ID GLSA-200608-26 Type gentoo Reporter Gentoo Foundation Modified 2006-08-29T00:00:00
Description
Background
Wireshark is a feature-rich network protocol analyzer.
Description
The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured.
Impact
An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user.
Workaround
Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled protocols" menus. Make sure the ESP decryption is disabled, with the "Edit -> Preferences -> Protocols -> ESP" menu.
Resolution
All Wireshark users should upgrade to the latest version:
{"published": "2006-08-29T00:00:00", "id": "GLSA-200608-26", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-09-06T19:46:59", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4333", "CVE-2006-4332", "CVE-2006-4330", "CVE-2006-4331"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2006-0726.NASL", "REDHAT-RHSA-2006-0658.NASL", "GENTOO_GLSA-200608-26.NASL", "SUSE_ETHEREAL-2029.NASL", "FEDORA_2006-936.NASL", "SUSE_ETHEREAL-2028.NASL", "CENTOS_RHSA-2006-0658.NASL", "MANDRAKE_MDKSA-2006-152.NASL", "FEDORA_2006-1141.NASL", "FEDORA_2006-1140.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:65166", "OPENVAS:136141256231065166", "OPENVAS:861536", "OPENVAS:57356", "OPENVAS:57876"]}, {"type": "centos", "idList": ["CESA-2006:0658", "CESA-2006:0658-01"]}, {"type": "redhat", "idList": ["RHSA-2006:0658"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0658", "ELSA-2006-0726", "ELSA-2006-0602"]}, {"type": "osvdb", "idList": ["OSVDB:28198", "OSVDB:28197", "OSVDB:28199", "OSVDB:28196"]}, {"type": "cert", "idList": ["VU:335656", "VU:808832", "VU:696896", "VU:638376"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1171-1:6A23B"]}], "modified": "2016-09-06T19:46:59", "rev": 2}, "vulnersScore": 6.5}, "description": "### Background\n\nWireshark is a feature-rich network protocol analyzer. \n\n### Description\n\nThe following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. \n\n### Impact\n\nAn attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. \n\n### Workaround\n\nDisable the SCSI and Q.2931 dissectors with the \"Analyse\" and \"Enabled protocols\" menus. Make sure the ESP decryption is disabled, with the \"Edit -> Preferences -> Protocols -> ESP\" menu. \n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-0.99.3\"", "type": "gentoo", "lastseen": "2016-09-06T19:46:59", "edition": 1, "title": "Wireshark: Multiple vulnerabilities", "href": "https://security.gentoo.org/glsa/200608-26", "modified": "2006-08-29T00:00:00", "bulletinFamily": "unix", "viewCount": 0, "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "affectedPackage": [{"packageVersion": "0.99.3", "packageName": "net-analyzer/wireshark", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}], "references": ["http://www.wireshark.org/security/wnpa-sec-2006-02.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4330", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4333", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4332", "https://bugs.gentoo.org/show_bug.cgi?id=144946", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4331"], "reporter": "Gentoo Foundation", "immutableFields": []}
{"openvas": [{"lastseen": "2017-07-26T08:56:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ethereal\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016073 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65166", "href": "http://plugins.openvas.org/nasl.php?oid=65166", "type": "openvas", "title": "SLES9: Security update for ethereal", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016073.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for ethereal\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ethereal\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016073 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65166);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4333\", \"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for ethereal\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ethereal\", rpm:\"ethereal~0.10.13~2.21\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ethereal\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016073 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065166", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065166", "type": "openvas", "title": "SLES9: Security update for ethereal", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016073.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for ethereal\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ethereal\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016073 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65166\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4333\", \"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for ethereal\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ethereal\", rpm:\"ethereal~0.10.13~2.21\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-26.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57876", "href": "http://plugins.openvas.org/nasl.php?oid=57876", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-26 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is vulnerable to several security issues that may lead to a\nDenial of Service and/or the execution of arbitrary code.\";\ntag_solution = \"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-26\nhttp://bugs.gentoo.org/show_bug.cgi?id=144946\nhttp://www.wireshark.org/security/wnpa-sec-2006-02.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-26.\";\n\n \n\nif(description)\n{\n script_id(57876);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\", \"CVE-2006-4333\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200608-26 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 0.99.3\"), vulnerable: make_list(\"lt 0.99.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-4331", "CVE-2007-0459", "CVE-2006-4332", "CVE-2007-0457", "CVE-2007-0456", "CVE-2006-5740", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861536", "href": "http://plugins.openvas.org/nasl.php?oid=861536", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2007-207", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2007-207\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora Core 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00020.html\");\n script_id(861536);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-207\");\n script_cve_id(\"CVE-2006-5740\", \"CVE-2006-5468\", \"CVE-2006-5469\", \"CVE-2006-4331\", \"CVE-2006-4330\", \"CVE-2006-4333\", \"CVE-2006-4332\", \"CVE-2007-0457\", \"CVE-2007-0456\", \"CVE-2006-4805\", \"CVE-2007-0459\", \"CVE-2006-4574\");\n script_name( \"Fedora Update for wireshark FEDORA-2007-207\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/wireshark\", rpm:\"x86_64/wireshark~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/wireshark-gnome\", rpm:\"x86_64/wireshark-gnome~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/wireshark-debuginfo\", rpm:\"x86_64/debug/wireshark-debuginfo~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/wireshark-debuginfo\", rpm:\"i386/debug/wireshark-debuginfo~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/wireshark-gnome\", rpm:\"i386/wireshark-gnome~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/wireshark\", rpm:\"i386/wireshark~0.99.5~1.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3248", "CVE-2005-3242", "CVE-2005-3241", "CVE-2005-3246", "CVE-2005-3244", "CVE-2005-3243", "CVE-2006-4333"], "description": "The remote host is missing an update to ethereal\nannounced via advisory DSA 1171-1.\n\nSeveral remote vulnerabilities have been discovered in the Ethereal network\nscanner, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4333\n\nIt was discovered that the Q.2391 dissector is vulnerable to denial\nof service caused by memory exhaustion.\n\nCVE-2005-3241\n\nIt was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are\nvulnerable to denial of service caused by memory exhaustion.\n\nCVE-2005-3242\n\nIt was discovered that the IrDA and SMB dissectors are vulnerable to\ndenial of service caused by memory corruption.\n\nCVE-2005-3243\n\nIt was discovered that the SLIMP3 and AgentX dissectors are vulnerable\nto code injection caused by buffer overflows.\n\nCVE-2005-3244\n\nIt was discovered that the BER dissector is vulnerable to denial of\nservice caused by an infinite loop.\n\nCVE-2005-3246\n\nIt was discovered that the NCP and RTnet dissectors are vulnerable to\ndenial of service caused by a null pointer dereference.\n\nCVE-2005-3248\n\nIt was discovered that the X11 dissector is vulnerable denial of service\ncaused by a division through zero.\n\nThis update also fixes a 64 bit-specific regression in the ASN.1 decoder, which\nhas been introduced in a previous DSA.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57356", "href": "http://plugins.openvas.org/nasl.php?oid=57356", "type": "openvas", "title": "Debian Security Advisory DSA 1171-1 (ethereal)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1171_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1171-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.99.2-5.1 of wireshark, the network sniffer formerly known as\nethereal.\n\nWe recommend that you upgrade your ethereal packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201171-1\";\ntag_summary = \"The remote host is missing an update to ethereal\nannounced via advisory DSA 1171-1.