Debian DSA-2101-1 : wireshark - several vulnerabilities
2010-09-01T00:00:00
ID DEBIAN_DSA-2101.NASL Type nessus Reporter This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2010-09-01T00:00:00
Description
Several implementation errors in the dissector of the Wireshark
network traffic analyzer for the ASN.1 BER protocol and in the SigComp
Universal Decompressor Virtual Machine may lead to the execution of
arbitrary code.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2101. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49058);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2010-2994", "CVE-2010-2995");
script_bugtraq_id(42618);
script_xref(name:"DSA", value:"2101");
script_name(english:"Debian DSA-2101-1 : wireshark - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several implementation errors in the dissector of the Wireshark
network traffic analyzer for the ASN.1 BER protocol and in the SigComp
Universal Decompressor Virtual Machine may lead to the execution of
arbitrary code."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2010/dsa-2101"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the wireshark packages.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny10."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wireshark");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"5.0", prefix:"tshark", reference:"1.0.2-3+lenny10")) flag++;
if (deb_check(release:"5.0", prefix:"wireshark", reference:"1.0.2-3+lenny10")) flag++;
if (deb_check(release:"5.0", prefix:"wireshark-common", reference:"1.0.2-3+lenny10")) flag++;
if (deb_check(release:"5.0", prefix:"wireshark-dev", reference:"1.0.2-3+lenny10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-2101.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-2101-1 : wireshark - several vulnerabilities", "description": "Several implementation errors in the dissector of the Wireshark\nnetwork traffic analyzer for the ASN.1 BER protocol and in the SigComp\nUniversal Decompressor Virtual Machine may lead to the execution of\narbitrary code.", "published": "2010-09-01T00:00:00", "modified": "2010-09-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/49058", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2010/dsa-2101"], "cvelist": ["CVE-2010-2995", "CVE-2010-2994"], "type": "nessus", "lastseen": "2021-01-06T09:46:04", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2995", "CVE-2010-2994"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231067988", "OPENVAS:1361412562310801434", "OPENVAS:1361412562310880413", "OPENVAS:1361412562310870307", "OPENVAS:870307", "OPENVAS:880413", "OPENVAS:1361412562310801432", "OPENVAS:801432", "OPENVAS:801434", "OPENVAS:67988"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2101-1:B5D47"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10928", "SECURITYVULNS:DOC:24664"]}, {"type": "nessus", "idList": ["FEDORA_2010-13416.NASL", "SL_20100811_WIRESHARK_ON_SL3_X.NASL", "ORACLELINUX_ELSA-2010-0625.NASL", "MANDRIVA_MDVSA-2010-113.NASL", "WIRESHARK_1_2_10.NASL", "REDHAT-RHSA-2010-0625.NASL", "SUSE_11_3_WIRESHARK-101222.NASL", "SUSE_11_1_WIRESHARK-101222.NASL", "CENTOS_RHSA-2010-0625.NASL", "SUSE_11_2_WIRESHARK-101222.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0625"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0625"]}, {"type": "centos", "idList": ["CESA-2010:0625"]}, {"type": "fedora", "idList": ["FEDORA:22127110B4B", "FEDORA:C0E72110A4E"]}, {"type": "gentoo", "idList": ["GLSA-201110-02"]}], "modified": "2021-01-06T09:46:04", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-06T09:46:04", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2101. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49058);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(42618);\n script_xref(name:\"DSA\", value:\"2101\");\n\n script_name(english:\"Debian DSA-2101-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several implementation errors in the dissector of the Wireshark\nnetwork traffic analyzer for the ASN.1 BER protocol and in the SigComp\nUniversal Decompressor Virtual Machine may lead to the execution of\narbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2101\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tshark\", reference:\"1.0.2-3+lenny10\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark\", reference:\"1.0.2-3+lenny10\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark-common\", reference:\"1.0.2-3+lenny10\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"wireshark-dev\", reference:\"1.0.2-3+lenny10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "49058", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:5.0"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:45:01", "description": "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.", "edition": 4, "cvss3": {}, "published": "2010-08-13T18:43:00", "title": "CVE-2010-2994", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2994"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.2.9", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:1.2.7", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:1.2", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.0", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.3"], "id": "CVE-2010-2994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2994", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:01", "description": "The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.", "edition": 