffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for the\nupdate to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1460-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00037.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~17.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~17.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~17.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "Oracle Linux Local Security Checks ELSA-2015-1460", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123057", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1460.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123057\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:48 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1460\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1460 - wireshark security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1460\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1460.html\");\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~17.0.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~17.0.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~17.0.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:58:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120505", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-580)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120505\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:01 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-580)\");\n script_tag(name:\"insight\", value:\"Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191 )\");\n script_tag(name:\"solution\", value:\"Run yum update wireshark to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-580.html\");\n script_cve_id(\"CVE-2015-2191\", \"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~17.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~17.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~17.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-3813", "CVE-2015-0563", "CVE-2015-2189", "CVE-2015-6243", "CVE-2015-6246", "CVE-2015-6245", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-3182", "CVE-2015-0564", "CVE-2015-2188", "CVE-2014-8711", "CVE-2015-3810", "CVE-2015-3812", "CVE-2015-6244", "CVE-2015-6248", "CVE-2015-2191", "CVE-2015-3811"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-11-20T00:00:00", "id": "OPENVAS:1361412562310871496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871496", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2015:2393-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2015:2393-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871496\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:23:13 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\",\n \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0563\", \"CVE-2015-0564\",\n \"CVE-2015-2188\", \"CVE-2015-2189\", \"CVE-2015-2191\", \"CVE-2015-3182\",\n \"CVE-2015-3810\", \"CVE-2015-3811\", \"CVE-2015-3812\", \"CVE-2015-3813\",\n \"CVE-2015-6243\", \"CVE-2015-6244\", \"CVE-2015-6245\", \"CVE-2015-6246\",\n \"CVE-2015-6248\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for wireshark RHSA-2015:2393-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wireshark packages contain a network\nprotocol analyzer used to capture and browse the traffic running on a computer\nnetwork.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191,\nCVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710,\nCVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562,\nCVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244,\nCVE-2015-6245, CVE-2015-6246, CVE-2015-6248)\n\nThe CVE-2015-3182 issue was discovered by Martin ember of Red Hat.\n\nThe wireshark packages have been upgraded to upstream version 1.10.14,\nwhich provides a number of bug fixes and enhancements over the previous\nversion. (BZ#1238676)\n\nThis update also fixes the following bug:\n\n * Prior to this update, when using the tshark utility to capture packets\nover the interface, tshark failed to create output files in the .pcap\nformat even if it was specified using the '-F' option. This bug has been\nfixed, the '-F' option is now honored, and the result saved in the .pcap\nformat as expected. (BZ#1227199)\n\nIn addition, this update adds the following enhancement:\n\n * Previously, wireshark included only microseconds in the .pcapng format.\nWith this update, wireshark supports nanosecond time stamp precision to\nallow for more accurate time stamps. (BZ#1213339)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running instances of\nWireshark must be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2393-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.14~7.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.10.14~7.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.10.14~7.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-3813", "CVE-2015-0563", "CVE-2015-2189", "CVE-2015-6243", "CVE-2015-6246", "CVE-2015-6245", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-3182", "CVE-2015-0564", "CVE-2015-2188", "CVE-2014-8711", "CVE-2015-3810", "CVE-2015-3812", "CVE-2015-6244", "CVE-2015-6248", "CVE-2015-2191", "CVE-2015-3811"], "description": "Oracle Linux Local Security Checks ELSA-2015-2393", "modified": "2018-09-28T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310122747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122747", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2393", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2393.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122747\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:22 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2393\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2393 - wireshark security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2393\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2393.html\");\n script_cve_id(\"CVE-2015-0563\", \"CVE-2015-2188\", \"CVE-2015-3182\", \"CVE-2015-3810\", \"CVE-2015-3811\", \"CVE-2015-3812\", \"CVE-2015-3813\", \"CVE-2015-6243\", \"CVE-2015-6244\", \"CVE-2015-6245\", \"CVE-2015-6246\", \"CVE-2015-6248\", \"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.14~7.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.10.14~7.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.10.14~7.