\n\nSeveral remote vulnerabilities have been discovered in the Ethereal network\nscanner, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4333\n\nIt was discovered that the Q.2391 dissector is vulnerable to denial\nof service caused by memory exhaustion.\n\nCVE-2005-3241\n\nIt was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are\nvulnerable to denial of service caused by memory exhaustion.\n\nCVE-2005-3242\n\nIt was discovered that the IrDA and SMB dissectors are vulnerable to\ndenial of service caused by memory corruption.\n\nCVE-2005-3243\n\nIt was discovered that the SLIMP3 and AgentX dissectors are vulnerable\nto code injection caused by buffer overflows.\n\nCVE-2005-3244\n\nIt was discovered that the BER dissector is vulnerable to denial of\nservice caused by an infinite loop.\n\nCVE-2005-3246\n\nIt was discovered that the NCP and RTnet dissectors are vulnerable to\ndenial of service caused by a null pointer dereference.\n\nCVE-2005-3248\n\nIt was discovered that the X11 dissector is vulnerable denial of service\ncaused by a division through zero.\n\nThis update also fixes a 64 bit-specific regression in the ASN.1 decoder, which\nhas been introduced in a previous DSA.\";\n\n\nif(description)\n{\n script_id(57356);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4333\", \"CVE-2005-3241\", \"CVE-2005-3242\", \"CVE-2005-3243\", \"CVE-2005-3244\", \"CVE-2005-3246\", \"CVE-2005-3248\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1171-1 (ethereal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ethereal-common\", ver:\"0.10.10-2sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-dev\", ver:\"0.10.10-2sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tethereal\", ver:\"0.10.10-2sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.10.10-2sarge8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:43:32", "description": "A security problem was fixed in ethereal, which could be used by\nremote attackers to hang the ethereal process.\n\nCVE-2006-4333: If the SSCOP dissector has a port range configured AND\nthe SSCOP payload protocol is Q.2931, a malformed packet could make\nthe Q.2931 dissector use up available memory. No port range is\nconfigured by default.\n\nThe vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI\ndissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP\ndissector) do not affect our shipped ethereal releases.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : ethereal (ethereal-2029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ethereal", "p-cpe:/a:novell:opensuse:ethereal-devel", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_ETHEREAL-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/27206", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ethereal-2029.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27206);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\", \"CVE-2006-4333\");\n\n script_name(english:\"openSUSE 10 Security Update : ethereal (ethereal-2029)\");\n script_summary(english:\"Check for the ethereal-2029 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security problem was fixed in ethereal, which could be used by\nremote attackers to hang the ethereal process.\n\nCVE-2006-4333: If the SSCOP dissector has a port range configured AND\nthe SSCOP payload protocol is Q.2931, a malformed packet could make\nthe Q.2931 dissector use up available memory. No port range is\nconfigured by default.\n\nThe vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI\ndissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP\ndissector) do not affect our shipped ethereal releases.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ethereal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ethereal-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ethereal-0.10.14-16.8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ethereal-devel-0.10.14-16.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ethereal\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T11:51:36", "description": "Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were\ndiscovered in versions of wireshark less than 0.99.3, as well as an\noff-by-one error in the IPsec ESP preference parser if compiled with\nESP decryption support.\n\nThis updated provides wireshark 0.99.3a which is not vulnerable to\nthese issues.", "edition": 24, "published": "2006-12-16T00:00:00", "title": "Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2006-12-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:tshark", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:wireshark-tools", "p-cpe:/a:mandriva:linux:wireshark"], "id": "MANDRAKE_MDKSA-2006-152.NASL", "href": "https://www.tenable.com/plugins/nessus/23898", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:152. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23898);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\", \"CVE-2006-4333\");\n script_xref(name:\"MDKSA\", value:\"2006:152\");\n\n script_name(english:\"Mandrake Linux Security Advisory : wireshark (MDKSA-2006:152)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were\ndiscovered in versions of wireshark less than 0.99.3, as well as an\noff-by-one error in the IPsec ESP preference parser if compiled with\nESP decryption support.\n\nThis updated provides wireshark 0.99.3a which is not vulnerable to\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2006-02.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.3a-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.3a-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"tshark-0.99.3a-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"wireshark-0.99.3a-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"wireshark-tools-0.99.3a-0.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:01", "description": "CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332\nCVE-2006-4331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : wireshark-0.99.3-fc5.1 (2006-936)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "p-cpe:/a:fedoraproject:fedora:wireshark-gnome", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo"], "id": "FEDORA_2006-936.NASL", "href": "https://www.tenable.com/plugins/nessus/24173", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-936.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24173);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-936\");\n\n script_name(english:\"Fedora Core 5 : wireshark-0.99.3-fc5.1 (2006-936)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332\nCVE-2006-4331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-August/000566.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0a023f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-0.99.3-fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-debuginfo-0.99.3-fc5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-gnome-0.99.3-fc5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:43:32", "description": "A security problem was fixed in ethereal, which could be used by\nremote attackers to hang the ethereal process.\n\n - If the SSCOP dissector has a port range configured AND\n the SSCOP payload protocol is Q.2931, a malformed packet\n could make the Q.2931 dissector use up available memory.\n No port range is configured by default. (CVE-2006-4333)\n\nThe vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI\ndissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP\ndissector) do not affect our shipped ethereal releases.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ETHEREAL-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/29419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29419);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4333\");\n\n script_name(english:\"SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security problem was fixed in ethereal, which could be used by\nremote attackers to hang the ethereal process.\n\n - If the SSCOP dissector has a port range configured AND\n the SSCOP payload protocol is Q.2931, a malformed packet\n could make the Q.2931 dissector use up available memory.\n No port range is configured by default. (CVE-2006-4333)\n\nThe vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI\ndissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP\ndissector) do not affect our shipped ethereal releases.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4330.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4331.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4332.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4333.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2028.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"ethereal-0.10.14-16.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"ethereal-0.10.14-16.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:52:07", "description": "The remote host is affected by the vulnerability described in GLSA-200608-26\n(Wireshark: Multiple vulnerabilities)\n\n The following vulnerabilities have been discovered in Wireshark.\n Firstly, if the IPsec ESP parser is used it is susceptible to\n off-by-one errors, this parser is disabled by default; secondly, the\n SCSI dissector is vulnerable to an unspecified crash; and finally, the\n Q.2931 dissector of the SSCOP payload may use all the available memory\n if a port range is configured. By default, no port ranges are\n configured.