ID CVE-2015-8718 Type cve Reporter cve@mitre.org Modified 2016-12-07T18:29:00
Description
Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
{"f5": [{"lastseen": "2019-05-31T18:43:14", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 597176 (BIG-IP) and ID 600847 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 | Medium | Wireshark (tshark) \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 | Medium | Wireshark (tshark) \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 \n11.2.1 | Medium | Wireshark (tshark) \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 13.1.0 \n12.1.3 | Medium | Wireshark (tshark) \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | 11.4.0 - 11.6.2 | 11.2.1 \n10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.2 | 13.1.0 \n12.1.3 | Medium | Wireshark (tshark) \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | Wireshark (tshark) \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nARX | 6.2.0 - 6.4.0 | None | Low | Wireshark (tshark) \nEnterprise Manager | 3.1.1 | None | Medium | Wireshark (tshark) \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Wireshark (tshark) \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Wireshark (tshark) \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Wireshark (tshark) \nBIG-IQ ADC | 4.5.0 | None | Medium | Wireshark (tshark) \nBIG-IQ Centralized Management | 5.0.0 | None | Medium | Wireshark (tshark) \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Wireshark (tshark) \nF5 iWorkflow | 2.0.0 | None | Medium | Wireshark (tshark) \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 MobileSafe | None | 1.0.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, avoid using Wireshark (tshark) on the BIG-IP system. For troubleshooting purposes, the **tcpdump** utility can be safely used.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2017-12-20T21:32:00", "published": "2016-06-25T00:18:00", "id": "F5:K01837042", "href": "https://support.f5.com/csp/article/K01837042", "title": "Multiple Wireshark (tshark) vulnerabilities", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2016-11-09T00:09:59", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, avoid using Wireshark (tshark) on the BIG-IP system. For troubleshooting purposes, the **tcpdump** utility can be safely used.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "modified": "2016-10-07T00:00:00", "published": "2016-06-24T00:00:00", "id": "SOL01837042", "href": "http://support.f5.com/kb/en-us/solutions/public/k/01/sol01837042.html", "type": "f5", "title": "SOL01837042 - Multiple Wireshark (tshark) vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:27:17", "bulletinFamily": "scanner", "description": "CVE-2015-8711\n\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\nCVE-2015-8714 The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8716 The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8717 The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8718 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8720 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8721 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.\n\nCVE-2015-8723 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.\n\nCVE-2015-8725 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.\n\nCVE-2015-8729 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\nCVE-2015-8730 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.\n\nCVE-2015-8733 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\nCVE-2016-2523 The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n\nCVE-2016-4006 epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.\n\nCVE-2016-4078 The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.\n\nCVE-2016-4079 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.\n\nCVE-2016-4080 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\nCVE-2016-4081 epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n\nCVE-2016-4085 Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.\n\nImpact\n\nIf Wireshark is launched manually by a user with Advanced Shell ( bash ) access, dissection of specially crafted packets could cause Wireshark to consume excessive resources. Wireshark is not part of normal BIG-IP operation; only users who actively run Wireshark are vulnerable.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL01837042.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91838", "published": "2016-06-27T00:00:00", "title": "F5 Networks BIG-IP : Multiple Wireshark (tshark) vulnerabilities (K01837042)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K01837042.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91838);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8714\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8723\", \"CVE-2015-8725\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8733\", \"CVE-2016-2523\", \"CVE-2016-4006\", \"CVE-2016-4078\", \"CVE-2016-4079\", \"CVE-2016-4080\", \"CVE-2016-4081\", \"CVE-2016-4085\");\n\n script_name(english:\"F5 Networks BIG-IP : Multiple Wireshark (tshark) vulnerabilities (K01837042)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-8711\n\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\nCVE-2015-8714 The dissect_dcom_OBJREF function in\nepan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark\n1.12.x before 1.12.9 does not initialize a certain IPv4 data\nstructure, which allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2015-8716 The init_t38_info_conv function in\nepan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x\nbefore 1.12.9 does not ensure that a conversation exists, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet.\n\nCVE-2015-8717 The dissect_sdp function in epan/dissectors/packet-sdp.c\nin the SDP dissector in Wireshark 1.12.x before 1.12.9 does not\nprevent use of a negative media count, which allows remote attackers\nto cause a denial of service (application crash) via a crafted packet.