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:00:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0562", "CVE-2015-0564"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3141-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2015-0562 CVE-2015-0564\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nSSL/TLS and DEC DNA, which could result in denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy14.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-3.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2015-01-27T11:24:49", "published": "2015-01-27T11:24:49", "id": "DEBIAN:DSA-3141-1:8CB93", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00024.html", "title": "[SECURITY] [DSA 3141-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-6431", "CVE-2014-8712", "CVE-2014-8714", "CVE-2014-6432", "CVE-2015-0562", "CVE-2014-6422", "CVE-2014-8713", "CVE-2015-0564", "CVE-2015-2188", "CVE-2014-6430", "CVE-2014-8711", "CVE-2014-6428", "CVE-2014-6423", "CVE-2015-2191", "CVE-2014-6429"], "description": "Package : wireshark\nVersion : 1.8.2-5wheezy15~deb6u1\nCVE ID : CVE-2015-2191 CVE-2015-2188 CVE-2015-0564 CVE-2015-0562\n CVE-2014-8714 CVE-2014-8713 CVE-2014-8712 CVE-2014-8711\n CVE-2014-8710 CVE-2014-6432 CVE-2014-6431 CVE-2014-6430\n CVE-2014-6429 CVE-2014-6428 CVE-2014-6423 CVE-2014-6422\n\nThe following vulnerabilities were discovered in the Squeeze's Wireshark\nversion:\n\n CVE-2015-2188 The WCP dissector could crash\n CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions\n CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash\n CVE-2014-8714 TN5250 infinite loops\n CVE-2014-8713 NCP crashes\n CVE-2014-8712 NCP crashes\n CVE-2014-8711 AMQP crash\n CVE-2014-8710 SigComp UDVM buffer overflow\n CVE-2014-6432 Sniffer file parser crash\n CVE-2014-6431 Sniffer file parser crash\n CVE-2014-6430 Sniffer file parser crash\n CVE-2014-6429 Sniffer file parser crash\n CVE-2014-6428 SES dissector crash\n CVE-2014-6423 MEGACO dissector infinite loop\n CVE-2014-6422 RTP dissector crash\n\nSince back-porting upstream patches to 1.2.11-6+squeeze15 did not fix\nall the outstanding issues and some issues are not even tracked publicly\nthe LTS Team decided to sync squeeze-lts's wireshark package with\nwheezy-security to provide the best possible security support.\n\nNote that upgrading Wireshark from 1.2.x to 1.8.x introduces\nseveral backward-incompatible changes in package structure, shared\nlibrary API/ABI, availability of dissectors and in syntax of command\nline parameters.\n\n\n\n", "edition": 9, "modified": "2015-04-22T09:45:46", "published": "2015-04-22T09:45:46", "id": "DEBIAN:DLA-198-1:FF28E", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00020.html", "title": "[SECURITY] [DLA 198-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:48:56", "description": "Multiple vulnerabilities were discovered in the dissectors/parsers for\nSSL/TLS and DEC DNA, which could result in denial of service.", "edition": 15, "published": "2015-01-28T00:00:00", "title": "Debian DSA-3141-1 : wireshark - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0562", "CVE-2015-0564"], "modified": "2015-01-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3141.NASL", "href": "https://www.tenable.com/plugins/nessus/81028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3141. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81028);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0562\", \"CVE-2015-0564\");\n script_bugtraq_id(71921, 71922);\n script_xref(name:\"DSA\", value:\"3141\");\n\n script_name(english:\"Debian DSA-3141-1 : wireshark - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the dissectors/parsers for\nSSL/TLS and DEC DNA, which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3141\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy14.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 1.12.1+g01b65bf-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-data\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-dev\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark2\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap-dev\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap2\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil-dev\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil2\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tshark\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-common\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dbg\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dev\", reference:\"1.8.2-5wheezy14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-doc\", reference:\"1.8.2-5wheezy14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:54:52", "description": "Updated wireshark packages fix security vulnerabilities :\n\nThe DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).\n\nThe SMTP dissector could crash (CVE-2015-0563).\n\nWireshark could crash while decypting TLS/SSL sessions\n(CVE-2015-0564).", "edition": 25, "published": "2015-01-13T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2015:022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564"], "modified": "2015-01-13T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:lib64wireshark3", "p-cpe:/a:mandriva:linux:lib64wiretap3", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:lib64wsutil3", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:wireshark-tools", "p-cpe:/a:mandriva:linux:wireshark"], "id": "MANDRIVA_MDVSA-2015-022.NASL", "href": "https://www.tenable.com/plugins/nessus/80468", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:022. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80468);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0562\", \"CVE-2015-0563\", \"CVE-2015-0564\");\n script_bugtraq_id(71916, 71921, 71922);\n script_xref(name:\"MDVSA\", value:\"2015:022\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2015:022)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages fix security vulnerabilities :\n\nThe DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).\n\nThe SMTP dissector could crash (CVE-2015-0563).\n\nWireshark could crash while decypting TLS/SSL sessions\n(CVE-2015-0564).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0019.