\n \nImpact :\n\n An attacker might be able to exploit these vulnerabilities, resulting\n in a crash or the execution of arbitrary code with the permissions of\n the user running Wireshark, possibly the root user.\n \nWorkaround :\n\n Disable the SCSI and Q.2931 dissectors with the 'Analyse' and 'Enabled\n protocols' menus. Make sure the ESP decryption is disabled, with the\n 'Edit -> Preferences -> Protocols -> ESP' menu.", "edition": 26, "published": "2006-08-30T00:00:00", "title": "GLSA-200608-26 : Wireshark: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2006-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:wireshark"], "id": "GENTOO_GLSA-200608-26.NASL", "href": "https://www.tenable.com/plugins/nessus/22288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-26.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22288);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4332\", \"CVE-2006-4333\");\n script_xref(name:\"GLSA\", value:\"200608-26\");\n\n script_name(english:\"GLSA-200608-26 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-26\n(Wireshark: Multiple vulnerabilities)\n\n The following vulnerabilities have been discovered in Wireshark.\n Firstly, if the IPsec ESP parser is used it is susceptible to\n off-by-one errors, this parser is disabled by default; secondly, the\n SCSI dissector is vulnerable to an unspecified crash; and finally, the\n Q.2931 dissector of the SSCOP payload may use all the available memory\n if a port range is configured. By default, no port ranges are\n configured.\n \nImpact :\n\n An attacker might be able to exploit these vulnerabilities, resulting\n in a crash or the execution of arbitrary code with the permissions of\n the user running Wireshark, possibly the root user.\n \nWorkaround :\n\n Disable the SCSI and Q.2931 dissectors with the 'Analyse' and 'Enabled\n protocols' menus. Make sure the ESP decryption is disabled, with the\n 'Edit -> Preferences -> Protocols -> ESP' menu.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2006-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2006-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 0.99.3\"), vulnerable:make_list(\"lt 0.99.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:05:41", "description": "New Wireshark packages that fix various security vulnerabilities are\nnow available. Wireshark was previously known as Ethereal.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nWireshark is a program for monitoring network traffic.\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors.\nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\nUsers of Wireshark or Ethereal should upgrade to these updated\npackages containing Wireshark version 0.99.3, which is not vulnerable\nto these issues. These packages also fix a bug in the PAM\nconfiguration of the Wireshark packages which prevented non-root users\nstarting a capture.", "edition": 29, "published": "2006-09-14T00:00:00", "title": "RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2006-09-14T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome"], "id": "REDHAT-RHSA-2006-0658.NASL", "href": "https://www.tenable.com/plugins/nessus/22344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0658. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22344);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4333\");\n script_xref(name:\"RHSA\", value:\"2006:0658\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0658)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Wireshark packages that fix various security vulnerabilities are\nnow available. Wireshark was previously known as Ethereal.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nWireshark is a program for monitoring network traffic.\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors.\nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\nUsers of Wireshark or Ethereal should upgrade to these updated\npackages containing Wireshark version 0.99.3, which is not vulnerable\nto these issues. These packages also fix a bug in the PAM\nconfiguration of the Wireshark packages which prevented non-root users\nstarting a capture.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4333\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2006-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2006-02.html\"\n );\n # http://www.wireshark.org/faq.html#q1.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/faq.html#q1.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0658\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0658\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"wireshark-0.99.3-AS21.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.3-AS21.4\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-0.99.3-EL3.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-gnome-0.99.3-EL3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-0.99.3-EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-gnome-0.99.3-EL4.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:25:02", "description": "New Wireshark packages that fix various security vulnerabilities are\nnow available. Wireshark was previously known as Ethereal.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nWireshark is a program for monitoring network traffic.\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors.\nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\nUsers of Wireshark or Ethereal should upgrade to these updated\npackages containing Wireshark version 0.99.3, which is not vulnerable\nto these issues. These packages also fix a bug in the PAM\nconfiguration of the Wireshark packages which prevented non-root users\nstarting a capture.", "edition": 27, "published": "2006-09-14T00:00:00", "title": "CentOS 3 / 4 : wireshark (CESA-2006:0658)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4331", "CVE-2006-4333", "CVE-2006-4330"], "modified": "2006-09-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0658.NASL", "href": "https://www.tenable.com/plugins/nessus/22337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0658 and \n# CentOS Errata and Security Advisory 2006:0658 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22337);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4333\");\n script_xref(name:\"RHSA\", value:\"2006:0658\");\n\n script_name(english:\"CentOS 3 / 4 : wireshark (CESA-2006:0658)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Wireshark packages that fix various security vulnerabilities are\nnow available. Wireshark was previously known as Ethereal.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nWireshark is a program for monitoring network traffic.\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors.\nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\nUsers of Wireshark or Ethereal should upgrade to these updated\npackages containing Wireshark version 0.99.3, which is not vulnerable\nto these issues. These packages also fix a bug in the PAM\nconfiguration of the Wireshark packages which prevented non-root users\nstarting a capture.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013220.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64da1457\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013223.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb45dd1d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3adf1b0b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38116535\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d282917\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013247.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c81a167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-0.99.3-EL3.2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-gnome-0.99.3-EL3.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"wireshark-0.99.3-EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"wireshark-gnome-0.99.3-EL4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:05:55", "description": " - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-1.fc5\n\n - upgrade to 0.99.4, fixes multiple security issues\n\n - use dist tag\n\n - CVE-2006-5468 - The HTTP dissector could dereference a\n NULL pointer.\n\n - CVE-2006-5469 - The WBXML dissector could crash.\n\n - CVE-2006-5470 - The LDAP dissector (and possibly\n others) could crash.\n\n - CVE-2006-4805 - Basic DoS, The XOT dissector could\n attempt to allocate a large amount of memory and\n crash.\n\n - CVE-2006-4574 - Single byte \\0 overflow written onto\n the heap\n\n - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.3-fc5.1\n\n - upgrade to 0.99.3-1\n\n - CVE-2006-4330 Wireshark security issues (CVE-2006-4333\n CVE-2006-4332 CVE-2006-4331)\n\n - Wed Jul 26 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-fc5.2\n\n - fix BuildRequires\n\n - Tue Jul 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-fc5.1\n\n - build for FC5\n\n - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-1\n\n - upgrade to 0.99.2\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 0.99.2-0.pre1.1\n\n - rebuild\n\n - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-0.pre1\n\n - upgrade to 0.99.2pre1, fixes (#198242)\n\n - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1-0.pre1\n\n - spec file changes\n\n - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1pre1-1\n\n - initial build for Fedora Core\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : wireshark-0.99.4-1.fc5 (2006-1141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-5470", "CVE-2006-4331", "CVE-2006-4332", "CVE-2006-5740", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "p-cpe:/a:fedoraproject:fedora:wireshark-gnome", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo"], "id": "FEDORA_2006-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/24041", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1141.