Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)

2007-01-1700:00:00

www.tenable.com

Versions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities :

The GSM BSSMAP dissector could crash. Versions affected:
0.10.11. CVE: CVE-2006-3627

Ilja van Sprundel discovered the following vulnerabilities :

The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628
The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE:
CVE-2006-3628
The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628
The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE:
CVE-2006-3629
The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE:
CVE-2006-3630
The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
The SSH dissector was vulnerable to an infinite loop.
Versions affected: 0.9.10. CVE: CVE-2006-3631
The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632

Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2006-860.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(24160);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2006-3627");
  script_xref(name:"FEDORA", value:"2006-860");

  script_name(english:"Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Versions affected: 0.8.16 up to and including 0.99.0 Details
Description Wireshark 0.99.2 fixes the following vulnerabilities :

  - The GSM BSSMAP dissector could crash. Versions affected:
    0.10.11. CVE: CVE-2006-3627

Ilja van Sprundel discovered the following vulnerabilities :

  - The ANSI MAP dissector was vulnerable to a format string
    overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628

  - The Checkpoint FW-1 dissector was vulnerable to a format
    string overflow. Versions affected: 0.10.10. CVE:
    CVE-2006-3628

  - The MQ dissector was vulnerable to a format string
    overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628

  - The XML dissector was vulnerable to a format string
    overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628

  - The MOUNT dissector could attempt to allocate large
    amounts of memory. Versions affected: 0.9.4. CVE:
    CVE-2006-3629

  - The NCP NMAS and NDPS dissectors were susceptible to
    off-by-one errors. Versions affected: 0.9.7. CVE:
    CVE-2006-3630

  - The NTP dissector was vulnerable to a format string
    overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628

  - The SSH dissector was vulnerable to an infinite loop.
    Versions affected: 0.9.10. CVE: CVE-2006-3631

  - The NFS dissector may have been susceptible to a buffer
    overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632

Impact It may be possible to make Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file. Resolution Upgrade to Wireshark 0.99.2.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000461.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4e595c9e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected wireshark, wireshark-debuginfo and / or
wireshark-gnome packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wireshark-gnome");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC5", reference:"wireshark-0.99.2-fc5.2")) flag++;
if (rpm_check(release:"FC5", reference:"wireshark-debuginfo-0.99.2-fc5.2")) flag++;
if (rpm_check(release:"FC5", reference:"wireshark-gnome-0.99.2-fc5.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-gnome");
}

VendorProductVersionCPE
fedoraprojectfedorawiresharkp-cpe:/a:fedoraproject:fedora:wireshark
fedoraprojectfedorawireshark-debuginfop-cpe:/a:fedoraproject:fedora:wireshark-debuginfo
fedoraprojectfedorawireshark-gnomep-cpe:/a:fedoraproject:fedora:wireshark-gnome
fedoraprojectfedora_core5cpe:/o:fedoraproject:fedora_core:5

Vendor	Product	Version	CPE
fedoraproject	fedora	wireshark	p-cpe:/a:fedoraproject:fedora:wireshark
fedoraproject	fedora	wireshark-debuginfo	p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo
fedoraproject	fedora	wireshark-gnome	p-cpe:/a:fedoraproject:fedora:wireshark-gnome
fedoraproject	fedora_core	5	cpe:/o:fedoraproject:fedora_core:5