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wiretap3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wsutil3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"dumpcap-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark3-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wiretap3-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wsutil3-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"rawshark-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tshark-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-1.10.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-tools-1.10.12-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:40", "description": "This update fixes the following security issues :\n\n + The WCCP dissector could crash wnpa-sec-2015-01\n CVE-2015-0559 CVE-2015-0560 [boo#912365]\n\n + The LPP dissector could crash. wnpa-sec-2015-02\n CVE-2015-0561 [boo#912368]\n\n + The DEC DNA Routing Protocol dissector could crash.\n wnpa-sec-2015-03 CVE-2015-0562 [boo#912369]\n\n + The SMTP dissector could crash. wnpa-sec-2015-04\n CVE-2015-0563 [boo#912370]\n\n + Wireshark could crash while decypting TLS/SSL sessions.\n wnpa-sec-2015-05 CVE-2015-0564 [boo#912372]", "edition": 18, "published": "2015-01-26T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2015:0113-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "modified": "2015-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo", "p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "p-cpe:/a:novell:opensuse:wireshark-ui-qt", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo", "p-cpe:/a:novell:opensuse:wireshark-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-52.NASL", "href": "https://www.tenable.com/plugins/nessus/80986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-52.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80986);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0559\", \"CVE-2015-0560\", \"CVE-2015-0561\", \"CVE-2015-0562\", \"CVE-2015-0563\", \"CVE-2015-0564\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2015:0113-1)\");\n script_summary(english:\"Check for the openSUSE-2015-52 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n + The WCCP dissector could crash wnpa-sec-2015-01\n CVE-2015-0559 CVE-2015-0560 [boo#912365]\n\n + The LPP dissector could crash. wnpa-sec-2015-02\n CVE-2015-0561 [boo#912368]\n\n + The DEC DNA Routing Protocol dissector could crash.\n wnpa-sec-2015-03 CVE-2015-0562 [boo#912369]\n\n + The SMTP dissector could crash. wnpa-sec-2015-04\n CVE-2015-0563 [boo#912370]\n\n + Wireshark could crash while decypting TLS/SSL sessions.\n wnpa-sec-2015-05 CVE-2015-0564 [boo#912372]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-1.10.12-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debuginfo-1.10.12-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debugsource-1.10.12-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-devel-1.10.12-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debuginfo-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debugsource-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-devel-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-debuginfo-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-1.12.3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-debuginfo-1.12.3-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T07:45:53", "description": "The remote Windows host has a version of Wireshark installed that is\n1.10.x prior to 1.10.12 or 1.12.x prior to 1.12.3. It is, therefore,\naffected by multiple denial of service vulnerabilities in the\nfollowing dissectors :\n\n - DEC DNA Routing (CVE-2015-0562)\n - LPP (CVE-2015-0561)\n - SMTP (CVE-2015-0563)\n - WCCP (CVE-2015-0559, CVE-2015-0560)\n\n - A denial of service vulnerability also exists related to\n a buffer underflow error in TLS/SSL session decryption.\n (CVE-2015-0564)\n\nA remote attacker, using a specially crafted packet or malformed pcap\nfile, can exploit these to cause the application to crash.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "published": "2015-01-12T00:00:00", "title": "Wireshark 1.10.x < 1.10.12 / 1.12.x < 1.12.3 Multiple DoS Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_12_3.NASL", "href": "https://www.tenable.com/plugins/nessus/80459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80459);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2015-0559\",\n \"CVE-2015-0560\",\n \"CVE-2015-0561\",\n \"CVE-2015-0562\",\n \"CVE-2015-0563\",\n \"CVE-2015-0564\"\n );\n script_bugtraq_id(\n 71916,\n 71917,\n 71918,\n 71919,\n 71921,\n 71922\n );\n\n script_name(english:\"Wireshark 1.10.x < 1.10.12 / 1.12.x < 1.12.3 Multiple DoS Vulnerabilities\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of Wireshark installed that is\n1.10.x prior to 1.10.12 or 1.12.x prior to 1.12.3. It is, therefore,\naffected by multiple denial of service vulnerabilities in the\nfollowing dissectors :\n\n - DEC DNA Routing (CVE-2015-0562)\n - LPP (CVE-2015-0561)\n - SMTP (CVE-2015-0563)\n - WCCP (CVE-2015-0559, CVE-2015-0560)\n\n - A denial of service vulnerability also exists related to\n a buffer underflow error in TLS/SSL session decryption.\n (CVE-2015-0564)\n\nA remote attacker, using a specially crafted packet or malformed pcap\nfile, can exploit these to cause the application to crash.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-03.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-04.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-05.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 1.10.12 / 1.12.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Wireshark\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfixed_version = FALSE;\n\n# Affected :\n# 1.10.x < 1.10.12\n# 1.12.x < 1.12.3\nif (version =~ \"^1\\.10\\.(\\d|1[01])($|[^0-9])\")\n fixed_version = \"1.10.12\";\nelse if (version =~ \"^1\\.12\\.[0-2]($|[^0-9])\")\n fixed_version = \"1.12.3\";\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nif (fixed_version)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:20:32", "description": "wireshark has been updated to version 1.10.12 to fix six security\nissues :\n\n - The WCCP dissector could crash. (bnc#912365).\n (CVE-2015-0559 / CVE-2015-0560)\n\n - The LPP dissector could crash. (bnc#912368).\n (CVE-2015-0561)\n\n - The DEC DNA Routing Protocol dissector could crash.