Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4359.NASL
HistoryDec 28, 2018 - 12:00 a.m.

Debian DSA-4359-1 : wireshark - security update

2018-12-2800:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4359. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119892);
  script_version("1.2");
  script_cvs_date("Date: 2019/04/05 23:25:05");

  script_cve_id("CVE-2018-12086", "CVE-2018-18225", "CVE-2018-18226", "CVE-2018-18227", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628");
  script_xref(name:"DSA", value:"4359");

  script_name(english:"Debian DSA-4359-1 : wireshark - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities have been discovered in Wireshark, a network
protocol analyzer, which could result in denial of service or the
execution of arbitrary code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/wireshark"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/wireshark"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2018/dsa-4359"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wireshark packages.

For the stable distribution (stretch), these problems have been fixed
in version 2.6.5-1~deb9u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wireshark");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"libwireshark-data", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwireshark-dev", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwireshark8", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwiretap-dev", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwiretap6", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwscodecs1", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwsutil-dev", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libwsutil7", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"tshark", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark-common", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark-dev", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark-doc", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark-gtk", reference:"2.6.5-1~deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"wireshark-qt", reference:"2.6.5-1~deb9u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwiresharkp-cpe:/a:debian:debian_linux:wireshark
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Related

osv 14
openvas 28
debian 2
kaspersky 2
nessus 31
altlinux 2
archlinux 2
suse 3
fedora 7
debiancve 11
cve 11
redhatcve 11
prion 11
ubuntucve 11
alpinelinux 11
veracode 1
f5 1
github 1
ibm 1
oraclelinux 1
centos 1
amazon 1
redhat 1
oracle 1
osv
osv
wireshark - security update
2018-12-27 00:00:00
CVE-2018-18225
2018-10-12 06:29:00
CVE-2018-19627
2018-11-29 04:29:00
openvas
openvas
Debian: Security Advisory (DSA-4359-1)
2018-12-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:4295-1)
2021-06-09 00:00:00
Wireshark Multiple Vulnerabilities (Nov 2018) - Mac OS X
2018-11-29 00:00:00
debian
debian
[SECURITY] [DSA 4359-1] wireshark security update
2018-12-27 14:56:59
[SECURITY] [DLA 1634-1] wireshark security update
2019-01-15 19:10:30
kaspersky
kaspersky
KLA11377 Multiple vulnerabilities in Wireshark
2018-11-27 00:00:00
KLA11337 Multiple DoS vulnerabilities in Wireshark
2018-10-10 00:00:00
nessus
nessus
Wireshark 2.6.x < 2.6.5 Multiple Vulnerabilities (MacOS)
2018-12-05 00:00:00
Wireshark 2.6.x < 2.6.5 Multiple Vulnerabilities
2018-12-05 00:00:00
Fedora 29 : 1:wireshark (2018-cb410a3812)
2019-01-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 2.6.5-alt1
2018-12-03 00:00:00
Security fix for the ALT Linux 9 package wireshark version 2.6.4-alt1
2018-10-13 00:00:00
archlinux
archlinux
[ASA-201812-3] wireshark-cli: multiple issues
2018-12-08 00:00:00
[ASA-201810-9] wireshark-cli: multiple issues
2018-10-12 00:00:00
suse
suse
Security update for wireshark (moderate)
2018-12-29 15:17:25
Security update for wireshark (important)
2018-10-24 03:15:41
Security update for wireshark (moderate)
2020-03-19 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: wireshark-2.6.5-1.fc29
2018-12-18 03:06:54
[SECURITY] Fedora 29 Update: wireshark-2.6.6-1.fc29
2019-01-26 02:15:39
[SECURITY] Fedora 28 Update: wireshark-2.6.5-1.fc28
2018-12-19 01:51:31
debiancve
debiancve
CVE-2018-18225
2018-10-12 06:29:00
CVE-2018-19627
2018-11-29 04:29:00
CVE-2018-19625
2018-11-29 04:29:00
cve
cve
CVE-2018-18226
2018-10-12 06:29:00
CVE-2018-19623
2018-11-29 04:29:00
CVE-2018-19627
2018-11-29 04:29:00
redhatcve
redhatcve
CVE-2018-19628
2018-12-04 10:22:55
CVE-2018-18225
2018-10-25 10:19:17
CVE-2018-19627
2018-12-04 10:20:01
prion
prion
Design/Logic Flaw
2018-10-12 06:29:00
Design/Logic Flaw
2018-11-29 04:29:00
Design/Logic Flaw
2018-11-29 04:29:00
ubuntucve
ubuntucve
CVE-2018-18226
2018-10-12 00:00:00
CVE-2018-19628
2018-11-29 00:00:00
CVE-2018-19623
2018-11-29 00:00:00
alpinelinux
alpinelinux
CVE-2018-18225
2018-10-12 06:29:00
CVE-2018-19625
2018-11-29 04:29:00
CVE-2018-19626
2018-11-29 04:29:00
veracode
veracode
Denial Of Service (DoS)
2020-04-01 00:38:21
f5
f5
K94133434 : Wireshark vulnerability CVE-2018-19627
2021-07-16 00:00:00
github
github
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
2018-10-16 19:51:31
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-v
2019-04-18 16:40:01
oraclelinux
oraclelinux
wireshark security and bug fix update
2020-04-06 00:00:00
centos
centos
wireshark security update
2020-04-08 20:08:49
amazon
amazon
Medium: wireshark
2020-06-16 18:06:00
redhat
redhat
(RHSA-2020:1047) Moderate: wireshark security and bug fix update
2020-03-31 09:12:21
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
JSON
Related for DEBIAN_DSA-4359.NASL
osv14openvas28debian2kaspersky2nessus31altlinux2archlinux2suse3fedora7debiancve11cve11redhatcve11prion11ubuntucve11alpinelinux11veracode1f51github1ibm1oraclelinux1centos1amazon1redhat1oracle1