\n\nCVE-2015-8718 Double free vulnerability in\nepan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets\nfor async NLM' option is enabled, allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\nCVE-2015-8720 The dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\nCVE-2015-8721 Buffer overflow in the tvb_uncompress function in\nepan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 allows remote attackers to cause a denial of service\n(application crash) via a crafted packet with zlib compression.\n\nCVE-2015-8723 The AirPDcapPacketProcess function in\nepan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 does not validate the\nrelationship between the total length and the capture length, which\nallows remote attackers to cause a denial of service (stack-based\nbuffer overflow and application crash) via a crafted packet.\n\nCVE-2015-8725 The dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\nCVE-2015-8729 The ascend_seek function in wiretap/ascendtext.c in the\nAscend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not ensure the presence of a '\\0' character at the end of a\ndate string, which allows remote attackers to cause a denial of\nservice (out-of-bounds read and application crash) via a crafted file.\n\nCVE-2015-8730 epan/dissectors/packet-nbap.c in the NBAP dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the number of items, which allows remote attackers to cause a\ndenial of service (invalid read operation and application crash) via a\ncrafted packet.\n\nCVE-2015-8733 The ngsniffer_process_record function in\nwiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 does not validate the\nrelationships between record lengths and record header lengths, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted file.\n\nCVE-2016-2523 The dnp3_al_process_object function in\nepan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x\nbefore 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause\na denial of service (infinite loop) via a crafted packet.\n\nCVE-2016-4006 epan/proto.c in Wireshark 1.12.x before 1.12.11 and\n2.0.x before 2.0.3 does not limit the protocol-tree depth, which\nallows remote attackers to cause a denial of service (stack memory\nconsumption and application crash) via a crafted packet.\n\nCVE-2016-4078 The IEEE 802.11 dissector in Wireshark 1.12.x before\n1.12.11 and 2.0.x before 2.0.3 does not properly restrict element\nlists, which allows remote attackers to cause a denial of service\n(deep recursion and application crash) via a crafted packet, related\nto epan/dissectors/packet-capwap.c and\nepan/dissectors/packet-ieee80211.c.\n\nCVE-2016-4079 epan/dissectors/packet-pktc.c in the PKTC dissector in\nWireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify\nBER identifiers, which allows remote attackers to cause a denial of\nservice (out-of-bounds write and application crash) via a crafted\npacket.\n\nCVE-2016-4080 epan/dissectors/packet-pktc.c in the PKTC dissector in\nWireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses\ntimestamp fields, which allows remote attackers to cause a denial of\nservice (out-of-bounds read and application crash) via a crafted\npacket.\n\nCVE-2016-4081 epan/dissectors/packet-iax2.c in the IAX2 dissector in\nWireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an\nincorrect integer data type, which allows remote attackers to cause a\ndenial of service (infinite loop) via a crafted packet.\n\nCVE-2016-4085 Stack-based buffer overflow in\nepan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark\n1.12.x before 1.12.11 allows remote attackers to cause a denial of\nservice (application crash) or possibly have unspecified other impact\nvia a long string in a packet.\n\nImpact\n\nIf Wireshark is launched manually by a user with Advanced Shell ( bash\n) access, dissection of specially crafted packets could cause\nWireshark to consume excessive resources. Wireshark is not part of\nnormal BIG-IP operation; only users who actively run Wireshark are\nvulnerable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K01837042\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K01837042.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K01837042\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.4.0-11.6.2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.2.1\",\"10.2.1-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.4.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:49", "bulletinFamily": "scanner", "description": "The version of Wireshark installed on the remote Windows host is 2.0.0. It is, therefore, affected by multiple denial of service vulnerabilities in the following components :\n\n - 802.11 dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - Bluetooth Attribute dissector\n - DIAMETER dissector\n - GSM A dissector\n - IPMI dissector\n - MP2T file parser\n - MS-WSP dissector\n - NBAP dissector\n - NLM dissector\n - NWP dissector\n - PPI dissector\n - RSL dissector\n - RSVP dissector\n - S7COMM dissector\n - SCTP dissector\n - Sniffer file parser\n - TDS dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-08-07T00:00:00", "id": "WIRESHARK_2_0_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87825", "published": "2016-01-08T00:00:00", "title": "Wireshark 2.0.0 Multiple DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87825);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/07 16:46:51\");\n\n script_cve_id(\n \"CVE-2015-8711\",\n \"CVE-2015-8718\",\n \"CVE-2015-8720\",\n \"CVE-2015-8721\",\n \"CVE-2015-8722\",\n \"CVE-2015-8723\",\n \"CVE-2015-8724\",\n \"CVE-2015-8725\",\n \"CVE-2015-8726\",\n \"CVE-2015-8727\",\n \"CVE-2015-8728\",\n \"CVE-2015-8729\",\n \"CVE-2015-8730\",\n \"CVE-2015-8731\",\n \"CVE-2015-8732\",\n \"CVE-2015-8733\",\n \"CVE-2015-8734\",\n \"CVE-2015-8735\",\n \"CVE-2015-8736\",\n \"CVE-2015-8737\",\n \"CVE-2015-8738\",\n \"CVE-2015-8739\",\n \"CVE-2015-8740\",\n \"CVE-2015-8741\",\n \"CVE-2015-8742\"\n );\n script_xref(name:\"EDB-ID\", value:\"38993\");\n script_xref(name:\"EDB-ID\", value:\"38994\");\n script_xref(name:\"EDB-ID\", value:\"38995\");\n script_xref(name:\"EDB-ID\", value:\"38996\");\n script_xref(name:\"EDB-ID\", value:\"38997\");\n script_xref(name:\"EDB-ID\", value:\"38998\");\n