\n (bnc#912369). (CVE-2015-0562)\n\n - The SMTP dissector could crash. (bnc#912370).\n (CVE-2015-0563)\n\n - Wireshark could crash while decypting TLS/SSL sessions\n (bnc#912372) Further bug fixes and updated protocol\n support as listed in:. (CVE-2015-0564)\n\nhttps://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html", "edition": 23, "published": "2015-03-05T00:00:00", "title": "SuSE 11.3 Security Update : wireshark (SAT Patch Number 10279)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "modified": "2015-03-05T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:wireshark"], "id": "SUSE_11_WIRESHARK-150205.NASL", "href": "https://www.tenable.com/plugins/nessus/81642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81642);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0559\", \"CVE-2015-0560\", \"CVE-2015-0561\", \"CVE-2015-0562\", \"CVE-2015-0563\", \"CVE-2015-0564\");\n\n script_name(english:\"SuSE 11.3 Security Update : wireshark (SAT Patch Number 10279)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wireshark has been updated to version 1.10.12 to fix six security\nissues :\n\n - The WCCP dissector could crash. (bnc#912365).\n (CVE-2015-0559 / CVE-2015-0560)\n\n - The LPP dissector could crash. (bnc#912368).\n (CVE-2015-0561)\n\n - The DEC DNA Routing Protocol dissector could crash.\n (bnc#912369). (CVE-2015-0562)\n\n - The SMTP dissector could crash. (bnc#912370).\n (CVE-2015-0563)\n\n - Wireshark could crash while decypting TLS/SSL sessions\n (bnc#912372) Further bug fixes and updated protocol\n support as listed in:. (CVE-2015-0564)\n\nhttps://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0559.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0561.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0562.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0563.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0564.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10279.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"wireshark-1.10.12-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"wireshark-1.10.12-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"wireshark-1.10.12-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:30:17", "description": "Updated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.", "edition": 28, "published": "2015-07-28T00:00:00", "title": "CentOS 6 : wireshark (CESA-2015:1460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "modified": "2015-07-28T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:wireshark-devel", "p-cpe:/a:centos:centos:wireshark-gnome"], "id": "CENTOS_RHSA-2015-1460.NASL", "href": "https://www.tenable.com/plugins/nessus/85026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1460 and \n# CentOS Errata and Security Advisory 2015:1460 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85026);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_bugtraq_id(71069, 71070, 71071, 71072, 71073, 71921, 71922, 72941, 72944);\n script_xref(name:\"RHSA\", value:\"2015:1460\");\n\n script_name(english:\"CentOS 6 : wireshark (CESA-2015:1460)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?667a2d2e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8710\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-1.8.10-17.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-devel-1.8.10-17.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-gnome-1.8.10-17.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-06T13:45:05", "description": "Updated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.", "edition": 29, "published": "2015-07-23T00:00:00", "title": "RHEL 6 : wireshark (RHSA-2015:1460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "modified": "2015-07-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:wireshark-devel", "p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo"], "id": "REDHAT-RHSA-2015-1460.NASL", "href": "https://www.tenable.com/plugins/nessus/84952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1460. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84952);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_bugtraq_id(71069, 71070, 71071, 71072, 71073, 71921, 71922, 72941, 72944);\n script_xref(name:\"RHSA\", value:\"2015:1460\");\n\n script_name(english:\"RHEL 6 : wireshark (RHSA-2015:1460)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2189\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1460\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-1.8.10-17.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-debuginfo-1.8.10-17.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-devel-1.8.10-17.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wireshark-gnome-1.8.10-17.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wireshark-gnome-1.8.10-17.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.8.10-17.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:50:06", "description": "From Red Hat Security Advisory 2015:1460 :\n\nUpdated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.", "edition": 25, "published": "2015-07-30T00:00:00", "title": "Oracle Linux 6 : wireshark (ELSA-2015-1460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "modified": "2015-07-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:wireshark-gnome", "p-cpe:/a:oracle:linux:wireshark", "p-cpe:/a:oracle:linux:wireshark-devel"], "id": "ORACLELINUX_ELSA-2015-1460.NASL", "href": "https://www.tenable.com/plugins/nessus/85112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1460 and \n# Oracle Linux Security Advisory ELSA-2015-1460 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85112);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_bugtraq_id(71069, 71070, 71071, 71072, 71073, 71921, 71922, 72941, 72944);\n script_xref(name:\"RHSA\", value:\"2015:1460\");\n\n script_name(english:\"Oracle Linux 6 : wireshark (ELSA-2015-1460)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1460 :\n\nUpdated wireshark packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol\nanalyzer, which is used to capture and browse the traffic running on a\ncomputer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been\nadded to Wireshark, and AES-GCM is now correctly decrypted.