4, "cvss3": {}, "published": "2010-08-13T18:43:00", "title": "CVE-2010-2995", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2995"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:1.0.10", "cpe:/a:wireshark:wireshark:1.2.9", "cpe:/a:wireshark:wireshark:1.2.4", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.2.2", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.2.3", "cpe:/a:wireshark:wireshark:1.0.9", "cpe:/a:wireshark:wireshark:1.0.14", "cpe:/a:wireshark:wireshark:1.0.11", "cpe:/a:wireshark:wireshark:1.2.7", "cpe:/a:wireshark:wireshark:0.10.11", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.13", "cpe:/a:wireshark:wireshark:0.10.9", "cpe:/a:wireshark:wireshark:0.10.12", "cpe:/a:wireshark:wireshark:0.10.10", "cpe:/a:wireshark:wireshark:1.2", "cpe:/a:wireshark:wireshark:1.2.6", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:0.10.8", "cpe:/a:wireshark:wireshark:1.2.1", "cpe:/a:wireshark:wireshark:1.2.8", "cpe:/a:wireshark:wireshark:1.0.7", "cpe:/a:wireshark:wireshark:1.0.12", "cpe:/a:wireshark:wireshark:1.2.5", "cpe:/a:wireshark:wireshark:1.2.0", "cpe:/a:wireshark:wireshark:1.0.6", "cpe:/a:wireshark:wireshark:1.0.8", "cpe:/a:wireshark:wireshark:1.0.3"], "id": "CVE-2010-2995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2995", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-19T15:05:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2995", "CVE-2010-2994"], "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2101-1.", "modified": "2018-01-18T00:00:00", "published": "2010-10-10T00:00:00", "id": "OPENVAS:136141256231067988", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067988", "type": "openvas", "title": "Debian Security Advisory DSA 2101-1 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2101_1.nasl 8457 2018-01-18 07:58:32Z teissa $\n# Description: Auto-generated from advisory DSA 2101-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several implementation errors in the dissector of the Wireshark network\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\nDecompressor Virtual Machine may lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.10-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2101-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202101-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67988\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2994\", \"CVE-2010-2995\");\n script_name(\"Debian Security Advisory DSA 2101-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2995", "CVE-2010-2994"], "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2101-1.", "modified": "2017-07-07T00:00:00", "published": "2010-10-10T00:00:00", "id": "OPENVAS:67988", "href": "http://plugins.openvas.org/nasl.php?oid=67988", "type": "openvas", "title": "Debian Security Advisory DSA 2101-1 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2101_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2101-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several implementation errors in the dissector of the Wireshark network\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\nDecompressor Virtual Machine may lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.10-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2101-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202101-1\";\n\n\nif(description)\n{\n script_id(67988);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2994\", \"CVE-2010-2995\");\n script_name(\"Debian Security Advisory DSA 2101-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.0.2-3+lenny10\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2994"], "description": "The host is installed with Wireshark and is prone to Stack-based\n Buffer Overflow Vulnerability.", "modified": "2018-12-04T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:1361412562310801434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801434", "type": "openvas", "title": "Wireshark Stack-based Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_dissector_bof_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark Stack-based Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801434\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_cve_id(\"CVE-2010-2994\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Stack-based Buffer Overflow Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-08.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\");\n\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause buffer overflow.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.2.0 through 1.2.9\n Wireshark version 0.10.13 through 1.0.14\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in handling 'ASN.1 BER dissector' which\n could be used to exhaust stack memory.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.0.15 or 1.2.10 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Wireshark and is prone to Stack-based\n Buffer Overflow Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.9\")||\n version_in_range(version:wiresharkVer, test_version:\"0.10.13\", test_version2:\"1.0.14\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2994"], "description": "The host is installed with Wireshark and is prone to Stack-based\n Buffer Overflow Vulnerability.", "modified": "2017-02-21T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:801434", "href": "http://plugins.openvas.org/nasl.php?oid=801434", "type": "openvas", "title": "Wireshark Stack-based Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_dissector_bof_vuln_win.nasl 5388 2017-02-21 15:13:30Z teissa $\n#\n# Wireshark Stack-based Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause buffer overflow.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.2.0 through 1.2.9\n Wireshark version 0.10.13 through 1.0.14\";\ntag_insight = \"The flaw is due to an error in handling 'ASN.1 BER dissector' which\n could be used to exhaust stack memory.\";\ntag_solution = \"Upgrade to the Wireshark version 1.0.15 or 1.2.10 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"The host is installed with Wireshark and is prone to Stack-based\n Buffer Overflow Vulnerability.\";\n\nif(description)\n{\n script_id(801434);\n script_version(\"$Revision: 5388 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-21 16:13:30 +0100 (Tue, 21 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_cve_id(\"CVE-2010-2994\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Stack-based Buffer Overflow Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-08.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\");\n\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.9\")||\n version_in_range(version:wiresharkVer, test_version:\"0.10.13\", test_version2:\"1.0.14\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2995"], "description": "The host is installed Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:1361412562310801432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801432", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities (win)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801432\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_cve_id(\"CVE-2010-2995\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Multiple Vulnerabilities (win)\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-08.