upgrade to 0.99.7 fixes various security flaws.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
{"fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2007-12-20T19:51:33", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: wireshark-0.99.7-2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121"], "modified": "2007-12-20T19:51:33", "id": "FEDORA:LBKJPVWE025732", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2ABDZTCBHEFFQDPOVAOBLKJTCAOCDF4E/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "cvss3": {}, "published": "2007-12-21T21:09:16", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: wireshark-0.99.7-1.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121"], "modified": "2007-12-21T21:09:16", "id": "FEDORA:LBLL8LEN001925", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E5ALS4YZVZQ5L4VWJC2BBJSBQ6IASO2F/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:46", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2007-4590", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861173", "href": "http://plugins.openvas.org/nasl.php?oid=861173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2007-4590\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html\");\n script_id(861173);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-4590\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\");\n script_name( \"Fedora Update for wireshark FEDORA-2007-4590\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2007-4690", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861563", "href": "http://plugins.openvas.org/nasl.php?oid=861563", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2007-4690\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html\");\n script_id(861563);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-4690\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\");\n script_name( \"Fedora Update for wireshark FEDORA-2007-4690\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:53", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 1414-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1414-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:59639", "href": "http://plugins.openvas.org/nasl.php?oid=59639", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1414_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1414-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-6114\n\nStefan Esser discovered a buffer overflow in the SSL dissector.\nFabiodds discovered a buffer overflow in the iSeries trace\ndissector.\n\nCVE-2007-6117\n\nA programming error was discovered in the HTTP dissector, which may\nlead to denial of service.\n\nCVE-2007-6118\n\nThe MEGACO dissector could be tricked into ressource exhaustion.\n\nCVE-2007-6120\n\nThe Bluetooth SDP dissector could be tricked into an endless loop.\n\nCVE-2007-6121\n\nThe RPC portmap dissector could be tricked into dereferencing\na NULL pointer.\n\nFor the stable distribution (etch), these problems have been fixed\nin version 0.99.4-5.etch.1. Updates packages for sparc will be provided\nlater.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\ncalled Ethereal). Updates packages for sparc and m68k will be provided\nlater.\n\nWe recommend that you upgrade your wireshark/ethereal packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 1414-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201414-1\";\n\nif(description)\n{\n script_id(59639);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-6114\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1414-1 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ethereal-common\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-dev\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tethereal\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"0.99.4-5.etch.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:49", "description": "The remote host is missing updates announced in\nadvisory GLSA 200712-23.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200712-23 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60085", "href": "http://plugins.openvas.org/nasl.php?oid=60085", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Wireshark, allowing for\nthe remote execution of arbitrary code and a Denial of Service.\";\ntag_solution = \"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=199958\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200712-23.\";\n\n \n\nif(description)\n{\n script_id(60085);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200712-23 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 0.99.7\"), vulnerable: make_list(\"lt 0.99.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "wireshark -- multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2016-10-04T00:00:00", "id": "OPENVAS:60052", "href": "http://plugins.openvas.org/nasl.php?oid=60052", "sourceData": "#\n#VID 8a835235-ae84-11dc-a5f9-001a4d49522b\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n wireshark\n wireshark-lite\n ethereal\n ethereal-lite\n tethereal\n tethereal-lite\n\nCVE-2007-6438\nUnspecified vulnerability in the SMB dissector in Wireshark (formerly\nEthereal) 0.99.6 allows remote attackers to cause a denial of service\nvia unknown vectors. NOTE: this identifier originally included MP3\nand NCP, but those issues are already covered by CVE-2007-6111.\n\nCVE-2007-6439\nWireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause\na denial of service (infinite or large loop) via the (1) IPv6 or (2)\nUSB dissector, which can trigger resource consumption or a crash.\nNOTE: this identifier originally included Firebird/Interbase, but it\nis already covered by CVE-2007-6116. The DCP ETSI issue is already\ncovered by CVE-2007-6119.\n\nCVE-2007-6441\nThe WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows\nremote attackers to cause a denial of service (crash) via unknown\nvectors related to 'unaligned access on some platforms.'\n\nCVE-2007-6450\nThe RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6\nallows remote attackers to cause a denial of service (infinite loop)\nvia unknown vectors.\n\nCVE-2007-6451\nUnspecified vulnerability in the CIP dissector in Wireshark (formerly\nEthereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial\nof service (crash) via unknown vectors that trigger allocation of\nlarge amounts of memory.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wireshark.org/security/wnpa-sec-2007-03.html\nhttp://www.vuxml.org/freebsd/8a835235-ae84-11dc-a5f9-001a4d49522b.