\n(BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a 'bad\nscriptlet' error message. With this update, shadow-utils are listed as\nrequired in the wireshark packages spec file, and kickstart\ninstallation no longer fails. (BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client\nHello. Consequently, Wireshark incorrectly displayed elliptic curves\ntypes as data. A patch has been applied to address this bug, and\nWireshark now decodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to\nstart under certain circumstances due to an unresolved symbol,\n'gtk_combo_box_text_new_with_entry', which was added in gtk version\n2.24. With this update, a dependency on gtk2 has been added, and\nWireshark now always starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the Wireshark tool supports process substitution,\nwhich feeds the output of a process (or processes) into the standard\ninput of another process using the '<(command_list)' syntax. When\nusing process substitution with large files as input, Wireshark failed\nto decode such input. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with\nnanosecond time stamp precision, which allows better analysis of\nrecorded network traffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for\nthe update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005243.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-1.8.10-17.0.2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-devel-1.8.10-17.0.2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-gnome-1.8.10-17.0.2.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:54", "description": "Several denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n - Previously, the Wireshark tool did not support Advanced\n Encryption Standard Galois/Counter Mode (AES-GCM)\n cryptographic algorithm. As a consequence, AES-GCM was\n not decrypted. Support for AES-GCM has been added to\n Wireshark, and AES-GCM is now correctly decrypted.\n\n - Previously, when installing the system using the\n kickstart method, a dependency on the shadow-utils\n packages was missing from the wireshark packages, which\n could cause the installation to fail with a 'bad\n scriptlet' error message. With this update, shadow-utils\n are listed as required in the wireshark packages spec\n file, and kickstart installation no longer fails.\n\n - Prior to this update, the Wireshark tool could not\n decode types of elliptic curves in Datagram Transport\n Layer Security (DTLS) Client Hello. Consequently,\n Wireshark incorrectly displayed elliptic curves types as\n data. A patch has been applied to address this bug, and\n Wireshark now decodes elliptic curves types properly.\n\n - Previously, a dependency on the gtk2 packages was\n missing from the wireshark packages. As a consequence,\n the Wireshark tool failed to start under certain\n circumstances due to an unresolved symbol,\n 'gtk_combo_box_text_new_with_entry', which was added in\n gtk version 2.24. With this update, a dependency on gtk2\n has been added, and Wireshark now always starts as\n expected.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the Wireshark tool supports process\n substitution, which feeds the output of a process (or\n processes) into the standard input of another process\n using the '<(command_list)' syntax. When using process\n substitution with large files as input, Wireshark failed\n to decode such input.\n\n - Wireshark has been enhanced to enable capturing packets\n with nanosecond time stamp precision, which allows\n better analysis of recorded network traffic.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 15, "published": "2015-08-04T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20150722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "modified": "2015-08-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:wireshark-gnome", "p-cpe:/a:fermilab:scientific_linux:wireshark", "p-cpe:/a:fermilab:scientific_linux:wireshark-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:wireshark-devel"], "id": "SL_20150722_WIRESHARK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85208);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714,\nCVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710,\nCVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191)\n\nThis update also fixes the following bugs :\n\n - Previously, the Wireshark tool did not support Advanced\n Encryption Standard Galois/Counter Mode (AES-GCM)\n cryptographic algorithm. As a consequence, AES-GCM was\n not decrypted. Support for AES-GCM has been added to\n Wireshark, and AES-GCM is now correctly decrypted.\n\n - Previously, when installing the system using the\n kickstart method, a dependency on the shadow-utils\n packages was missing from the wireshark packages, which\n could cause the installation to fail with a 'bad\n scriptlet' error message. With this update, shadow-utils\n are listed as required in the wireshark packages spec\n file, and kickstart installation no longer fails.\n\n - Prior to this update, the Wireshark tool could not\n decode types of elliptic curves in Datagram Transport\n Layer Security (DTLS) Client Hello. Consequently,\n Wireshark incorrectly displayed elliptic curves types as\n data. A patch has been applied to address this bug, and\n Wireshark now decodes elliptic curves types properly.\n\n - Previously, a dependency on the gtk2 packages was\n missing from the wireshark packages. As a consequence,\n the Wireshark tool failed to start under certain\n circumstances due to an unresolved symbol,\n 'gtk_combo_box_text_new_with_entry', which was added in\n gtk version 2.24. With this update, a dependency on gtk2\n has been added, and Wireshark now always starts as\n expected.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the Wireshark tool supports process\n substitution, which feeds the output of a process (or\n processes) into the standard input of another process\n using the '<(command_list)' syntax. When using process\n substitution with large files as input, Wireshark failed\n to decode such input.\n\n - Wireshark has been enhanced to enable capturing packets\n with nanosecond time stamp precision, which allows\n better analysis of recorded network traffic.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=4657\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36c0f664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-1.8.10-17.