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\");\n\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause a denial of\n service, execution of arbitrary code.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.2.0 to 1.2.9\n Wireshark version 0.10.8 to 1.0.14\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to error in 'sigcomp-udvm.c' and an\n off-by-one error, which could be exploited to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.0.15 or 1.2.10 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed Wireshark and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\nif(version_in_range(version:wiresharkVer, test_version:\"0.10.8\", test_version2:\"1.0.14\")||\n version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.9\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2995"], "description": "The host is installed Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-02-21T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:801432", "href": "http://plugins.openvas.org/nasl.php?oid=801432", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities (win)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win.nasl 5388 2017-02-21 15:13:30Z teissa $\n#\n# Wireshark Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause a denial of\n service, execution of arbitrary code.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.2.0 to 1.2.9\n Wireshark version 0.10.8 to 1.0.14\";\ntag_insight = \"Multiple flaws are due to error in 'sigcomp-udvm.c' and an\n off-by-one error, which could be exploited to execute arbitrary code.\";\ntag_solution = \"Upgrade to the Wireshark version 1.0.15 or 1.2.10 or later,\n For updates refer to http://www.wireshark.org/download.html\";\ntag_summary = \"The host is installed Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801432);\n script_version(\"$Revision: 5388 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-21 16:13:30 +0100 (Tue, 21 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_cve_id(\"CVE-2010-2995\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Wireshark Multiple Vulnerabilities (win)\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-08.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\");\n\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nwiresharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wiresharkVer){\n exit(0);\n}\n\n## Check for Wireshark Version\nif(version_in_range(version:wiresharkVer, test_version:\"0.10.8\", test_version2:\"1.0.14\")||\n version_in_range(version:wiresharkVer, test_version:\"1.2.0\", test_version2:\"1.2.9\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "Check for the Version of wireshark", "modified": "2017-12-18T00:00:00", "published": "2010-08-13T00:00:00", "id": "OPENVAS:870307", "href": "http://plugins.openvas.org/nasl.php?oid=870307", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2010:0625-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2010:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00017.html\");\n script_id(870307);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0625-01\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"RedHat Update for wireshark RHSA-2010:0625-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "Oracle Linux Local Security Checks ELSA-2010-0625", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122329", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0625.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122329\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0625\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0625 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0625\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0625.html\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.0.1.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.0.1.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "Check for the Version of wireshark", "modified": "2017-12-22T00:00:00", "published": "2010-08-30T00:00:00", "id": "OPENVAS:880413", "href": "http://plugins.openvas.org/nasl.php?oid=880413", "type": "openvas", "title": "CentOS Update for wireshark CESA-2010:0625 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2010:0625 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"wireshark on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016932.html\");\n script_id(880413);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0625\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"CentOS Update for wireshark CESA-2010:0625 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:53:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "Check for the Version of wireshark", "modified": "2018-01-05T00:00:00", "published": "2010-08-13T00:00:00", "id": "OPENVAS:1361412562310870307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870307", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2010:0625-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2010:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Multiple buffer overflow flaws were found in the Wireshark SigComp\n Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\n a malformed packet off a network or opened a malicious dump file, it could\n crash or, possibly, execute arbitrary code as the user running Wireshark.\n (CVE-2010-2287, CVE-2010-2995)\n\n Several denial of service flaws were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off a network, or\n opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\n CVE-2010-2286)\n\n Users of Wireshark should upgrade to these updated packages, which contain\n Wireshark version 1.0.15, and resolve these issues. All running instances\n of Wireshark must be restarted for the update to take effect.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870307\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0625-01\");\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n script_name(\"RedHat Update for wireshark RHSA-2010:0625-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el5_5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~1.