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24041);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-5740\");\n script_xref(name:\"FEDORA\", value:\"2006-1141\");\n\n script_name(english:\"Fedora Core 5 : wireshark-0.99.4-1.fc5 (2006-1141)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-1.fc5\n\n - upgrade to 0.99.4, fixes multiple security issues\n\n - use dist tag\n\n - CVE-2006-5468 - The HTTP dissector could dereference a\n NULL pointer.\n\n - CVE-2006-5469 - The WBXML dissector could crash.\n\n - CVE-2006-5470 - The LDAP dissector (and possibly\n others) could crash.\n\n - CVE-2006-4805 - Basic DoS, The XOT dissector could\n attempt to allocate a large amount of memory and\n crash.\n\n - CVE-2006-4574 - Single byte \\0 overflow written onto\n the heap\n\n - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.3-fc5.1\n\n - upgrade to 0.99.3-1\n\n - CVE-2006-4330 Wireshark security issues (CVE-2006-4333\n CVE-2006-4332 CVE-2006-4331)\n\n - Wed Jul 26 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-fc5.2\n\n - fix BuildRequires\n\n - Tue Jul 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-fc5.1\n\n - build for FC5\n\n - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-1\n\n - upgrade to 0.99.2\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 0.99.2-0.pre1.1\n\n - rebuild\n\n - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-0.pre1\n\n - upgrade to 0.99.2pre1, fixes (#198242)\n\n - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1-0.pre1\n\n - spec file changes\n\n - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1pre1-1\n\n - initial build for Fedora Core\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84606904\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-0.99.4-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-debuginfo-0.99.4-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"wireshark-gnome-0.99.4-1.fc5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:55", "description": " - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-1\n\n - upgrade to 0.99.4-1, fixes multiple security issues\n\n - CVE-2006-5468 - The HTTP dissector could dereference a\n NULL pointer.\n\n - CVE-2006-5469 - The WBXML dissector could crash.\n\n - CVE-2006-5470 - The LDAP dissector (and possibly\n others) could crash.\n\n - CVE-2006-4805 - Basic DoS, The XOT dissector could\n attempt to allocate a large amount of memory and\n crash.\n\n - CVE-2006-4574 - Single byte \\0 overflow written onto\n the heap\n\n - Tue Oct 10 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-0.pre1\n\n - upgrade to 0.99.4-0.pre1\n\n - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.3-1\n\n - upgrade to 0.99.3\n\n - Wireshark 0.99.3 fixes the following vulnerabilities :\n\n - the SCSI dissector could crash. Versions affected:\n CVE-2006-4330\n\n - the IPsec ESP preference parser was susceptible to\n off-by-one errors. CVE-2006-4331\n\n - a malformed packet could make the Q.2931 dissector use\n up available memory. CVE-2006-4333\n\n - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-1\n\n - upgrade to 0.99.2\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 0.99.2-0.pre1.1\n\n - rebuild\n\n - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-0.pre1\n\n - upgrade to 0.99.2pre1, fixes (#198242)\n\n - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1-0.pre1\n\n - spec file changes\n\n - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1pre1-1\n\n - initial build for Fedora Core\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-01-17T00:00:00", "title": "Fedora Core 6 : wireshark-0.99.4-1.fc6 (2006-1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-5470", "CVE-2006-4331", "CVE-2006-5740", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:wireshark-gnome", "p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo"], "id": "FEDORA_2006-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/24040", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1140.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24040);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-5740\");\n script_xref(name:\"FEDORA\", value:\"2006-1140\");\n\n script_name(english:\"Fedora Core 6 : wireshark-0.99.4-1.fc6 (2006-1140)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Nov 1 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-1\n\n - upgrade to 0.99.4-1, fixes multiple security issues\n\n - CVE-2006-5468 - The HTTP dissector could dereference a\n NULL pointer.\n\n - CVE-2006-5469 - The WBXML dissector could crash.\n\n - CVE-2006-5470 - The LDAP dissector (and possibly\n others) could crash.\n\n - CVE-2006-4805 - Basic DoS, The XOT dissector could\n attempt to allocate a large amount of memory and\n crash.\n\n - CVE-2006-4574 - Single byte \\0 overflow written onto\n the heap\n\n - Tue Oct 10 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.4-0.pre1\n\n - upgrade to 0.99.4-0.pre1\n\n - Fri Aug 25 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.3-1\n\n - upgrade to 0.99.3\n\n - Wireshark 0.99.3 fixes the following vulnerabilities :\n\n - the SCSI dissector could crash. Versions affected:\n CVE-2006-4330\n\n - the IPsec ESP preference parser was susceptible to\n off-by-one errors. CVE-2006-4331\n\n - a malformed packet could make the Q.2931 dissector use\n up available memory. CVE-2006-4333\n\n - Tue Jul 18 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-1\n\n - upgrade to 0.99.2\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 0.99.2-0.pre1.1\n\n - rebuild\n\n - Tue Jul 11 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.2-0.pre1\n\n - upgrade to 0.99.2pre1, fixes (#198242)\n\n - Tue Jun 13 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1-0.pre1\n\n - spec file changes\n\n - Fri Jun 9 2006 Radek Vokal <rvokal at redhat.com>\n 0.99.1pre1-1\n\n - initial build for Fedora Core\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8c5b6ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"wireshark-0.99.4-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"wireshark-debuginfo-0.99.4-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"wireshark-gnome-0.99.4-1.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:43:52", "description": "New Wireshark packages that fix various security vulnerabilities are\nnow available. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team. \n\nWireshark is a program for monitoring network traffic. \n\nUsers of Wireshark should upgrade to these updated packages containing\nWireshark version 0.99.4, which is not vulnerable to these issues.\n\n\nFrom Red Hat Security Advisory 2006:0726 :\n\nSeveral flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT\nprotocol dissectors. Wireshark could crash or stop responding if it\nread a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468,\nCVE-2006-5469, CVE-2006-5740)\n\nA single NULL byte heap based buffer overflow was found in Wireshark's\nMIME Multipart dissector. Wireshark could crash or possibly execute\narbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574)\n\n\nFrom Red Hat Security Advisory 2006:0658 :\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors. \nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\n\nFrom Red Hat Security Advisory 2006:0602 :\n\nIn May 2006, Ethereal changed its name to Wireshark. This update\ndeprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and\n4 in favor of the supported Wireshark packages. \n\nSeveral denial of service bugs were found in Ethereal's protocol\ndissectors. It was possible for Ethereal to crash or stop responding if\nit read a malformed packet off the network. (CVE-2006-3627,\nCVE-2006-3629, CVE-2006-3631)\n\nSeveral buffer overflow bugs were found in Ethereal's ANSI MAP, NCP\nNMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash\nor execute arbitrary code if it read a malformed packet off the network. \n(CVE-2006-3630, CVE-2006-3632)\n\nSeveral format string bugs were found in Ethereal's Checkpoint FW-1, MQ,\nXML, and NTP dissectors. It was possible for Ethereal to crash or\nexecute arbitrary code if it read a malformed packet off the network. \n(CVE-2006-3628)", "edition": 27, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-3631", "CVE-2006-3628", "CVE-2006-4331", "CVE-2006-3632", "CVE-2006-3627", "CVE-2006-3630", "CVE-2006-3629", "CVE-2006-5740", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wireshark-gnome", "p-cpe:/a:oracle:linux:wireshark", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/67418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0726 / \n# ELSA-2006-0658 / ELSA-2006-0602.