script_xref(name:\"EDB-ID\", value:\"38999\");\n script_xref(name:\"EDB-ID\", value:\"39000\");\n script_xref(name:\"EDB-ID\", value:\"39001\");\n script_xref(name:\"EDB-ID\", value:\"39002\");\n script_xref(name:\"EDB-ID\", value:\"39003\");\n script_xref(name:\"EDB-ID\", value:\"39004\");\n script_xref(name:\"EDB-ID\", value:\"39005\");\n script_xref(name:\"EDB-ID\", value:\"39006\");\n script_xref(name:\"EDB-ID\", value:\"39076\");\n script_xref(name:\"EDB-ID\", value:\"39077\");\n\n script_name(english:\"Wireshark 2.0.0 Multiple DoS\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is\n2.0.0. It is, therefore, affected by multiple denial of service\nvulnerabilities in the following components :\n\n - 802.11 dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - Bluetooth Attribute dissector\n - DIAMETER dissector\n - GSM A dissector\n - IPMI dissector\n - MP2T file parser\n - MS-WSP dissector\n - NBAP dissector\n - NLM dissector\n - NWP dissector\n - PPI dissector\n - RSL dissector\n - RSVP dissector\n - S7COMM dissector\n - SCTP dissector\n - Sniffer file parser\n - TDS dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Wireshark\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\n# Affected :\n# 2.0.0 < 2.0.1\nif (version !~ \"^2\\.0\\.0($|[^0-9])\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.1' +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:21", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89695", "published": "2016-03-07T00:00:00", "title": "Debian DSA-3505-1 : wireshark - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3505. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89695);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_xref(name:\"DSA\", value:\"3505\");\n\n script_name(english:\"Debian DSA-3505-1 : wireshark - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee\nZCL and Sniffer which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3505\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.12.1+g01b65bf-4+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-data\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tshark\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-common\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dbg\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-doc\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark-data\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark5\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwiretap-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwiretap4\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwsutil-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwsutil4\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tshark\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-common\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-dbg\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-doc\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-qt\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:49", "bulletinFamily": "scanner", "description": "Wireshark was updated to 1.12.9 to fix a number of crashes in protocol dissectors. [boo#960382]\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2016-12.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87833", "published": "2016-01-11T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-2016-12)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-12.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87833);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:28 $\");\n\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-2016-12)\");\n script_summary(english:\"Check for the openSUSE-2016-12 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark was updated to 1.12.9 to fix a number of crashes in protocol\ndissectors. [boo#960382]\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debugsource-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-devel-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-gtk-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-qt-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debugsource-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-devel-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-debuginfo-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-debugsource-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-devel-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-gtk-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-qt-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:50", "bulletinFamily": "scanner", "description": "This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2016-0109-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87911", "published": "2016-01-14T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0109-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87911);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8711/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8719/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8720/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8721/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8725/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8726/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8727/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8733/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160109-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c2a469e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-76=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-76=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-76=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:49", "bulletinFamily": "scanner", "description": "The version of Wireshark installed on the remote Windows host is 1.12.x prior to 1.12.9. It is, therefore, affected by multiple denial of service vulnerabilities in the following components :\n\n - 802.11 dissector\n - AllJoyn dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - DCOM dissector\n - DIAMETER dissector\n - DNS dissector\n - GSM A dissector\n - NBAP dissector\n - NLM dissector\n - RSL dissector\n - RSVP dissector\n - SCTP dissector\n - SDP dissector\n - Sniffer file parser\n - T.38 dissector\n - UMTS FP dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-08-06T00:00:00", "id": "WIRESHARK_1_12_9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87824", "published": "2016-01-08T00:00:00", "title": "Wireshark 1.12.x < 1.12.9 Multiple DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87824);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/06 14:03:17\");\n\n script_cve_id(\n \"CVE-2015-8711\",\n \"CVE-2015-8712\",\n \"CVE-2015-8713\",\n \"CVE-2015-8714\",\n \"CVE-2015-8715\",\n \"CVE-2015-8716\",\n \"CVE-2015-8717\",\n \"CVE-2015-8718\",\n \"CVE-2015-8719\",\n \"CVE-2015-8720\",\n \"CVE-2015-8721\",\n \"CVE-2015-8722\",\n \"CVE-2015-8723\",\n \"CVE-2015-8724\",\n \"CVE-2015-8725\",\n \"CVE-2015-8726\",\n \"CVE-2015-8727\",\n \"CVE-2015-8728\",\n \"CVE-2015-8729\",\n \"CVE-2015-8730\",\n \"CVE-2015-8731\",\n \"CVE-2015-8732\",\n \"CVE-2015-8733\"\n );\n script_xref(name:\"EDB-ID\", value:\"38995\");\n script_xref(name:\"EDB-ID\", value:\"38996\");\n script_xref(name:\"EDB-ID\", value:\"38999\");\n script_xref(name:\"EDB-ID\", value:\"39000\");\n script_xref(name:\"EDB-ID\", value:\"39001\");\n script_xref(name:\"EDB-ID\", value:\"39002\");\n script_xref(name:\"EDB-ID\", value:\"39003\");\n script_xref(name:\"EDB-ID\", value:\"39004\");\n script_xref(name:\"EDB-ID\", value:\"39005\");\n script_xref(name:\"EDB-ID\", value:\"39006\");\n script_xref(name:\"EDB-ID\", value:\"39076\");\n script_xref(name:\"EDB-ID\", value:\"39077\");\n\n script_name(english:\"Wireshark 1.12.x < 1.12.9 Multiple DoS\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is\n1.12.x prior to 1.12.9. It is, therefore, affected by multiple\ndenial of service vulnerabilities in the following components :\n\n - 802.11 dissector\n - AllJoyn dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - DCOM dissector\n - DIAMETER dissector\n - DNS dissector\n - GSM A dissector\n - NBAP dissector\n - NLM dissector\n - RSL dissector\n - RSVP dissector\n - SCTP dissector\n - SDP dissector\n - Sniffer file parser\n - T.38 dissector\n - UMTS FP dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.12.9.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 1.12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Wireshark\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\n# Affected :\n# 1.12.x < 1.12.9\nif (version !~ \"^1\\.12\\.[0-8]($|[^0-9])\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.12.9' +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:50", "bulletinFamily": "scanner", "description": "This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2016-0110-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87912", "published": "2016-01-14T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : wireshark (SUSE-SU-2016:0110-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0110-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87912);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : wireshark (SUSE-SU-2016:0110-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8711/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8719/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8720/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8721/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8725/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8726/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8727/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8733/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160110-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9cb4d7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-wireshark-12322=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-wireshark-12322=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-wireshark-12322=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-wireshark-12322=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-wireshark-12322=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-wireshark-12322=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-wireshark-12322=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-wireshark-12322=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-wireshark-12322=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:45", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201604-05 (Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause Denial of Service and local attackers could escalate privileges.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2016-11-11T00:00:00", "id": "GENTOO_GLSA-201604-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90744", "published": "2016-04-27T00:00:00", "title": "GLSA-201604-05 : Wireshark: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201604-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90744);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2016/11/11 20:19:25 $\");\n\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\", \"CVE-2015-8734\", \"CVE-2015-8735\", \"CVE-2015-8736\", \"CVE-2015-8737\", \"CVE-2015-8738\", \"CVE-2015-8739\", \"CVE-2015-8740\", \"CVE-2015-8741\", \"CVE-2015-8742\", \"CVE-2016-2521\", \"CVE-2016-2522\", \"CVE-2016-2523\", \"CVE-2016-2524\", \"CVE-2016-2525\", \"CVE-2016-2526\", \"CVE-2016-2527\", \"CVE-2016-2528\", \"CVE-2016-2529\", \"CVE-2016-2530\", \"CVE-2016-2531\", \"CVE-2016-2532\");\n script_xref(name:\"GLSA\", value:\"201604-05\");\n\n script_name(english:\"GLSA-201604-05 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201604-05\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause Denial of Service and local attackers could\n escalate privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201604-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-2.0.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 2.0.2\"), vulnerable:make_list(\"lt 2.0.