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-debuginfo-1.8.10-17.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-devel-1.8.10-17.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-gnome-1.8.10-17.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T01:23:40", "description": "Several denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714 ,\nCVE-2014-8712 , CVE-2014-8713 , CVE-2014-8711 , CVE-2014-8710 ,\nCVE-2015-0562 , CVE-2015-0564 , CVE-2015-2189 , CVE-2015-2191)", "edition": 26, "published": "2015-08-18T00:00:00", "title": "Amazon Linux AMI : wireshark (ALAS-2015-580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:wireshark", "p-cpe:/a:amazon:linux:wireshark-debuginfo", "p-cpe:/a:amazon:linux:wireshark-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-580.NASL", "href": "https://www.tenable.com/plugins/nessus/85453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-580.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85453);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-8710\", \"CVE-2014-8711\", \"CVE-2014-8712\", \"CVE-2014-8713\", \"CVE-2014-8714\", \"CVE-2015-0562\", \"CVE-2015-0564\", \"CVE-2015-2189\", \"CVE-2015-2191\");\n script_xref(name:\"ALAS\", value:\"2015-580\");\n script_xref(name:\"RHSA\", value:\"2015:1460\");\n\n script_name(english:\"Amazon Linux AMI : wireshark (ALAS-2015-580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-8714 ,\nCVE-2014-8712 , CVE-2014-8713 , CVE-2014-8711 , CVE-2014-8710 ,\nCVE-2015-0562 , CVE-2015-0564 , CVE-2015-2189 , CVE-2015-2191)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-580.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update wireshark' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-1.8.10-17.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-debuginfo-1.8.10-17.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-devel-1.8.10-17.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:022\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : January 12, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated wireshark packages fix security vulnerabilities:\r\n \r\n The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).\r\n \r\n The SMTP dissector could crash (CVE-2015-0563).\r\n \r\n Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564\r\n http://advisories.mageia.org/MGASA-2015-0019.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 474d317ca4b029019926afd145a6794a mbs1/x86_64/dumpcap-1.10.12-1.mbs1.x86_64.rpm\r\n 59153145445de5bd38d69de04052cfdd mbs1/x86_64/lib64wireshark3-1.10.12-1.mbs1.x86_64.rpm\r\n 19f2130070276ee9c93c4e165c8e214e mbs1/x86_64/lib64wireshark-devel-1.10.12-1.mbs1.x86_64.rpm\r\n b8f96dcb067b528efb64b97f7810fdab mbs1/x86_64/lib64wiretap3-1.10.12-1.mbs1.x86_64.rpm\r\n 34b551f8da6393b7ac83553d16ef4d95 mbs1/x86_64/lib64wsutil3-1.10.12-1.mbs1.x86_64.rpm\r\n 7cf1f42cb8ced49f973f1b4601f71b6b mbs1/x86_64/rawshark-1.10.12-1.mbs1.x86_64.rpm\r\n c86b593e57d09516678c045494fcbf32 mbs1/x86_64/tshark-1.10.12-1.mbs1.x86_64.rpm\r\n 820c11480eed44c94c51aff4b1bdb169 mbs1/x86_64/wireshark-1.10.12-1.mbs1.x86_64.rpm\r\n 501baf2415a78d245fc01050f52b7f2e mbs1/x86_64/wireshark-tools-1.10.12-1.mbs1.x86_64.rpm \r\n 014f8255b6a72f1902cc8da7b8a3fd7b mbs1/SRPMS/wireshark-1.10.12-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUs7E2mqjQ0CJFipgRAiABAJ4ykqdbsm+nbTH5o7fo3F6y9lyfswCgonA6\r\n7zrJmeGT4jAnhd8hMJgX4Kg=\r\n=Jsml\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "SECURITYVULNS:DOC:31594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31594", "title": "[ MDVSA-2015:022 ] wireshark", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564"], "description": "Memory corruptions in multiple protocols dessectors.", "edition": 1, "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "SECURITYVULNS:VULN:14195", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14195", "title": "wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:54:14", "bulletinFamily": "info", "cvelist": ["CVE-2015-0560", "CVE-2015-0563", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-0559", "CVE-2015-0561"], "description": "### *Detect date*:\n01/07/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. These vulnerabilities can be exploited via a specially designed packet.\n\n### *Affected products*:\nWireshark 1.12 versions earlier than 1.12.3 \nWireshark 1.10 versions earlier than 1.10.12\n\n### *Solution*:\nUpdate to latest version \n[Get Wireshark](<https://www.wireshark.org/download.html>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Wireshark](<https://threats.kaspersky.com/en/product/Wireshark/>)\n\n### *CVE-IDS*:\n[CVE-2015-0564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564>)5.0Critical \n[CVE-2015-0563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563>)5.0Critical \n[CVE-2015-0560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0560>)5.0Critical \n[CVE-2015-0559](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0559>)5.0Critical \n[CVE-2015-0562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562>)5.0Critical \n[CVE-2015-0561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0561>)5.0Critical", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2015-01-07T00:00:00", "id": "KLA10453", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10453", "title": "\r KLA10453Multiple vulnerabilities in Wireshark ", "type": "kaspersky", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "[1.8.10-17.0.2]\n- Fix ocfs2 dissector (John Haxby) [orabug 21505640]\n[1.8.10-17.0.1.el6]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.8.10-17]\n- security patches\n- Resolves: CVE-2015-2189\n CVE-2015-2191\n[1.8.10-16]\n- security patches\n- Resolves: CVE-2014-8710\n CVE-2014-8711\n CVE-2014-8712\n CVE-2014-8713\n CVE-2014-8714\n CVE-2015-0562\n CVE-2015-0564\n[1.8.10-15]\n- fix AES-GCM decoding\n- Related: rhbz#1095065\n[1.8.10-14]\n- fix requires: shadow-utils\n- Resolves: rhbz#1121275\n[1.8.10-13]\n- add elliptic curves decoding in DTLS HELLO\n- Resolves: rhbz#1131203\n[1.8.10-12]\n- add AES-GCM decryption\n- Resolves: rhbz#1095065\n[1.8.10-11]\n- fix reading from pipes\n- Resolves: rhbz#1104210\n[1.8.10-10]\n- introduced nanosecond time precision\n- Resolves: rhbz#1146578\n[1.8.10-9]\n- fix gtk2 required version\n- Resolves: rhbz#1160388", "edition": 4, "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1460", "href": "http://linux.oracle.com/errata/ELSA-2015-1460.