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60052);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"wireshark -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package ethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package ethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package tethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.16\")>=0 && revcomp(a:bver, b:\"0.99.7\")<0) {\n txt += 'Package tethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:38", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0058 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880208", "href": "http://plugins.openvas.org/nasl.php?oid=880208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0058 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014652.html\");\n script_id(880208);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0058\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0058 centos4 i386\");\n\n script_summary(\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:30", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0058 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880183", "href": "http://plugins.openvas.org/nasl.php?oid=880183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0058 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014653.html\");\n script_id(880183);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0058\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0058 centos4 x86_64\");\n\n script_summary(\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:59", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830471", "href": "http://plugins.openvas.org/nasl.php?oid=830471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities in the Wireshark program were found that\n could cause crashes, excessive looping, or arbitrary code execution.\n\n This update provides Wireshark 0.99.7 which is not vulnerable to\n these issues.\n \n An updated version of libsmi is also being provided, not because\n of security issues, but because this version of wireshark uses it\n instead of net-snmp for SNMP support.\n \n Update:\n \n This update is being reissued without libcap (kernel capabilities)\n support, as that is not required by the original released packages,\n and thus gave trouble for a number of users.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00006.php\");\n script_id(830471);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:001-1\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:51", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2008:1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830541", "href": "http://plugins.openvas.org/nasl.php?oid=830541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:1 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities in the Wireshark program were found that\n could cause crashes, excessive looping, or arbitrary code execution.\n\n This update rovides Wireshark 0.99.7 which is not vulnerable to\n these issues.\n \n An updated version of libsmi is also being provided, not because\n of security issues, but because this version of wireshark uses it\n instead of net-snmp for SNMP support.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00001.php\");\n script_id(830541);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:1\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:1 (wireshark)\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2-devel\", rpm:\"libsmi2-devel~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2-devel\", rpm:\"lib64smi2-devel~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2-devel\", rpm:\"libsmi2-devel~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2-devel\", rpm:\"lib64smi2-devel~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi-devel\", rpm:\"lib64smi-devel~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:40", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2008:0058-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870170", "href": "http://plugins.openvas.org/nasl.php?oid=870170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2008:0058-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00014.html\");\n script_id(870170);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0058-01\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"RedHat Update for wireshark RHSA-2008:0058-01\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:24", "description": "Oracle Linux Local Security Checks ELSA-2008-0058", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0058", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122614", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0058.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122614\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:22 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0058\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0058 - Moderate: wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0058\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0058.html\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:41:19", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2008:0058-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2008:0058-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870170\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0058-01\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"RedHat Update for wireshark RHSA-2008:0058-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:50", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0058 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0058 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014653.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880183\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0058\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0058 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:13", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0058 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0058 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\n CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\n CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014652.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880208\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0058\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0058 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:43", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2008:1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:1 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities in the Wireshark program were found that\n could cause crashes, excessive looping, or arbitrary code execution.\n\n This update rovides Wireshark 0.99.7 which is not vulnerable to\n these issues.\n \n An updated version of libsmi is also being provided, not because\n of security issues, but because this version of wireshark uses it\n instead of net-snmp for SNMP support.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830541\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:1\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:1 (wireshark)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2-devel\", rpm:\"libsmi2-devel~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2-devel\", rpm:\"lib64smi2-devel~0.4.5~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2-devel\", rpm:\"libsmi2-devel~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2-devel\", rpm:\"lib64smi2-devel~0.4.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-ext\", rpm:\"libsmi-mibs-ext~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-mibs-std\", rpm:\"libsmi-mibs-std~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi2\", rpm:\"libsmi2~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smi-tools\", rpm:\"smi-tools~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi-devel\", rpm:\"lib64smi-devel~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smi2\", rpm:\"lib64smi2~0.4.