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67418);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3627\", \"CVE-2006-3628\", \"CVE-2006-3629\", \"CVE-2006-3630\", \"CVE-2006-3631\", \"CVE-2006-3632\", \"CVE-2006-4330\", \"CVE-2006-4331\", \"CVE-2006-4333\", \"CVE-2006-4574\", \"CVE-2006-4805\", \"CVE-2006-5468\", \"CVE-2006-5469\", \"CVE-2006-5740\");\n script_xref(name:\"RHSA\", value:\"2006:0602\");\n script_xref(name:\"RHSA\", value:\"2006:0658\");\n script_xref(name:\"RHSA\", value:\"2006:0726\");\n\n script_name(english:\"Oracle Linux 4 : wireshark (ELSA-2006-0726 / ELSA-2006-0658 / ELSA-2006-0602)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Wireshark packages that fix various security vulnerabilities are\nnow available. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team. \n\nWireshark is a program for monitoring network traffic. \n\nUsers of Wireshark should upgrade to these updated packages containing\nWireshark version 0.99.4, which is not vulnerable to these issues.\n\n\nFrom Red Hat Security Advisory 2006:0726 :\n\nSeveral flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT\nprotocol dissectors. Wireshark could crash or stop responding if it\nread a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468,\nCVE-2006-5469, CVE-2006-5740)\n\nA single NULL byte heap based buffer overflow was found in Wireshark's\nMIME Multipart dissector. Wireshark could crash or possibly execute\narbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574)\n\n\nFrom Red Hat Security Advisory 2006:0658 :\n\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors. \nEthereal could crash or stop responding if it read a malformed packet\noff the network. (CVE-2006-4330, CVE-2006-4333)\n\nAn off-by-one bug was found in the IPsec ESP decryption preference\nparser. Ethereal could crash or stop responding if it read a malformed\npacket off the network. (CVE-2006-4331)\n\n\nFrom Red Hat Security Advisory 2006:0602 :\n\nIn May 2006, Ethereal changed its name to Wireshark. This update\ndeprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and\n4 in favor of the supported Wireshark packages. \n\nSeveral denial of service bugs were found in Ethereal's protocol\ndissectors. It was possible for Ethereal to crash or stop responding if\nit read a malformed packet off the network. (CVE-2006-3627,\nCVE-2006-3629, CVE-2006-3631)\n\nSeveral buffer overflow bugs were found in Ethereal's ANSI MAP, NCP\nNMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash\nor execute arbitrary code if it read a malformed packet off the network. \n(CVE-2006-3630, CVE-2006-3632)\n\nSeveral format string bugs were found in Ethereal's Checkpoint FW-1, MQ,\nXML, and NTP dissectors. It was possible for Ethereal to crash or\nexecute arbitrary code if it read a malformed packet off the network. \n(CVE-2006-3628)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-December/000026.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wireshark packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"wireshark-0.99.4-EL4.1.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"wireshark-0.99.4-EL4.1.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.4-EL4.1.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.4-EL4.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T05:27:23", "description": "Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.", "edition": 4, "cvss3": {}, "published": "2006-08-24T20:04:00", "title": "CVE-2006-4331", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4331"], "modified": "2017-10-11T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.2"], "id": "CVE-2006-4331", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4331", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:23", "description": "The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.", "edition": 4, "cvss3": {}, "published": "2006-08-24T20:04:00", "title": "CVE-2006-4333", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4333"], "modified": "2018-10-17T21:34:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.10.4", "cpe:/a:wireshark:wireshark:0.99.1"], "id": "CVE-2006-4333", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4333", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:23", "description": "Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.", "edition": 4, "cvss3": {}, "published": "2006-08-24T20:04:00", "title": "CVE-2006-4332", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4332"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.10.4", "cpe:/a:wireshark:wireshark:0.99.1"], "id": "CVE-2006-4332", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4332", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:23", "description": "Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.", "edition": 4, "cvss3": {}, "published": "2006-08-24T20:04:00", "title": "CVE-2006-4330", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4330"], "modified": "2018-10-17T21:34:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.2"], "id": "CVE-2006-4330", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4330", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:24:12", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4331", "CVE-2006-4333", "CVE-2006-4330"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0658\n\n\nWireshark is a program for monitoring network traffic.\r\n\r\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal\r\ncould crash or stop responding if it read a malformed packet off the\r\nnetwork. (CVE-2006-4330, CVE-2006-4333)\r\n\r\nAn off-by-one bug was found in the IPsec ESP decryption preference parser.\r\nEthereal could crash or stop responding if it read a malformed packet off\r\nthe network. (CVE-2006-4331)\r\n\r\nUsers of Wireshark or Ethereal should upgrade to these updated packages\r\ncontaining Wireshark version 0.99.3, which is not vulnerable to these\r\nissues. These packages also fix a bug in the PAM configuration of the\r\nWireshark packages which prevented non-root users starting a capture.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025258.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025261.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025269.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025274.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025275.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025276.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025284.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025285.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0658.html", "edition": 4, "modified": "2006-09-15T16:19:06", "published": "2006-09-12T19:03:59", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/025258.html", "id": "CESA-2006:0658", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4331", "CVE-2006-4333", "CVE-2006-4330"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0658-01\n\n\nWireshark is a program for monitoring network traffic.\r\n\r\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal\r\ncould crash or stop responding if it read a malformed packet off the\r\nnetwork. (CVE-2006-4330, CVE-2006-4333)\r\n\r\nAn off-by-one bug was found in the IPsec ESP decryption preference parser.\r\nEthereal could crash or stop responding if it read a malformed packet off\r\nthe network. (CVE-2006-4331)\r\n\r\nUsers of Wireshark or Ethereal should upgrade to these updated packages\r\ncontaining Wireshark version 0.99.3, which is not vulnerable to these\r\nissues. These packages also fix a bug in the PAM configuration of the\r\nWireshark packages which prevented non-root users starting a capture.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025266.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-09-13T01:51:28", "published": "2006-09-13T01:51:28", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/025266.html", "id": "CESA-2006:0658-01", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4330", "CVE-2006-4331", "CVE-2006-4333"], "description": "Wireshark is a program for monitoring network traffic.\r\n\r\nBugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal\r\ncould crash or stop responding if it read a malformed packet off the\r\nnetwork. (CVE-2006-4330, CVE-2006-4333)\r\n\r\nAn off-by-one bug was found in the IPsec ESP decryption preference parser.\r\nEthereal could crash or stop responding if it read a malformed packet off\r\nthe network. (CVE-2006-4331)\r\n\r\nUsers of Wireshark or Ethereal should upgrade to these updated packages\r\ncontaining Wireshark version 0.99.3, which is not vulnerable to these\r\nissues. These packages also fix a bug in the PAM configuration of the\r\nWireshark packages which prevented non-root users starting a capture.", "modified": "2019-03-22T23:42:36", "published": "2006-09-12T04:00:00", "id": "RHSA-2006:0658", "href": "https://access.redhat.com/errata/RHSA-2006:0658", "type": "redhat", "title": "(RHSA-2006:0658) wireshark security update", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-5470", "CVE-2006-4331", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "description": " [0.99.4-EL4.1.1]\n - Oracle OCFS2 network patch\n \n [0.99.4-1]\n - upgrade to 0.99.4, fixes multiple security issues (#211993)\n - use dist tag\n - CVE-2006-5468 - The HTTP dissector could dereference a null pointer.\n - CVE-2006-5469 - The WBXML dissector could crash.\n - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash.\n - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a\n large amount of memory and crash.