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-3813", "CVE-2015-0563", "CVE-2015-2189", "CVE-2015-6243", "CVE-2015-6246", "CVE-2015-6245", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-3182", "CVE-2015-0564", "CVE-2015-2188", "CVE-2014-8711", "CVE-2015-3810", "CVE-2015-3812", "CVE-2015-6244", "CVE-2015-6248", "CVE-2015-2191", "CVE-2015-3811"], "description": "[1.10.14-7.0.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.10.14-7]\n- Rebase some tvbuff API from upstream to 1.10.14\n- Fixes crash when tvb_length_remaining() is used\n- Related: CVE-2015-6244\n[1.10.14-6]\n- Security patch\n- Resolves: CVE-2015-3182\n[1.10.14-5]\n- Fix crash caused by -DGDK_PIXBUF_DEPRECATED on startup\n- Resolves: rhbz#1267959\n[1.10.14-4]\n- Security patches\n- Resolves: CVE-2015-6243\n CVE-2015-6244\n CVE-2015-6245\n CVE-2015-6246\n CVE-2015-6248\n[1.10.14-3]\n- Security patches\n- Resolves: CVE-2015-3810\n CVE-2015-3813\n[1.10.14-2]\n- Add certificate verify message decoding in TLS extension\n- Resolves: #1239150\n[1.10.14-1]\n- Upgrade to 1.10.14\n- Resolves: #1238676\n[1.10.3-20]\n- add master secret extension decoding in TLS extension\n- add encrypt-then-mac extension decoding in TLS extension\n- Resolves: #1222901\n[1.10.3-19]\n- create pcap file if -F pcap specified\n- Resolves: #1227199\n[1.10.3-18]\n- add key exchange algorithms decoding in TLS extension\n- Resolves: #1222600\n[1.10.3-17]\n- add signature algorithms decoding in TLS extension\n- Resolves: #1221701\n[1.10.3-16]\n- add relro check\n- Resolves: #1092532\n[1.10.3-15]\n- add elliptic curves decoding in DTLS HELLO\n- Resolves: #1131202\n[1.10.3-14]\n- introduced nanosecond time precision\n- Resolves: #1213339\n[1.10.3-13]\n- security patches\n- Resolves: #1148267", "edition": 4, "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2393", "href": "http://linux.oracle.com/errata/ELSA-2015-2393.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "**Issue Overview:**\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. ([CVE-2014-8714 __](<https://access.redhat.com/security/cve/CVE-2014-8714>), [CVE-2014-8712 __](<https://access.redhat.com/security/cve/CVE-2014-8712>), [CVE-2014-8713 __](<https://access.redhat.com/security/cve/CVE-2014-8713>), [CVE-2014-8711 __](<https://access.redhat.com/security/cve/CVE-2014-8711>), [CVE-2014-8710 __](<https://access.redhat.com/security/cve/CVE-2014-8710>), [CVE-2015-0562 __](<https://access.redhat.com/security/cve/CVE-2015-0562>), [CVE-2015-0564 __](<https://access.redhat.com/security/cve/CVE-2015-0564>), [CVE-2015-2189 __](<https://access.redhat.com/security/cve/CVE-2015-2189>), [CVE-2015-2191 __](<https://access.redhat.com/security/cve/CVE-2015-2191>))\n\n \n**Affected Packages:** \n\n\nwireshark\n\n \n**Issue Correction:** \nRun _yum update wireshark_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n wireshark-debuginfo-1.8.10-17.19.amzn1.i686 \n wireshark-1.8.10-17.19.amzn1.i686 \n wireshark-devel-1.8.10-17.19.amzn1.i686 \n \n src: \n wireshark-1.8.10-17.19.amzn1.src \n \n x86_64: \n wireshark-debuginfo-1.8.10-17.19.amzn1.x86_64 \n wireshark-1.8.10-17.19.amzn1.x86_64 \n wireshark-devel-1.8.10-17.19.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2015-08-17T12:29:00", "published": "2015-08-17T12:29:00", "id": "ALAS-2015-580", "href": "https://alas.aws.amazon.com/ALAS-2015-580.html", "title": "Medium: wireshark", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-2189", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-0564", "CVE-2014-8711", "CVE-2015-2191"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1460\n\n\nWireshark, previously known as Ethereal, is a network protocol analyzer,\nwhich is used to capture and browse the traffic running on a computer\nnetwork.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713,\nCVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189,\nCVE-2015-2191)\n\nThis update also fixes the following bugs:\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been added\nto Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a \"bad scriptlet\"\nerror message. With this update, shadow-utils are listed as required in the\nwireshark packages spec file, and kickstart installation no longer fails.\n(BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client Hello.\nConsequently, Wireshark incorrectly displayed elliptic curves types as\ndata. A patch has been applied to address this bug, and Wireshark now\ndecodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to start\nunder certain circumstances due to an unresolved symbol,\n\"gtk_combo_box_text_new_with_entry\", which was added in gtk version 2.24.\nWith this update, a dependency on gtk2 has been added, and Wireshark now\nalways starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the Wireshark tool supports process substitution, which\nfeeds the output of a process (or processes) into the standard input of\nanother process using the \"<(command_list)\" syntax. When using process\nsubstitution with large files as input, Wireshark failed to decode such\ninput. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with nanosecond\ntime stamp precision, which allows better analysis of recorded network\ntraffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/008224.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1460.html", "edition": 3, "modified": "2015-07-26T14:12:34", "published": "2015-07-26T14:12:34", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/008224.html", "id": "CESA-2015:1460", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:24:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8712", "CVE-2014-8714", "CVE-2015-3813", "CVE-2015-0563", "CVE-2015-2189", "CVE-2015-6243", "CVE-2015-6246", "CVE-2015-6245", "CVE-2015-0562", "CVE-2014-8713", "CVE-2015-3182", "CVE-2015-0564", "CVE-2015-2188", "CVE-2014-8711", "CVE-2015-3810", "CVE-2015-3812", "CVE-2015-6244", "CVE-2015-6248", "CVE-2015-2191", "CVE-2015-3811"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2393\n\n\nThe wireshark packages contain a network protocol analyzer used to capture\nand browse the traffic running on a computer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191,\nCVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710,\nCVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562,\nCVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244,\nCVE-2015-6245, CVE-2015-6246, CVE-2015-6248)\n\nThe CVE-2015-3182 issue was discovered by Martin \u017dember of Red Hat.