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:03", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities in the Wireshark program were found that\n could cause crashes, excessive looping, or arbitrary code execution.\n\n This update provides Wireshark 0.99.7 which is not vulnerable to\n these issues.\n \n An updated version of libsmi is also being provided, not because\n of security issues, but because this version of wireshark uses it\n instead of net-snmp for SNMP support.\n \n Update:\n \n This update is being reissued without libcap (kernel capabilities)\n support, as that is not required by the original released packages,\n and thus gave trouble for a number of users.\";\n\ntag_affected = \"wireshark on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00006.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830471\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:001-1\");\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~0.99.7~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:54", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0059 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880091", "href": "http://plugins.openvas.org/nasl.php?oid=880091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0059 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014631.html\");\n script_id(880091);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0059\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0059 centos3 i386\");\n\n script_summary(\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0059 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880129", "href": "http://plugins.openvas.org/nasl.php?oid=880129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0059 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014632.html\");\n script_id(880129);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0059\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0059 centos3 x86_64\");\n\n script_summary(\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:41", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2008:0059-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870085", "href": "http://plugins.openvas.org/nasl.php?oid=870085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2008:0059-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00015.html\");\n script_id(870085);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0059-01\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"RedHat Update for wireshark RHSA-2008:0059-01\");\n\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:23", "description": "Check for the Version of wireshark", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2008:0059-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2008:0059-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"wireshark on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00015.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870085\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0059-01\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"RedHat Update for wireshark RHSA-2008:0059-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-debuginfo\", rpm:\"libsmi-debuginfo~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:55", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0059 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0059 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014631.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880091\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0059\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0059 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:00", "description": "Check for the Version of libsmi", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for libsmi CESA-2008:0059 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3390", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-3389", "CVE-2007-3392", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-3393", "CVE-2007-6120", "CVE-2007-3391", "CVE-2007-6113", "CVE-2007-6115"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmi CESA-2008:0059 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a program for monitoring network traffic. Wireshark was\n previously known as Ethereal.\n\n Several flaws were found in Wireshark. Wireshark could crash or possibly\n execute arbitrary code as the user running Wireshark if it read a malformed\n packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n \n Several denial of service bugs were found in Wireshark. Wireshark could\n crash or stop responding if it read a malformed packet off the network.\n (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\n CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\n CVE-2007-6450, CVE-2007-6451)\n \n As well, Wireshark switched from using net-snmp to libsmi, which is\n included in this errata.\n \n Users of wireshark should upgrade to these updated packages, which contain\n Wireshark version 0.99.7, and resolve these issues.\";\n\ntag_affected = \"libsmi on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014632.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880129\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0059\");\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_name( \"CentOS Update for libsmi CESA-2008:0059 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsmi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmi\", rpm:\"libsmi~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmi-devel\", rpm:\"libsmi-devel~0.4.5~3.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~0.99.7~EL3.1\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-01-11T14:40:41", "description": "Various flaws fixed by upgrade to 0.99.7\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-12-24T00:00:00", "type": "nessus", "title": "Fedora 8 : wireshark-0.99.7-2.fc8 (2007-4590)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo", "p-cpe:/a:fedoraproject:fedora:wireshark-gnome", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2007-4590.NASL", "href": "https://www.tenable.com/plugins/nessus/29760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4590.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29760);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\");\n script_bugtraq_id(26532);\n script_xref(name:\"FEDORA\", value:\"2007-4590\");\n\n script_name(english:\"Fedora 8 : wireshark-0.99.7-2.fc8 (2007-4590)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws fixed by upgrade to 0.99.7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=397371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91346ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"wireshark-0.99.7-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"wireshark-debuginfo-0.99.7-2.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"wireshark-gnome-0.99.7-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:04", "description": "Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-6114 Stefan Esser discovered a buffer overflow in the SSL dissector.'Fabiodds' discovered a buffer overflow in the iSeries trace dissector.\n\n - CVE-2007-6117 A programming error was discovered in the HTTP dissector, which may lead to denial of service.