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:20:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2995", "CVE-2010-2994"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2101-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 31, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2994 CVE-2010-2995\n\nSeveral implementation errors in the dissector of the Wireshark network\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\nDecompressor Virtual Machine may lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.10-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz\n Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.diff.gz\n Size/MD5 checksum: 119766 5a4194b36f275740420e6976a3cf4801\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.dsc\n Size/MD5 checksum: 1506 8c8b1b6eb5746bb12f3a31606279d2a4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_alpha.deb\n Size/MD5 checksum: 12098048 c6037e2144a2b606c89666a38bba255d\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_alpha.deb\n Size/MD5 checksum: 127062 0ed9502cbcfafb5f40092dfb85bd1452\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_alpha.deb\n Size/MD5 checksum: 731182 7d68066a76be15c23097c467591a71d7\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_alpha.deb\n Size/MD5 checksum: 570002 ef363dd7b6e59f55ac352dd7f476271f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_amd64.deb\n Size/MD5 checksum: 659672 93affb6b939d97543c0a2ee094eb7bcf\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_amd64.deb\n Size/MD5 checksum: 11867538 e26471505e2511c44915167d9df30b2c\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_amd64.deb\n Size/MD5 checksum: 119270 3507f87aae6c6eb333f5d6675557ffea\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_amd64.deb\n Size/MD5 checksum: 568816 5c2bde00638f8be32513abe1c9b861f9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_arm.deb\n Size/MD5 checksum: 10214680 bc5423c9321f4790707c2be839f48029\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_arm.deb\n Size/MD5 checksum: 111310 3c7a4f2daba42dec5e4e5b0cad3c8ba4\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_arm.deb\n Size/MD5 checksum: 614450 ba489525ee84174cf3e9fb7a40f89d14\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_arm.deb\n Size/MD5 checksum: 584538 1a02fc4e91ce9d386bb8ed1e7902c280\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_armel.deb\n Size/MD5 checksum: 620126 27ace8479a33a8d685f019fa563d3afa\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_armel.deb\n Size/MD5 checksum: 10219808 ef603f9abcd981feb550a6f328592eba\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_armel.deb\n Size/MD5 checksum: 586342 7929f0643a92cb084568da2e32ada209\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_armel.deb\n Size/MD5 checksum: 113602 e459df96b13b2321ea4ac2b7ca055a55\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_hppa.deb\n Size/MD5 checksum: 121180 7cc1f3a0fe508449031c851142b5c4d3\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_hppa.deb\n Size/MD5 checksum: 13271640 6bbfc0d14d3bb8c46b35a40523139c5f\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_hppa.deb\n Size/MD5 checksum: 584306 c77db073cd347903377d301d656ec3b6\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_hppa.deb\n Size/MD5 checksum: 694870 5c35736053a02a728cc9263cea544118\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_i386.deb\n Size/MD5 checksum: 583572 3c416afdc0bed67389798748ac82dab1\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_i386.deb\n Size/MD5 checksum: 619668 b279bae201515f07f50b789fe9208ee3\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_i386.deb\n Size/MD5 checksum: 111708 bd19cc8a584292771ce8b37a934b6759\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_i386.deb\n Size/MD5 checksum: 10109862 4a6846b885178fd578ecc6dc3b284172\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_ia64.deb\n Size/MD5 checksum: 568824 dabad8c92b646ce5bdf5ac4369593b1a\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_ia64.deb\n Size/MD5 checksum: 154666 185f3441d66fcf3ce9c781dc061e4961\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_ia64.deb\n Size/MD5 checksum: 931572 a74e996b87300057ef62722bdccf072c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_ia64.deb\n Size/MD5 checksum: 13684804 ec46eeb74513b1c42288f0c186313505\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mips.deb\n Size/MD5 checksum: 10424544 8f76ad6d63aecdb627850b2729655b3e\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mips.deb\n Size/MD5 checksum: 636682 909599c2175d06ba483baac5fbef9715\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mips.deb\n Size/MD5 checksum: 113264 333e8a51080d13136689b9786e4d0061\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mips.deb\n Size/MD5 checksum: 585810 921806111c71ed490ff18e05ef5383c7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mipsel.deb\n Size/MD5 checksum: 113454 9602da05aa4bc7a22432bcd720660cc0\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mipsel.deb\n Size/MD5 checksum: 570006 1e8cb3f56fa73956d52268d237c15baf\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mipsel.deb\n Size/MD5 checksum: 627162 2ef6443e548130d6d7f3e7bdf0176b6a\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mipsel.deb\n Size/MD5 checksum: 9729736 fa8030ec05b4e395f0ba3c90ee670e46\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_powerpc.deb\n Size/MD5 checksum: 582794 f2e0c6a4336e42c023c4f1db3dc00dd8\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_powerpc.deb\n Size/MD5 checksum: 677742 0dda6ce349cf9e844e7ba074765ab682\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_powerpc.deb\n Size/MD5 checksum: 11220016 5e5f2754bef30795bdab7486c5dd8a72\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_powerpc.deb\n Size/MD5 checksum: 122572 ac15689cd78a06ac3472760c10a253af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_s390.deb\n Size/MD5 checksum: 12488184 b916661193fbbdef2e6838f5e144e0c4\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_s390.deb\n Size/MD5 checksum: 122150 fa1d1a623a2cd95b2d59f5d910226086\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_s390.deb\n Size/MD5 checksum: 569966 9c91e4417d2860da5e9903410f92d775\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_s390.deb\n