\n\nThe wireshark packages have been upgraded to upstream version 1.10.14,\nwhich provides a number of bug fixes and enhancements over the previous\nversion. (BZ#1238676)\n\nThis update also fixes the following bug:\n\n* Prior to this update, when using the tshark utility to capture packets\nover the interface, tshark failed to create output files in the .pcap\nformat even if it was specified using the \"-F\" option. This bug has been\nfixed, the \"-F\" option is now honored, and the result saved in the .pcap\nformat as expected. (BZ#1227199)\n\nIn addition, this update adds the following enhancement:\n\n* Previously, wireshark included only microseconds in the .pcapng format.\nWith this update, wireshark supports nanosecond time stamp precision to\nallow for more accurate time stamps. (BZ#1213339)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running instances of\nWireshark must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/008875.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2393.html", "edition": 3, "modified": "2015-11-30T19:55:40", "published": "2015-11-30T19:55:40", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008875.html", "id": "CESA-2015:2393", "title": "wireshark security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8711", "CVE-2014-8712", "CVE-2014-8713", "CVE-2014-8714", "CVE-2015-0562", "CVE-2015-0564", "CVE-2015-2189", "CVE-2015-2191"], "description": "Wireshark, previously known as Ethereal, is a network protocol analyzer,\nwhich is used to capture and browse the traffic running on a computer\nnetwork.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713,\nCVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189,\nCVE-2015-2191)\n\nThis update also fixes the following bugs:\n\n* Previously, the Wireshark tool did not support Advanced Encryption\nStandard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a\nconsequence, AES-GCM was not decrypted. Support for AES-GCM has been added\nto Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065)\n\n* Previously, when installing the system using the kickstart method, a\ndependency on the shadow-utils packages was missing from the wireshark\npackages, which could cause the installation to fail with a \"bad scriptlet\"\nerror message. With this update, shadow-utils are listed as required in the\nwireshark packages spec file, and kickstart installation no longer fails.\n(BZ#1121275)\n\n* Prior to this update, the Wireshark tool could not decode types of\nelliptic curves in Datagram Transport Layer Security (DTLS) Client Hello.\nConsequently, Wireshark incorrectly displayed elliptic curves types as\ndata. A patch has been applied to address this bug, and Wireshark now\ndecodes elliptic curves types properly. (BZ#1131203)\n\n* Previously, a dependency on the gtk2 packages was missing from the\nwireshark packages. As a consequence, the Wireshark tool failed to start\nunder certain circumstances due to an unresolved symbol,\n\"gtk_combo_box_text_new_with_entry\", which was added in gtk version 2.24.\nWith this update, a dependency on gtk2 has been added, and Wireshark now\nalways starts as expected. (BZ#1160388)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the Wireshark tool supports process substitution, which\nfeeds the output of a process (or processes) into the standard input of\nanother process using the \"<(command_list)\" syntax. When using process\nsubstitution with large files as input, Wireshark failed to decode such\ninput. (BZ#1104210)\n\n* Wireshark has been enhanced to enable capturing packets with nanosecond\ntime stamp precision, which allows better analysis of recorded network\ntraffic. (BZ#1146578)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-06T20:24:32", "published": "2015-07-22T04:00:00", "id": "RHSA-2015:1460", "href": "https://access.redhat.com/errata/RHSA-2015:1460", "type": "redhat", "title": "(RHSA-2015:1460) Moderate: wireshark security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8710", "CVE-2014-8711", "CVE-2014-8712", "CVE-2014-8713", "CVE-2014-8714", "CVE-2015-0562", "CVE-2015-0563", "CVE-2015-0564", "CVE-2015-2188", "CVE-2015-2189", "CVE-2015-2191", "CVE-2015-3182", "CVE-2015-3810", "CVE-2015-3811", "CVE-2015-3812", "CVE-2015-3813", "CVE-2015-6243", "CVE-2015-6244", "CVE-2015-6245", "CVE-2015-6246", "CVE-2015-6248"], "description": "The wireshark packages contain a network protocol analyzer used to capture\nand browse the traffic running on a computer network.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191,\nCVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710,\nCVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562,\nCVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244,\nCVE-2015-6245, CVE-2015-6246, CVE-2015-6248)\n\nThe CVE-2015-3182 issue was discovered by Martin \u017dember of Red Hat.\n\nThe wireshark packages have been upgraded to upstream version 1.10.14,\nwhich provides a number of bug fixes and enhancements over the previous\nversion. (BZ#1238676)\n\nThis update also fixes the following bug:\n\n* Prior to this update, when using the tshark utility to capture packets\nover the interface, tshark failed to create output files in the .pcap\nformat even if it was specified using the \"-F\" option. This bug has been\nfixed, the \"-F\" option is now honored, and the result saved in the .pcap\nformat as expected. (BZ#1227199)\n\nIn addition, this update adds the following enhancement:\n\n* Previously, wireshark included only microseconds in the .pcapng format.\nWith this update, wireshark supports nanosecond time stamp precision to\nallow for more accurate time stamps. (BZ#1213339)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running instances of\nWireshark must be restarted for the update to take effect.", "modified": "2018-04-12T03:32:44", "published": "2015-11-19T18:43:56", "id": "RHSA-2015:2393", "href": "https://access.redhat.com/errata/RHSA-2015:2393", "type": "redhat", "title": "(RHSA-2015:2393) Moderate: wireshark security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}