\n\n - CVE-2007-6118 The MEGACO dissector could be tricked into resource exhaustion.\n\n - CVE-2007-6120 The Bluetooth SDP dissector could be tricked into an endless loop.\n\n - CVE-2007-6121 The RPC portmap dissector could be tricked into dereferencing a NULL pointer.", "cvss3": {}, "published": "2007-11-29T00:00:00", "type": "nessus", "title": "Debian DSA-1414-1 : wireshark - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1414.NASL", "href": "https://www.tenable.com/plugins/nessus/28337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1414. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28337);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6114\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\");\n script_xref(name:\"DSA\", value:\"1414\");\n\n script_name(english:\"Debian DSA-1414-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-6114\n Stefan Esser discovered a buffer overflow in the SSL\n dissector.'Fabiodds' discovered a buffer overflow in the\n iSeries trace dissector.\n\n - CVE-2007-6117\n A programming error was discovered in the HTTP\n dissector, which may lead to denial of service.\n\n - CVE-2007-6118\n The MEGACO dissector could be tricked into resource\n exhaustion.\n\n - CVE-2007-6120\n The Bluetooth SDP dissector could be tricked into an\n endless loop.\n\n - CVE-2007-6121\n The RPC portmap dissector could be tricked into\n dereferencing a NULL pointer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1414\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark/ethereal packages.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\ncalled Ethereal). Updated packages for sparc and m68k will be provided\nlater.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.99.4-5.etch.1. Updated packages for sparc will be provided\nlater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ethereal\", reference:\"0.10.10-2sarge10\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ethereal-common\", reference:\"0.10.10-2sarge10\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ethereal-dev\", reference:\"0.10.10-2sarge10\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"tethereal\", reference:\"0.10.10-2sarge10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal-common\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal-dev\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tethereal\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tshark\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark-common\", reference:\"0.99.4-5.etch.1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark-dev\", reference:\"0.99.4-5.etch.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:27", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : wireshark (CESA-2008:0058)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmi", "p-cpe:/a:centos:centos:libsmi-devel", "p-cpe:/a:centos:centos:wireshark", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0058.NASL", "href": "https://www.tenable.com/plugins/nessus/43670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0058 and \n# CentOS Errata and Security Advisory 2008:0058 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43670);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0058\");\n\n script_name(english:\"CentOS 4 / 5 : wireshark (CESA-2008:0058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6112,\nCVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118,\nCVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438,\nCVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014635.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43bd41a2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e629cd8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014638.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fa4cba5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43d90ffe\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?093b1146\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libsmi-0.4.5-2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libsmi-0.4.5-2.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libsmi-0.4.5-2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libsmi-devel-0.4.5-2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libsmi-devel-0.4.5-2.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libsmi-devel-0.4.5-2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-0.99.7-1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-0.99.7-1.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-0.99.7-1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.7-1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-gnome-0.99.7-1.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.7-1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-0.99.7-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-0.99.7-1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:55", "description": "Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-6450 The RPL dissector could be tricked into an infinite loop.\n\n - CVE-2007-6451 The CIP dissector could be tricked into excessive memory allocation.", "cvss3": {}, "published": "2008-01-04T00:00:00", "type": "nessus", "title": "Debian DSA-1446-1 : wireshark - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1446.NASL", "href": "https://www.tenable.com/plugins/nessus/29840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1446. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29840);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_xref(name:\"DSA\", value:\"1446\");\n\n script_name(english:\"Debian DSA-1446-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-6450\n The RPL dissector could be tricked into an infinite\n loop.\n\n - CVE-2007-6451\n The CIP dissector could be tricked into excessive memory\n allocation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1446\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge11. (In Sarge Wireshark used to be\ncalled Ethereal).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.99.4-5.etch.2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ethereal\", reference:\"0.10.10-2sarge11\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ethereal-common\", reference:\"0.10.10-2sarge11\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ethereal-dev\", reference:\"0.10.10-2sarge11\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"tethereal\", reference:\"0.10.10-2sarge11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal-common\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ethereal-dev\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tethereal\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tshark\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark-common\", reference:\"0.99.4-5.etch.2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"wireshark-dev\", reference:\"0.99.4-5.etch.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:35", "description": "The remote host is affected by the vulnerability described in GLSA-200712-23 (Wireshark: Multiple vulnerabilities)\n\n Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley.\n Impact :\n\n A remote attacker could send specially crafted packets on a network being monitored with Wireshark or entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running Wireshark (which might be the root user), or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2007-12-31T00:00:00", "type": "nessus", "title": "GLSA-200712-23 : Wireshark: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:wireshark", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200712-23.NASL", "href": "https://www.tenable.com/plugins/nessus/29820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200712-23.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29820);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_xref(name:\"GLSA\", value:\"200712-23\");\n\n script_name(english:\"GLSA-200712-23 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200712-23\n(Wireshark: Multiple vulnerabilities)\n\n Multiple buffer overflows and infinite loops were discovered in\n multiple dissector and parser components, including those for MP3 and\n NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and\n iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP\n (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP\n (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119),\n Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB\n (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441),\n RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were\n discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming,\n Steve and ainsley.\n \nImpact :\n\n A remote attacker could send specially crafted packets on a network\n being monitored with Wireshark or entice a user to open a specially\n crafted file, possibly resulting in the execution of arbitrary code\n with the privileges of the user running Wireshark (which might be the\n root user), or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200712-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 0.99.7\"), vulnerable:make_list(\"lt 0.99.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:36", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2008-01-21T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : wireshark (RHSA-2008:0058)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmi", "p-cpe:/a:redhat:enterprise_linux:libsmi-devel", "p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0058.NASL", "href": "https://www.tenable.com/plugins/nessus/30034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0058. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30034);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0058\");\n\n script_name(english:\"RHEL 4 / 5 : wireshark (RHSA-2008:0058)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6112,\nCVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118,\nCVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438,\nCVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6451\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-0.99.7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-0.99.7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0058\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0058\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libsmi-0.4.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libsmi-devel-0.4.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-0.99.7-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"wireshark-gnome-0.99.7-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-0.99.7-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-0.99.7-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-0.99.7-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.7-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-0.99.7-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.7-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:00:15", "description": "A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution.\n\nThis update provides Wireshark 0.99.7 which is not vulnerable to these issues.\n\nAn updated version of libsmi is also being provided, not because of security issues, but because this version of wireshark uses it instead of net-snmp for SNMP support.\n\nUpdate :\n\nThis update is being reissued without libcap (kernel capabilities) support, as that is not required by the original released packages, and thus gave trouble for a number of users.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2008:001-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:wireshark-tools", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2008-001.NASL", "href": "https://www.tenable.com/plugins/nessus/36583", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:001. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36583);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_xref(name:\"MDVSA\", value:\"2008:001-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2008:001-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities in the Wireshark program were found that\ncould cause crashes, excessive looping, or arbitrary code execution.\n\nThis update provides Wireshark 0.99.7 which is not vulnerable to these\nissues.\n\nAn updated version of libsmi is also being provided, not because of\nsecurity issues, but because this version of wireshark uses it instead\nof net-snmp for SNMP support.\n\nUpdate :\n\nThis update is being reissued without libcap (kernel capabilities)\nsupport, as that is not required by the original released packages,\nand thus gave trouble for a number of users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2007-03.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.7-0.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.7-0.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"tshark-0.99.7-0.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-0.99.7-0.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-tools-0.99.7-0.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.7-0.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libwireshark0-0.99.7-0.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tshark-0.99.7-0.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-0.99.7-0.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-tools-0.99.7-0.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwireshark-devel-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tshark-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"wireshark-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"wireshark-tools-0.99.7-0.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:52", "description": "From Red Hat Security Advisory 2008:0058 :\n\nUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : wireshark (ELSA-2008-0058)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmi", "p-cpe:/a:oracle:linux:libsmi-devel", "p-cpe:/a:oracle:linux:wireshark", "p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0058.NASL", "href": "https://www.tenable.com/plugins/nessus/67642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0058 and \n# Oracle Linux Security Advisory ELSA-2008-0058 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67642);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0058\");\n\n script_name(english:\"Oracle Linux 4 / 5 : wireshark (ELSA-2008-0058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0058 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6112,\nCVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118,\nCVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438,\nCVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000496.