Size/MD5 checksum: 671588 c2f017d2cb7bdd3a8c7c5f85aef2df6f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_sparc.deb\n Size/MD5 checksum: 11287328 d4bb52efa605646c1c207565c9c1eb77\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_sparc.deb\n Size/MD5 checksum: 583744 803661967720b8f8d048844afef3a6b3\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_sparc.deb\n Size/MD5 checksum: 113520 0f733a8ef1549c573cf4055ee37e1842\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_sparc.deb\n Size/MD5 checksum: 629600 f7ed1aa09cb192c7d8f844cfc7fae2bc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-08-31T21:29:19", "published": "2010-08-31T21:29:19", "id": "DEBIAN:DSA-2101-1:B5D47", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00147.html", "title": "[SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2995", "CVE-2010-2994"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2101-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nAugust 31, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-2994 CVE-2010-2995\r\n\r\nSeveral implementation errors in the dissector of the Wireshark network\r\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\r\nDecompressor Virtual Machine may lead to the execution of arbitrary code.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 1.0.2-3+lenny10.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 1.2.10-1.\r\n\r\nWe recommend that you upgrade your wireshark packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz\r\n Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.diff.gz\r\n Size/MD5 checksum: 119766 5a4194b36f275740420e6976a3cf4801\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.dsc\r\n Size/MD5 checksum: 1506 8c8b1b6eb5746bb12f3a31606279d2a4\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_alpha.deb\r\n Size/MD5 checksum: 12098048 c6037e2144a2b606c89666a38bba255d\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_alpha.deb\r\n Size/MD5 checksum: 127062 0ed9502cbcfafb5f40092dfb85bd1452\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_alpha.deb\r\n Size/MD5 checksum: 731182 7d68066a76be15c23097c467591a71d7\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_alpha.deb\r\n Size/MD5 checksum: 570002 ef363dd7b6e59f55ac352dd7f476271f\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_amd64.deb\r\n Size/MD5 checksum: 659672 93affb6b939d97543c0a2ee094eb7bcf\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_amd64.deb\r\n Size/MD5 checksum: 11867538 e26471505e2511c44915167d9df30b2c\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_amd64.deb\r\n Size/MD5 checksum: 119270 3507f87aae6c6eb333f5d6675557ffea\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_amd64.deb\r\n Size/MD5 checksum: 568816 5c2bde00638f8be32513abe1c9b861f9\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_arm.deb\r\n Size/MD5 checksum: 10214680 bc5423c9321f4790707c2be839f48029\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_arm.deb\r\n Size/MD5 checksum: 111310 3c7a4f2daba42dec5e4e5b0cad3c8ba4\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_arm.deb\r\n Size/MD5 checksum: 614450 ba489525ee84174cf3e9fb7a40f89d14\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_arm.deb\r\n Size/MD5 checksum: 584538 1a02fc4e91ce9d386bb8ed1e7902c280\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_armel.deb\r\n Size/MD5 checksum: 620126 27ace8479a33a8d685f019fa563d3afa\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_armel.deb\r\n Size/MD5 checksum: 10219808 ef603f9abcd981feb550a6f328592eba\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_armel.deb\r\n Size/MD5 checksum: 586342 7929f0643a92cb084568da2e32ada209\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_armel.deb\r\n Size/MD5 checksum: 113602 e459df96b13b2321ea4ac2b7ca055a55\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_hppa.deb\r\n Size/MD5 checksum: 121180 7cc1f3a0fe508449031c851142b5c4d3\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_hppa.deb\r\n Size/MD5 checksum: 13271640 6bbfc0d14d3bb8c46b35a40523139c5f\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_hppa.deb\r\n Size/MD5 checksum: 584306 c77db073cd347903377d301d656ec3b6\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_hppa.deb\r\n Size/MD5 checksum: 694870 5c35736053a02a728cc9263cea544118\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_i386.deb\r\n Size/MD5 checksum: 583572 3c416afdc0bed67389798748ac82dab1\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_i386.deb\r\n Size/MD5 checksum: 619668 b279bae201515f07f50b789fe9208ee3\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_i386.deb\r\n Size/MD5 checksum: 111708 bd19cc8a584292771ce8b37a934b6759\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_i386.deb\r\n Size/MD5 checksum: 10109862 4a6846b885178fd578ecc6dc3b284172\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_ia64.deb\r\n Size/MD5 checksum: 568824 dabad8c92b646ce5bdf5ac4369593b1a\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_ia64.deb\r\n Size/MD5 checksum: 154666 185f3441d66fcf3ce9c781dc061e4961\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_ia64.deb\r\n Size/MD5 checksum: 931572 a74e996b87300057ef62722bdccf072c\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_ia64.deb\r\n Size/MD5 checksum: 13684804 ec46eeb74513b1c42288f0c186313505\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mips.deb\r\n Size/MD5 checksum: 10424544 8f76ad6d63aecdb627850b2729655b3e\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mips.deb\r\n Size/MD5 checksum: 636682 909599c2175d06ba483baac5fbef9715\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mips.deb\r\n Size/MD5 checksum: 113264 333e8a51080d13136689b9786e4d0061\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mips.deb\r\n Size/MD5 checksum: 585810 921806111c71ed490ff18e05ef5383c7\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mipsel.deb\r\n Size/MD5 checksum: 113454 9602da05aa4bc7a22432bcd720660cc0\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mipsel.deb\r\n Size/MD5 checksum: 570006 1e8cb3f56fa73956d52268d237c15baf\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mipsel.deb\r\n Size/MD5 checksum: 627162 2ef6443e548130d6d7f3e7bdf0176b6a\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mipsel.deb\r\n Size/MD5 