\n - CVE-2006-4574 - Single byte \\0 overflow written onto the heap\n \n [0.99.3-EL4.2]\n - fix pam file, revert to old ethereal file (#204066)\n \n [0.99.3-EL4.1]\n - upgrade to 0.99.3 (#204045)\n - CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332\n CVE-2006-4331)\n \n [0.99.2-EL4.1]\n - initial build for RHEL4 ", "edition": 4, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "ELSA-2006-0658", "href": "http://linux.oracle.com/errata/ELSA-2006-0658.html", "title": "Moderate wireshark security update ", "type": "oraclelinux", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-5470", "CVE-2006-4331", "CVE-2006-4332", "CVE-2006-5740", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "description": " [0.99.4-EL4.1.1]\n - Oracle OCFS2 network patch\n \n [0.99.4-1]\n - upgrade to 0.99.4, fixes multiple security issues (#211993)\n - use dist tag\n - CVE-2006-5468 - The HTTP dissector could dereference a null pointer.\n - CVE-2006-5469 - The WBXML dissector could crash.\n - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash.\n - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a\n large amount of memory and crash.\n - CVE-2006-4574 - Single byte \\0 overflow written onto the heap\n \n [0.99.3-EL4.2]\n - fix pam file, revert to old ethereal file (#204066)\n \n [0.99.3-EL4.1]\n - upgrade to 0.99.3 (#204045)\n - CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332\n CVE-2006-4331)\n \n [0.99.2-EL4.1]\n - initial build for RHEL4 ", "edition": 4, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "ELSA-2006-0726", "href": "http://linux.oracle.com/errata/ELSA-2006-0726.html", "title": "Moderate wireshark security update ", "type": "oraclelinux", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5468", "CVE-2006-4805", "CVE-2006-3631", "CVE-2006-3628", "CVE-2006-5470", "CVE-2006-4331", "CVE-2006-3632", "CVE-2006-3627", "CVE-2006-3630", "CVE-2006-4332", "CVE-2006-3629", "CVE-2006-4333", "CVE-2006-4330", "CVE-2006-4574", "CVE-2006-5469"], "description": " [0.99.4-EL4.1.1]\n - Oracle OCFS2 network patch\n \n [0.99.4-1]\n - upgrade to 0.99.4, fixes multiple security issues (#211993)\n - use dist tag\n - CVE-2006-5468 - The HTTP dissector could dereference a null pointer.\n - CVE-2006-5469 - The WBXML dissector could crash.\n - CVE-2006-5470 - The LDAP dissector (and possibly others) could crash.\n - CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a\n large amount of memory and crash.\n - CVE-2006-4574 - Single byte \\0 overflow written onto the heap\n \n [0.99.3-EL4.2]\n - fix pam file, revert to old ethereal file (#204066)\n \n [0.99.3-EL4.1]\n - upgrade to 0.99.3 (#204045)\n - CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332\n CVE-2006-4331)\n \n [0.99.2-EL4.1]\n - initial build for RHEL4 ", "edition": 4, "modified": "2006-12-07T00:00:00", "published": "2006-12-07T00:00:00", "id": "ELSA-2006-0602", "href": "http://linux.oracle.com/errata/ELSA-2006-0602.html", "title": "Moderate wireshark security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4333"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.99.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:152)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm)\n[Vendor Specific Advisory URL](http://www.wireshark.org/security/wnpa-sec-2006-02.html)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-597)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-26.xml)\n[Secunia Advisory ID:21619](https://secuniaresearch.flexerasoftware.com/advisories/21619/)\n[Secunia Advisory ID:22378](https://secuniaresearch.flexerasoftware.com/advisories/22378/)\n[Secunia Advisory ID:21597](https://secuniaresearch.flexerasoftware.com/advisories/21597/)\n[Secunia Advisory ID:21813](https://secuniaresearch.flexerasoftware.com/advisories/21813/)\n[Secunia Advisory ID:21885](https://secuniaresearch.flexerasoftware.com/advisories/21885/)\n[Secunia Advisory ID:21649](https://secuniaresearch.flexerasoftware.com/advisories/21649/)\n[Secunia Advisory ID:21682](https://secuniaresearch.flexerasoftware.com/advisories/21682/)\n[Related OSVDB ID: 28197](https://vulners.com/osvdb/OSVDB:28197)\n[Related OSVDB ID: 28198](https://vulners.com/osvdb/OSVDB:28198)\n[Related OSVDB ID: 28196](https://vulners.com/osvdb/OSVDB:28196)\nRedHat RHSA: RHSA-2006:0658\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1171\n[CVE-2006-4333](https://vulners.com/cve/CVE-2006-4333)\n", "modified": "2006-08-23T07:48:57", "published": "2006-08-23T07:48:57", "href": "https://vulners.com/osvdb/OSVDB:28199", "id": "OSVDB:28199", "type": "osvdb", "title": "Wireshark Q.2931 Dissector Crafted Packet Remote DoS", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4331"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.99.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:152)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm)\n[Vendor Specific Advisory URL](http://www.wireshark.org/security/wnpa-sec-2006-02.html)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-597)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-26.xml)\n[Secunia Advisory ID:21619](https://secuniaresearch.flexerasoftware.com/advisories/21619/)\n[Secunia Advisory ID:22378](https://secuniaresearch.flexerasoftware.com/advisories/22378/)\n[Secunia Advisory ID:21597](https://secuniaresearch.flexerasoftware.com/advisories/21597/)\n[Secunia Advisory ID:21885](https://secuniaresearch.flexerasoftware.com/advisories/21885/)\n[Secunia Advisory ID:21649](https://secuniaresearch.flexerasoftware.com/advisories/21649/)\n[Secunia Advisory ID:21682](https://secuniaresearch.flexerasoftware.com/advisories/21682/)\n[Related OSVDB ID: 28198](https://vulners.com/osvdb/OSVDB:28198)\n[Related OSVDB ID: 28199](https://vulners.com/osvdb/OSVDB:28199)\n[Related OSVDB ID: 28196](https://vulners.com/osvdb/OSVDB:28196)\nRedHat RHSA: RHSA-2006:0658\n[CVE-2006-4331](https://vulners.com/cve/CVE-2006-4331)\n", "modified": "2006-08-23T07:48:57", "published": "2006-08-23T07:48:57", "href": "https://vulners.com/osvdb/OSVDB:28197", "id": "OSVDB:28197", "type": "osvdb", "title": "Wireshark w/ ESP Decryption IPsec ESP Preference Parser Off-by-one", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4332"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.99.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:152)\n[Vendor Specific Advisory URL](http://www.wireshark.org/security/wnpa-sec-2006-02.html)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-597)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-26.xml)\n[Secunia Advisory ID:21619](https://secuniaresearch.flexerasoftware.com/advisories/21619/)\n[Secunia Advisory ID:21597](https://secuniaresearch.flexerasoftware.com/advisories/21597/)\n[Secunia Advisory ID:21649](https://secuniaresearch.flexerasoftware.com/advisories/21649/)\n[Secunia Advisory ID:21682](https://secuniaresearch.flexerasoftware.com/advisories/21682/)\n[Related OSVDB ID: 28197](https://vulners.com/osvdb/OSVDB:28197)\n[Related OSVDB ID: 28199](https://vulners.com/osvdb/OSVDB:28199)\n[Related OSVDB ID: 28196](https://vulners.com/osvdb/OSVDB:28196)\n[CVE-2006-4332](https://vulners.com/cve/CVE-2006-4332)\n", "modified": "2006-08-23T07:48:57", "published": "2006-08-23T07:48:57", "href": "https://vulners.com/osvdb/OSVDB:28198", "id": "OSVDB:28198", "type": "osvdb", "title": "Wireshark DHCP Dissector w/ Glib Unspecified DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4330"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.99.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:152)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm)\n[Vendor Specific Advisory URL](http://www.wireshark.org/security/wnpa-sec-2006-02.html)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-597)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-26.xml)\n[Secunia Advisory ID:21619](https://secuniaresearch.flexerasoftware.com/advisories/21619/)\n[Secunia Advisory ID:22378](https://secuniaresearch.flexerasoftware.com/advisories/22378/)\n[Secunia Advisory ID:21597](https://secuniaresearch.flexerasoftware.com/advisories/21597/)\n[Secunia Advisory ID:21885](https://secuniaresearch.flexerasoftware.com/advisories/21885/)\n[Secunia Advisory ID:21649](https://secuniaresearch.flexerasoftware.com/advisories/21649/)\n[Secunia Advisory ID:21682](https://secuniaresearch.flexerasoftware.com/advisories/21682/)\n[Related OSVDB ID: 28197](https://vulners.com/osvdb/OSVDB:28197)\n[Related OSVDB ID: 28198](https://vulners.com/osvdb/OSVDB:28198)\n[Related OSVDB ID: 28199](https://vulners.com/osvdb/OSVDB:28199)\nRedHat RHSA: RHSA-2006:0658\n[CVE-2006-4330](https://vulners.com/cve/CVE-2006-4330)\n", "modified": "2006-08-23T07:48:57", "published": "2006-08-23T07:48:57", "href": "https://vulners.com/osvdb/OSVDB:28196", "id": "OSVDB:28196", "type": "osvdb", "title": "Wireshark SCSI Dissector Unspecified DoS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cert": [{"lastseen": "2020-09-18T20:43:01", "bulletinFamily": "info", "cvelist": ["CVE-2006-4333"], "description": "### Overview \n\nWireshark contains a vulnerability in the SSCOP dissector that may cause a denial of service condition. \n\n### Description \n\nWireshark contains a vulnerability in the Service-Specific Connection Oriented Protocol (SSCOP) dissector.