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310806946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806946", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln02_jan16_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806946\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2015-8733\", \"CVE-2015-8732\", \"CVE-2015-8731\", \"CVE-2015-8730\",\n \"CVE-2015-8729\", \"CVE-2015-8728\", \"CVE-2015-8727\", \"CVE-2015-8726\",\n \"CVE-2015-8725\", \"CVE-2015-8724\", \"CVE-2015-8723\", \"CVE-2015-8722\",\n \"CVE-2015-8721\", \"CVE-2015-8720\", \"CVE-2015-8718\", \"CVE-2015-8711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:59:19 +0530 (Mon, 11 Jan 2016)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n multiple errors in Wireshark. For details refer the links mentioned in the\n reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 1.12.x before 1.12.9\n and 2.0.x before 2.0.1 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.12.9 or\n 2.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2015-45.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-41.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(wirversion, test_version:\"1.12.0\", test_version2:\"1.12.8\"))\n{\n fix = \"1.12.9\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:wirversion, test_version:\"2.0.0\"))\n{\n fix = \"2.0.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + wirversion + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310806945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806945", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln02_jan16_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806945\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2015-8733\", \"CVE-2015-8732\", \"CVE-2015-8731\", \"CVE-2015-8730\",\n \"CVE-2015-8729\", \"CVE-2015-8728\", \"CVE-2015-8727\", \"CVE-2015-8726\",\n \"CVE-2015-8725\", \"CVE-2015-8724\", \"CVE-2015-8723\", \"CVE-2015-8722\",\n \"CVE-2015-8721\", \"CVE-2015-8720\", \"CVE-2015-8718\", \"CVE-2015-8711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:59:19 +0530 (Mon, 11 Jan 2016)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n multiple errors in Wireshark. For details refer the links mentioned in the\n reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 1.12.x before 1.12.9\n and 2.0.x before 2.0.1 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.12.9 or\n 2.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2015-45.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-41.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:wirversion, test_version:\"1.12.0\", test_version2:\"1.12.8\"))\n{\n fix = \"1.12.9\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:wirversion, test_version:\"2.0.0\"))\n{\n fix = \"2.0.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + wirversion + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.", "modified": "2019-03-18T00:00:00", "published": "2016-03-04T00:00:00", "id": "OPENVAS:1361412562310703505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703505", "title": "Debian Security Advisory DSA 3505-1 (wireshark - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3505.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3505-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703505\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\",\n \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\",\n \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\",\n \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\",\n \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\",\n \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_name(\"Debian Security Advisory DSA 3505-1 (wireshark - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-04 00:00:00 +0100 (Fri, 04 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3505.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|7|9)\");\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark5:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark5:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark6:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap5:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap5:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil6:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-gtk\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:54:14", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.", "modified": "2017-07-07T00:00:00", "published": "2016-03-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703505", "id": "OPENVAS:703505", "title": "Debian Security Advisory DSA 3505-1 (wireshark - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3505.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3505-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703505);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\",\n \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\",\n \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\",\n \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\",\n \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\",\n \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_name(\"Debian Security Advisory DSA 3505-1 (wireshark - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-04 00:00:00 +0100 (Fri, 04 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3505.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wireshark on Debian Linux\");\n script_tag(name: \"insight\", value: \"Wireshark is a network 'sniffer' - a\ntool that captures and analyzes packets off the wire. Wireshark can decode too\nmany protocols to list here.