checksum: 9729736 fa8030ec05b4e395f0ba3c90ee670e46\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_powerpc.deb\r\n Size/MD5 checksum: 582794 f2e0c6a4336e42c023c4f1db3dc00dd8\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_powerpc.deb\r\n Size/MD5 checksum: 677742 0dda6ce349cf9e844e7ba074765ab682\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_powerpc.deb\r\n Size/MD5 checksum: 11220016 5e5f2754bef30795bdab7486c5dd8a72\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_powerpc.deb\r\n Size/MD5 checksum: 122572 ac15689cd78a06ac3472760c10a253af\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_s390.deb\r\n Size/MD5 checksum: 12488184 b916661193fbbdef2e6838f5e144e0c4\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_s390.deb\r\n Size/MD5 checksum: 122150 fa1d1a623a2cd95b2d59f5d910226086\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_s390.deb\r\n Size/MD5 checksum: 569966 9c91e4417d2860da5e9903410f92d775\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_s390.deb\r\n Size/MD5 checksum: 671588 c2f017d2cb7bdd3a8c7c5f85aef2df6f\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_sparc.deb\r\n Size/MD5 checksum: 11287328 d4bb52efa605646c1c207565c9c1eb77\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_sparc.deb\r\n Size/MD5 checksum: 583744 803661967720b8f8d048844afef3a6b3\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_sparc.deb\r\n Size/MD5 checksum: 113520 0f733a8ef1549c573cf4055ee37e1842\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_sparc.deb\r\n Size/MD5 checksum: 629600 f7ed1aa09cb192c7d8f844cfc7fae2bc\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkx9c8QACgkQXm3vHE4uylrESACfTJUNw4OFiIQV7Iaw4pwS/fQa\r\nS7IAn1YBxtdVgDDmJi/ufNW05qKFhQsn\r\n=iB+3\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-09-02T00:00:00", "published": "2010-09-02T00:00:00", "id": "SECURITYVULNS:DOC:24664", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24664", "title": "[SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2994"], "description": "Multiple DoS conditions, buffer overflow.", "edition": 1, "modified": "2010-09-14T00:00:00", "published": "2010-09-14T00:00:00", "id": "SECURITYVULNS:VULN:10928", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10928", "title": "Wireshark sniffer multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T07:39:56", "description": "The installed version of Wireshark or Ethereal is potentially\naffected by multiple vulnerabilities. \n\n - The SigComp Universal Decompressor Virtual Machine could\n potentially overflow a buffer. (Bug 4867)\n\n - The ANS.1 BER dissector could potentially exhaust the \n stack memory. (Bug 4984)\n\n - The GSM A RR dissector is affected by denial of service\n issue. (Bug 4897)\n\n - The IPMI dissector could get stuck in an infinite loop. \n (Bug 5053)", "edition": 24, "published": "2010-08-02T00:00:00", "title": "Wireshark / Ethereal < 1.0.15 / 1.2.10 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2992", "CVE-2010-2995", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_2_10.NASL", "href": "https://www.tenable.com/plugins/nessus/48213", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48213);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/06 14:03:17\");\n\n script_cve_id(\"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(42618);\n script_xref(name:\"Secunia\", value:\"40783\");\n\n script_name(english:\"Wireshark / Ethereal < 1.0.15 / 1.2.10 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The remote host has an application that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\",value:\n\"The installed version of Wireshark or Ethereal is potentially\naffected by multiple vulnerabilities. \n\n - The SigComp Universal Decompressor Virtual Machine could\n potentially overflow a buffer. (Bug 4867)\n\n - The ANS.1 BER dissector could potentially exhaust the \n stack memory. (Bug 4984)\n\n - The GSM A RR dissector is affected by denial of service\n issue. (Bug 4897)\n\n - The IPMI dissector could get stuck in an infinite loop. \n (Bug 5053)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www.wireshark.org/security/wnpa-sec-2010-08.html\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www.wireshark.org/security/wnpa-sec-2010-07.html\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Wireshark version 1.0.15 / 1.2.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0, \"The 'SMB/Wireshark/*' KB items are missing.\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n ver = split(version, sep:\".\", keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Affects 0.10.8 to 1.0.14 AND 1.2.0 to 1.2.9\n if ((ver[0] == 0 && ((ver[1] == 10 && ver[2] >= 8) || (ver[1] >= 11))) ||\n (ver[0] == 1 && ver[1] == 0 && ver[2] < 15 ) ||\n (ver[0] == 1 && ver[1] == 2 && ver[2] < 10 ) \n ) info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.0.15 / 1.2.10\\n';\n else\n info2 += 'Version '+ version + ', under '+ installs[install] + '. ';\n}\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 1) s = \"s of Wireshark / Ethereal are\";\n else s = \" of Wireshark / Ethereal is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:33", "description": "Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 30, "published": "2010-08-24T00:00:00", "title": "CentOS 4 / 5 : wireshark (CESA-2010:0625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2994"], "modified": "2010-08-24T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:wireshark-gnome"], "id": "CENTOS_RHSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/48409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0625 and \n# CentOS Errata and Security Advisory 2010:0625 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48409);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"CentOS 4 / 5 : wireshark (CESA-2010:0625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016932.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ea3370a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016933.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17af990f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18b151ef\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016957.