\n\nWireshark states that: \n_If the SSCOP dissector has a port range configured _**_and_**_ the SSCOP payload protocol is _[_Q.2931_](<http://www.itu.int/rec/T-REC-Q.2931/en>)_, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. _ \nWireshark states that Wireshark versions 0.7.9 - 0.99.2 are vulnerable. \n \nNote: Ethereal has changed its name to [Wireshark](<http://www.wireshark.org/>). \n \n--- \n \n### Impact \n\nBy sending a malformed packet, a remote attacker may be able to cause the Q2931 dissector to exceed the available memory and cause a denial of service condition. \n \n--- \n \n### Solution \n\n**Update** \nWireshark has released an updated product version ([Wireshark 0.99.3](<http://www.wireshark.org/download.html>)) \n. \n \n--- \n \n**Workaround** \n \nWireshark provides a workaround in security document [wnpa-sec-2006-02.](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>) \n \n--- \n \n### Vendor Information\n\n696896\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Wireshark __ Affected\n\nUpdated: October 24, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see Wireshark security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>) for further information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23696896 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.wireshark.org/security/wnpa-sec-2006-02.html>\n * <http://www.securityfocus.com/bid/19690>\n * <http://www.frsirt.com/english/advisories/2006/3370>\n * <http://securitytracker.com/id?1016736>\n * <http://secunia.com/advisories/21597>\n * <http://secunia.com/advisories/21649>\n * <http://secunia.com/advisories/21813>\n * <http://secunia.com/advisories/21619>\n * <http://secunia.com/advisories/21682>\n * <http://secunia.com/advisories/21885>\n * <http://xforce.iss.net/xforce/xfdb/28556>\n * <http://xforce.iss.net/xforce/xfdb/28553>\n * <https://issues.rpath.com/browse/RPL-597>\n * <http://www.itu.int/rec/T-REC-Q.2931/en>\n\n### Acknowledgements\n\nThis vulnerability was reported in Wireshark document wnpa-sec-2006-02.\n\nThis document was written by Katie Steiner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-4333](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-4333>) \n---|--- \n**Severity Metric:** | 0.56 \n**Date Public:** | 2006-08-25 \n**Date First Published:** | 2006-10-25 \n**Date Last Updated: ** | 2006-10-25 18:03 UTC \n**Document Revision: ** | 18 \n", "modified": "2006-10-25T18:03:00", "published": "2006-10-25T00:00:00", "id": "VU:696896", "href": "https://www.kb.cert.org/vuls/id/696896", "type": "cert", "title": "Wireshark SSCOP dissector fails to properly handle malformed packets", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-18T20:43:02", "bulletinFamily": "info", "cvelist": ["CVE-2006-4331"], "description": "### Overview \n\nWireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition.\n\n### Description \n\nWireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.\n\nThis vulnerability may be exploited when the remote attacker sends a specially crafted, malformed packet over the wire or by convincing the user to read a malformed packet trace file. \n \nWireshark states that Wireshark Version 0.99.2 is affected. \n \nNote: Ethereal has changed its name to [Wireshark](<http://www.wireshark.org/>). \n \n--- \n \n### Impact \n\nA remote attacker may be able to execute arbitrary code. \n \n--- \n \n### Solution \n\n**Update** \nWireshark has released an updated product version. ([Wireshark 0.99.3](<http://www.wireshark.org/download.html>)) \n \n--- \n \n**Workaround**\n\n \nWireshark provides a workaround in security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>). \n \n--- \n \n### Vendor Information\n\n638376\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Wireshark __ Affected\n\nUpdated: October 24, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see Wireshark security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>) for further information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23638376 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.wireshark.org/security/wnpa-sec-2006-02.html>\n * <http://www.securityfocus.com/bid/19690>\n * <http://www.frsirt.com/english/advisories/2006/3370>\n * <http://securitytracker.com/id?1016736>\n * <http://secunia.com/advisories/21597>\n * <http://secunia.com/advisories/21649>\n * <http://secunia.com/advisories/21619>\n * <http://secunia.com/advisories/21682>\n * <http://secunia.com/advisories/21885>\n * <http://xforce.iss.net/xforce/xfdb/28553>\n\n### Acknowledgements\n\nThis vulnerability was reported in Wireshark document wnpa-sec-2006-02.\n\nThis document was written by Katie Steiner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-4331](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-4331>) \n---|--- \n**Severity Metric:** | 4.92 \n**Date Public:** | 2006-08-24 \n**Date First Published:** | 2006-10-25 \n**Date Last Updated: ** | 2006-10-25 17:14 UTC \n**Document Revision: ** | 20 \n", "modified": "2006-10-25T17:14:00", "published": "2006-10-25T00:00:00", "id": "VU:638376", "href": "https://www.kb.cert.org/vuls/id/638376", "type": "cert", "title": "Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-18T20:43:04", "bulletinFamily": "info", "cvelist": ["CVE-2006-4332"], "description": "### Overview \n\nWireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition.\n\n### Description \n\nWireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the remote attacker sends a specially crafted, malformed packet or by convincing the user to read a malformed packet trace file. \n\nWireshark states that Wireshark versions 0.7.9 up to and including 0.99.2 are vulnerable. \n \nNote: Ethereal has changed its name to [Wireshark](<http://www.wireshark.org/>). \n \n--- \n \n### Impact \n\nA remote attacker may be able to cause a denial-of-service condition. \n \n--- \n \n### Solution \n\n**Update** \nWireshark has released an updated product version ([Wireshark 0.99.3](<http://www.wireshark.org/download.html>)). \n \n \n--- \n \n**Workaround** \n \nWireshark provides a workaround in security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>). \n \n--- \n \n### Vendor Information\n\n335656\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Wireshark __ Affected\n\nUpdated: October 12, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see Wireshark security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>) for further information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23335656 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.wireshark.org/security/wnpa-sec-2006-02.html>\n * <http://www.frsirt.com/english/advisories/2006/3370>\n * <http://securitytracker.com/id?1016736>\n * <http://secunia.com/advisories/21597>\n * <http://secunia.com/advisories/21649>\n * <http://secunia.com/advisories/21619>\n * <http://secunia.com/advisories/21682>\n * <http://xforce.iss.net/xforce/xfdb/28554>\n * <http://xforce.iss.net/xforce/xfdb/28553>\n\n### Acknowledgements\n\nThis vulnerability was reported in Wireshark document wnpa-sec-2006-02. \n\nThis document was written by Katie Steiner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-4332](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-4332>) \n---|--- \n**Severity Metric:** | 3.04 \n**Date Public:** | 2006-08-25 \n**Date First Published:** | 2006-10-12 \n**Date Last Updated: ** | 2006-10-25 17:12 UTC \n**Document Revision: ** | 15 \n", "modified": "2006-10-25T17:12:00", "published": "2006-10-12T00:00:00", "id": "VU:335656", "href": "https://www.kb.cert.org/vuls/id/335656", "type": "cert", "title": "Wireshark contains an unspecified vulnerability in the DHCP dissector", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-18T20:43:02", "bulletinFamily": "info", "cvelist": ["CVE-2006-4330"], "description": "### Overview \n\nWireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition.\n\n### Description \n\nThe SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.\n\nWireshark states that Wireshark version 0.99.2 is vulnerable. \n \nNote: Ethereal has changed its name to [Wireshark](<http://www.wireshark.org/>). \n \n--- \n \n### Impact \n\nA remote attacker may be able to cause a denial-of-service condition. \n \n--- \n \n### Solution \n\n**Update** \nWireshark has released an updated product version ([Wireshark 0.99.3](<http://www.wireshark.org/download.html>)). \n \n \n--- \n \n**Workaround**\n\n \nWireshark provides a workaround in security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>). \n \n--- \n \n### Vendor Information\n\n808832\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Wireshark __ Affected\n\nUpdated: October 24, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see Wireshark security document [wnpa-sec-2006-02](<http://www.wireshark.org/security/wnpa-sec-2006-02.html>) for further information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23808832 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.wireshark.org/security/wnpa-sec-2006-02.html>\n * <http://www.securityfocus.com/bid/19690>\n * <http://www.frsirt.com/english/advisories/2006/3370>\n * <http://securitytracker.com/id?1016736>\n * <http://secunia.com/advisories/21597>\n * <http://secunia.com/advisories/21649>\n * <http://secunia.com/advisories/21619>\n * <http://secunia.com/advisories/21682>\n * <http://secunia.com/advisories/21885>\n * <http://xforce.iss.net/xforce/xfdb/28550>\n * <http://xforce.iss.net/xforce/xfdb/28553>\n * <https://issues.rpath.com/browse/RPL-597>\n * <http://secunia.com/advisories/22378/>\n\n### Acknowledgements\n\nThis vulnerability was reported in Wireshark document wnpa-sec-2006-02.