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark5:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark5:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark6:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap5:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap5:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil6:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-gtk\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201604-05", "modified": "2018-10-26T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310121461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121461", "title": "Gentoo Security Advisory GLSA 201604-05", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201604-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121461\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:21:27 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201604-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201604-05\");\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\", \"CVE-2015-8734\", \"CVE-2015-8735\", \"CVE-2015-8736\", \"CVE-2015-8737\", \"CVE-2015-8738\", \"CVE-2015-8739\", \"CVE-2015-8740\", \"CVE-2015-8741\", \"CVE-2015-8742\", \"CVE-2016-2521\", \"CVE-2016-2522\", \"CVE-2016-2523\", \"CVE-2016-2524\", \"CVE-2016-2525\", \"CVE-2016-2526\", \"CVE-2016-2527\", \"CVE-2016-2528\", \"CVE-2016-2529\", \"CVE-2016-2530\", \"CVE-2016-2531\", \"CVE-2016-2532\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201604-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 2.0.2\"), vulnerable: make_list(\"lt 2.0.2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html", "id": "ASA-201601-6", "title": "wireshark-qt: denial of service", "type": "archlinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html", "id": "ASA-201601-5", "title": "wireshark-gtk: denial of service", "type": "archlinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:44", "bulletinFamily": "unix", "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html", "id": "ASA-201601-4", "title": "wireshark-cli: denial of service", "type": "archlinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:43", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3505-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 04, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 \n CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717\n CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721\n CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725\n CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729\n CVE-2015-8730 CVE-2015-8732 CVE-2015-8733\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL\nand Sniffer which could result in denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-03-04T19:04:27", "published": "2016-03-04T19:04:27", "id": "DEBIAN:DSA-3505-1:8B7DB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00077.html", "title": "[SECURITY] [DSA 3505-1] wireshark security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:09", "bulletinFamily": "info", "description": "### *Detect date*:\n01/04/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.\n\n### *Affected products*:\nWireshark 1.12 versions earlier than 1.12.9 \nWireshark 2.0 versions earlier than 2.0.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Wireshark](<https://www.wireshark.org/#download>)\n\n### *Original advisories*:\n[Wireshark adviosries list](<https://www.wireshark.org/security/>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Wireshark](<https://threats.kaspersky.com/en/product/Wireshark/>)\n\n### *CVE-IDS*:\n[CVE-2015-8727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8727>)4.3Warning \n[CVE-2015-8719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8719>)4.3Warning \n[CVE-2015-8720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8720>)4.3Warning \n[CVE-2015-8717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8717>)4.3Warning \n[CVE-2015-8718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8718>)4.3Warning \n[CVE-2015-8723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8723>)4.3Warning \n[CVE-2015-8724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8724>)4.3Warning \n[CVE-2015-8721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8721>)4.3Warning \n[CVE-2015-8722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8722>)4.3Warning \n[CVE-2015-8715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8715>)4.3Warning \n[CVE-2015-8716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8716>)4.3Warning \n[CVE-2015-8735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8735>)4.3Warning \n[CVE-2015-8736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8736>)4.3Warning \n[CVE-2015-8737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8737>)4.3Warning \n[CVE-2015-8738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8738>)4.3Warning \n[CVE-2015-8739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8739>)4.3Warning \n[CVE-2015-8740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8740>)4.3Warning \n[CVE-2015-8741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8741>)4.3Warning \n[CVE-2015-8742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8742>)4.3Warning \n[CVE-2015-8726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8726>)4.3Warning \n[CVE-2015-8725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8725>)4.3Warning \n[CVE-2015-8730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8730>)4.3Warning \n[CVE-2015-8729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8729>)4.3Warning \n[CVE-2015-8728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8728>)4.3Warning \n[CVE-2015-8713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8713>)4.3Warning \n[CVE-2015-8734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8734>)4.3Warning \n[CVE-2015-8733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8733>)4.3Warning \n[CVE-2015-8732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8732>)4.3Warning \n[CVE-2015-8731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8731>)4.3Warning \n[CVE-2015-8714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8714>)4.3Warning", "modified": "2019-03-07T00:00:00", "published": "2016-01-04T00:00:00", "id": "KLA10730", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10730", "title": "\r KLA10730Denial of service vulnerabilities in Wireshark ", "type": "kaspersky", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a network protocol analyzer formerly known as ethereal.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause Denial of Service and local attackers could escalate privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-2.0.2\"", "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "GLSA-201604-05", "href": "https://security.gentoo.org/glsa/201604-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