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0687cae5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:08", "description": "Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 30, "published": "2010-08-12T00:00:00", "title": "RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2994"], "modified": "2010-08-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:wireshark", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome"], "id": "REDHAT-RHSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/48314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0625. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48314);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2995\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-03.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-05.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-05.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-07.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-07.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0625\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0625\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-1.0.15-EL3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-gnome-1.0.15-EL3.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:16", "description": "From Red Hat Security Advisory 2010:0625 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 28, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2994"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:wireshark", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0625.NASL", "href": "https://www.tenable.com/plugins/nessus/68084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0625 and \n# Oracle Linux Security Advisory ELSA-2010-0625 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68084);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\", \"CVE-2010-2995\");\n script_bugtraq_id(39950, 40728);\n script_xref(name:\"RHSA\", value:\"2010:0625\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0625 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.15, and resolve these issues. All\nrunning instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001600.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001601.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001602.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-0.1.EL3.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-0.1.EL3.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"wireshark-1.0.15-1.0.1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"wireshark-gnome-1.0.15-1.0.1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"wireshark-1.0.15-1.0.1.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-1.0.15-1.0.1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:43", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53808);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:21", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/75771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75771);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-1.4.2-1.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-devel-1.4.2-1.1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:12", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3731.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53689);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)\");\n script_summary(english:\"Check for the wireshark-3731 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:42", "description": "This advisory updates wireshark to the latest version(s), fixing\nseveral security issues :\n\nThe SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2283).\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13\nthrough 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote\nattack vectors (CVE-2010-2284).\n\nThe SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2285).\n\nThe SigComp Universal Decompressor Virtual Machine dissector in\nWireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote\nattackers to cause a denial of service (infinite loop) via unknown\nvectors (CVE-2010-2286).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine\ndissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\nhas unknown impact and remote attack vectors (CVE-2010-2287).", "edition": 27, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2010:113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2283", "CVE-2010-2286", "CVE-2010-2994"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:tshark", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:wireshark-tools", "p-cpe:/a:mandriva:linux:wireshark"], "id": "MANDRIVA_MDVSA-2010-113.NASL", "href": "https://www.tenable.com/plugins/nessus/48186", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:113. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48186);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2994\");\n script_bugtraq_id(40728);\n script_xref(name:\"MDVSA\", value:\"2010:113\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2010:113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This advisory updates wireshark to the latest version(s), fixing\nseveral security issues :\n\nThe SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2283).\n\nBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13\nthrough 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote\nattack vectors (CVE-2010-2284).\n\nThe SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0\nthrough 1.2.8 allows remote attackers to cause a denial of service\n(NULL pointer dereference) via unknown vectors (CVE-2010-2285).\n\nThe SigComp Universal Decompressor Virtual Machine dissector in\nWireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote\nattackers to cause a denial of service (infinite loop) via unknown\nvectors (CVE-2010-2286).\n\nBuffer overflow in the SigComp Universal Decompressor Virtual Machine\ndissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8\nhas unknown impact and remote attack vectors (CVE-2010-2287).