\n\nThis document was written by Katie Steiner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-4330](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-4330>) \n---|--- \n**Date Public:** | 2006-08-24 \n**Date First Published:** | 2006-10-25 \n**Date Last Updated: ** | 2006-12-20 15:36 UTC \n**Document Revision: ** | 14 \n", "modified": "2006-12-20T15:36:00", "published": "2006-10-25T00:00:00", "id": "VU:808832", "href": "https://www.kb.cert.org/vuls/id/808832", "type": "cert", "title": "Wireshark contains an unspecified vulnerability in the SCSI dissector", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4330", "CVE-2006-4332", "CVE-2006-4333", "CVE-2006-4574", "CVE-2006-4805", "CVE-2006-5468", "CVE-2006-5469", "CVE-2006-5470", "CVE-2007-0456", "CVE-2007-0457", "CVE-2007-0459"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2007-02-06T17:14:14", "published": "2007-02-06T17:14:14", "id": "FEDORA:L16HEEBD032699", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: wireshark-0.99.5-1.fc5", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:16:52", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3248", "CVE-2005-3242", "CVE-2005-3241", "CVE-2005-3246", "CVE-2005-3244", "CVE-2005-3243", "CVE-2006-4333"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1171-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 7th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ethereal\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248\nDebian Bug : 384528 334880\n\nSeveral remote vulnerabilities have been discovered in the Ethereal network\nscanner, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4333\n\n It was discovered that the Q.2391 dissector is vulnerable to denial\n of service caused by memory exhaustion.\n\nCVE-2005-3241\n\n It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are\n vulnerable to denial of service caused by memory exhaustion.\n\nCVE-2005-3242\n\n It was discovered that the IrDA and SMB dissectors are vulnerable to\n denial of service caused by memory corruption.\n\nCVE-2005-3243\n\n It was discovered that the SLIMP3 and AgentX dissectors are vulnerable\n to code injection caused by buffer overflows.\n\nCVE-2005-3244\n\n It was discovered that the BER dissector is vulnerable to denial of\n service caused by an infinite loop.\n\nCVE-2005-3246\n\n It was discovered that the NCP and RTnet dissectors are vulnerable to\n denial of service caused by a null pointer dereference.\n\nCVE-2005-3248\n\n It was discovered that the X11 dissector is vulnerable denial of service\n caused by a division through zero.\n\nThis update also fixes a 64 bit-specific regression in the ASN.1 decoder, which\nhas been introduced in a previous DSA.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.99.2-5.1 of wireshark, the network sniffer formerly known as\nethereal.\n\nWe recommend that you upgrade your ethereal packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc\n Size/MD5 checksum: 855 159309d848ffa90cb5ae336582a8e7d4\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz\n Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz\n Size/MD5 checksum: 177921 ee1ce43eb48106f1fc0b75bc9ff3c241\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb\n Size/MD5 checksum: 5476146 cf5b01f923e68a3f07d0080ef69f2b57\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb\n Size/MD5 checksum: 154566 615069b5905d6c2aec9a357eb0dd1306\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb\n Size/MD5 checksum: 106250 cfe9461049fc5e1997d68cbd1a6d6b78\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb\n Size/MD5 checksum: 543034 5c9eaadae44224a002902c4196847aa0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb\n Size/MD5 checksum: 154556 67cfc697c120e54c489e1552b1a58b6e\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb\n Size/MD5 checksum: 99542 09093de7c28ec1741106dac694ffcae3\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb\n Size/MD5 checksum: 486502 addeab1c3d70537c088574f9f68e6e6d\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb\n Size/MD5 checksum: 5334616 1700b3e18c2b45594cbb80ef2ea58019\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb\n Size/MD5 checksum: 95616 39dbfe3ac08048f95b19d74c644b780c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb\n Size/MD5 checksum: 154596 209d45b3ebf7ba313bb7db0c00a095bd\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb\n Size/MD5 checksum: 472996 5f0d04db811734c1f1c8c814c93ceaaa\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb\n Size/MD5 checksum: 4687892 5b2737d93a7e3673630e96744f648b51\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb\n Size/MD5 checksum: 5787290 f36dc8ae6a78acb2d6a8fa71b18af9cc\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb\n Size/MD5 checksum: 154576 5ce456fee2af8fb5b4f19d786166faf6\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb\n Size/MD5 checksum: 489292 71832119d10ab77eb4547840cf7d3504\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb\n Size/MD5 checksum: 98452 94aae2f351900a65edfddcae9e880bf6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb\n Size/MD5 checksum: 443646 f830051bf5920e2999a8ef9bab332ed2\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb\n Size/MD5 checksum: 4529156 4f6c8ec5448ea7b6aa826fce639a5781\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb\n Size/MD5 checksum: 90878 45f09d9fe820e537fd9e140fbe86de07\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb\n Size/MD5 checksum: 154556 a1a78549f0981eb9aa0f77fdd9ce612b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb\n Size/MD5 checksum: 6630098 82fc3ba6dd822ee192c2050dc6f38dcf\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb\n Size/MD5 checksum: 674420 9b84646b4f81e1c9415656768f6dc687\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb\n Size/MD5 checksum: 129156 c3deca896916d3a3d1c1065f5e2717c8\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb\n Size/MD5 checksum: 154554 e8a6435b4e1287af4ebfe3cb606c74af\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb\n Size/MD5 checksum: 90904 ab21fa89ad4a12f8e0c579872a1c07c4\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb\n Size/MD5 checksum: 154614 b384ae036ab5c2b85f62af368b689a04\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb\n Size/MD5 checksum: 447752 6a8378ecb8337071ef8b1199529700be\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb\n Size/MD5 checksum: 5565186 647220c660fd8546c9ca4a18e9d7a792\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb\n Size/MD5 checksum: 154572 434928f40a6b3e4bf2d7dce6beb72edb\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb\n Size/MD5 checksum: 94736 4eb62077c31de2ac2ec10a760199b9eb\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb\n Size/MD5 checksum: 4723218 9c827aab812bef7a58d5429ee8287d74\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb\n Size/MD5 checksum: 462746 fa7d8236f1407836dcc601317afa8df2\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb\n Size/MD5 checksum: 94650 7f64290882d7c8c579818fdc1c7e215b\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb\n Size/MD5 checksum: 154584 934dc675944e857216c72fc29ec46a55\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb\n Size/MD5 checksum: 458030 487ea6f3a1fd7620b4ae33f4d5e8c8c3\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb\n Size/MD5 checksum: 4460700 e0062d687a84b9782e645b0d72cbb248\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb\n Size/MD5 checksum: 455716 a203882270b251513b2269b688d59256\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb\n Size/MD5 checksum: 5068470 7976f110d32b6bb83c00afa49fd75493\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb\n Size/MD5 checksum: 154570 7622c3b6ca781d622cb305e9a485f447\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb\n Size/MD5 checksum: 94320 5e5391b1f1dc2bc4992582930e28f2a3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb\n Size/MD5 checksum: 5621642 092cf076ce4e6fd479ea09fdb14d6e87\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb\n Size/MD5 checksum: 154566 f3dae98783c87fb3ff088be62608aef7\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb\n Size/MD5 checksum: 479662 e4b854e30aa801eb67a33d1077eb1e9b\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb\n Size/MD5 checksum: 99904 0516f4694b47ae4637b09e82d321eecc\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb\n Size/MD5 checksum: 5130234 44a97eeb06a2d82bbbcfba2712700792\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb\n Size/MD5 checksum: 93828 4f44e9be92792058641044db66993758\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb\n Size/MD5 checksum: 465390 42670783f2750c3d5f426fe76bd17696\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb\n Size/MD5 checksum: 154566 6f25990f50443c48e802e29881ddc3ff\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n\n\n\n\n\n\n\n\n\n", "edition": 3, "modified": "2006-09-07T00:00:00", "published": "2006-09-07T00:00:00", "id": "DEBIAN:DSA-1171-1:6A23B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00261.html", "title": "[SECURITY] [DSA 1171-1] New ethereal packages fix execution of arbitrary code", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}