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"dumpcap-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwireshark0-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rawshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"wireshark-tools-1.0.14-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"dumpcap-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark-devel-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libwireshark0-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"rawshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"wireshark-tools-1.2.9-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:01", "description": "Multiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nNOTE: This errata updates Wireshark to version 1.0.15 to resolve these\nissues.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100811_WIRESHARK_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60836);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2995\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark\nread a malformed packet off a network or opened a malicious dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2010-1455,\nCVE-2010-2283, CVE-2010-2284, CVE-2010-2286)\n\nNOTE: This errata updates Wireshark to version 1.0.15 to resolve these\nissues.\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1172\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cee74b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-1.0.15-EL3.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-gnome-1.0.15-EL3.1\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"wireshark-1.0.15-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"wireshark-gnome-1.0.15-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.15-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.15-1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:57", "description": "Update to upstream version 1.2.10: *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing\nmultiple security issues: *\nhttp://www.wireshark.org/security/wnpa-sec-2010-06.html *\nhttp://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2010-09-03T00:00:00", "title": "Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-2993"], "modified": "2010-09-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13416.NASL", "href": "https://www.tenable.com/plugins/nessus/49092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13416.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49092);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2995\");\n script_bugtraq_id(40728, 42618);\n script_xref(name:\"FEDORA\", value:\"2010-13416\");\n\n script_name(english:\"Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 1.2.10: *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing\nmultiple security issues: *\nhttp://www.wireshark.org/security/wnpa-sec-2010-06.html *\nhttp://www.wireshark.org/security/wnpa-sec-2010-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-06.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-06.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2010-08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2010-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=604308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046957.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fa9b949\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"wireshark-1.2.10-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:25", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2995"], "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\na malformed packet off a network or opened a malicious dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\nCVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.15, and resolve these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-08-11T04:00:00", "id": "RHSA-2010:0625", "href": "https://access.redhat.com/errata/RHSA-2010:0625", "type": "redhat", "title": "(RHSA-2010:0625) Moderate: wireshark security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:33", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "[1.0.15-1.0.1.el5_5.1]\n- Add oracle-ocfs2-network.patch\n[1.0.15-1]\n- upgrade to 1.0.15\n- http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html\n- fixes CVE-2010-2287 CVE-2010-2284\n- Related: #612239\n[1.0.14-1.2]\n- fix corner case in CVE-2010-2284\n- Related: #612239\n[1.0.14-1]\n- upgrade to 1.0.14\n- http://www.wireshark.org/docs/relnotes/wireshark-1.0.14.html\n- fixes CVE-2010-1455 CVE-2010-2283 CVE-2010-2284 CVE-2010-2286 CVE-2010-2287\n- Resolves: #612239 ", "edition": 4, "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "ELSA-2010-0625", "href": "http://linux.oracle.com/errata/ELSA-2010-0625.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0625\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in the Wireshark SigComp\nUniversal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read\na malformed packet off a network or opened a malicious dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2010-2287, CVE-2010-2995)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,\nCVE-2010-2286)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.15, and resolve these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028970.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028971.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028994.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028995.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0625.html", "edition": 5, "modified": "2010-08-27T15:14:48", "published": "2010-08-23T15:13:08", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/028970.html", "id": "CESA-2010:0625", "title": "wireshark security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2010-09-02T20:45:30", "published": "2010-09-02T20:45:30", "id": "FEDORA:C0E72110A4E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: wireshark-1.2.10-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1455", "CVE-2010-2283", "CVE-2010-2284", "CVE-2010-2286", "CVE-2010-2287", "CVE-2010-2992", "CVE-2010-2993", "CVE-2010-2995"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2010-09-02T20:47:13", "published": "2010-09-02T20:47:13", "id": "FEDORA:22127110B4B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: wireshark-1.2.10-1.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "modified": "2011-10-09T00:00:00", "published": "2011-10-09T00:00:00", "id": "GLSA-201110-02", "href": "https://security.gentoo.org/glsa/201110-02", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