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libsmi-0.4.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libsmi-0.4.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libsmi-devel-0.4.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libsmi-devel-0.4.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"wireshark-0.99.7-1.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"wireshark-0.99.7-1.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.7-1.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.7-1.el4.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-0.99.7-1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-0.99.7-1.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:51", "description": "The Wireshark team reports of multiple vulnerabilities :\n\n- Wireshark could crash when reading an MP3 file.\n\n- Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.\n\n- Stefan Esser discovered a buffer overflow in the SSL dissector.\n\n- The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.\n\n- The Firebird/Interbase dissector could go into an infinite loop or crash.\n\n- The NCP dissector could cause a crash.\n\n- The HTTP dissector could crash on some systems while decoding chunked messages.\n\n- The MEGACO dissector could enter a large loop and consume system resources.\n\n- The DCP ETSI dissector could enter a large loop and consume system resources.\n\n- Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.\n\n- The PPP dissector could overflow a buffer.\n\n- The Bluetooth SDP dissector could go into an infinite loop.\n\n- A malformed RPC Portmap packet could cause a crash.\n\n- The IPv6 dissector could loop excessively.\n\n- The USB dissector could loop excessively or crash.\n\n- The SMB dissector could crash.\n\n- The RPL dissector could go into an infinite loop.\n\n- The WiMAX dissector could crash due to unaligned access on some platforms.\n\n- The CIP dissector could attempt to allocate a huge amount of memory and crash. Impact It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.", "cvss3": {}, "published": "2007-12-24T00:00:00", "type": "nessus", "title": "FreeBSD : wireshark -- multiple vulnerabilities (8a835235-ae84-11dc-a5f9-001a4d49522b)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ethereal", "p-cpe:/a:freebsd:freebsd:ethereal-lite", "p-cpe:/a:freebsd:freebsd:tethereal", "p-cpe:/a:freebsd:freebsd:tethereal-lite", "p-cpe:/a:freebsd:freebsd:wireshark", "p-cpe:/a:freebsd:freebsd:wireshark-lite", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8A835235AE8411DCA5F9001A4D49522B.NASL", "href": "https://www.tenable.com/plugins/nessus/29772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29772);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n\n script_name(english:\"FreeBSD : wireshark -- multiple vulnerabilities (8a835235-ae84-11dc-a5f9-001a4d49522b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Wireshark team reports of multiple vulnerabilities :\n\n- Wireshark could crash when reading an MP3 file.\n\n- Beyond Security discovered that Wireshark could loop excessively\nwhile reading a malformed DNP packet.\n\n- Stefan Esser discovered a buffer overflow in the SSL dissector.\n\n- The ANSI MAP dissector could be susceptible to a buffer overflow on\nsome platforms.\n\n- The Firebird/Interbase dissector could go into an infinite loop or\ncrash.\n\n- The NCP dissector could cause a crash.\n\n- The HTTP dissector could crash on some systems while decoding\nchunked messages.\n\n- The MEGACO dissector could enter a large loop and consume system\nresources.\n\n- The DCP ETSI dissector could enter a large loop and consume system\nresources.\n\n- Fabiodds discovered a buffer overflow in the iSeries (OS/400)\nCommunication trace file parser.\n\n- The PPP dissector could overflow a buffer.\n\n- The Bluetooth SDP dissector could go into an infinite loop.\n\n- A malformed RPC Portmap packet could cause a crash.\n\n- The IPv6 dissector could loop excessively.\n\n- The USB dissector could loop excessively or crash.\n\n- The SMB dissector could crash.\n\n- The RPL dissector could go into an infinite loop.\n\n- The WiMAX dissector could crash due to unaligned access on some\nplatforms.\n\n- The CIP dissector could attempt to allocate a huge amount of memory\nand crash. Impact It may be possible to make Wireshark or Ethereal\ncrash or use up available memory by injecting a purposefully malformed\npacket onto the wire or by convincing someone to read a malformed\npacket trace file.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2007-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2007-03.html\"\n );\n # https://vuxml.freebsd.org/freebsd/8a835235-ae84-11dc-a5f9-001a4d49522b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f7fcebf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ethereal-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tethereal-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wireshark>=0.8.16<0.99.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite>=0.8.16<0.99.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ethereal>=0.8.16<0.99.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ethereal-lite>=0.8.16<0.99.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tethereal>=0.8.16<0.99.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tethereal-lite>=0.8.16<0.99.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:28:10", "description": "Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080121_WIRESHARK_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60350);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6111\", \"CVE-2007-6112\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6116\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6119\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6438\", \"CVE-2007-6439\", \"CVE-2007-6441\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6112,\nCVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,\nCVE-2007-3392, CVE-2007-3393, CVE-2007-6111, CVE-2007-6113,\nCVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120,\nCVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\nCVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=1833\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a57f048\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"libsmi-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libsmi-devel-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-0.99.7-EL3.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-gnome-0.99.7-EL3.1\")) flag++;\n\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"libsmi-0.4.5-2.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"libsmi-0.4.5-2\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"libsmi-devel-0.4.5-2.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"libsmi-devel-0.4.5-2\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"wireshark-0.99.7-1.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"wireshark-0.99.7-1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.7-1.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.7-1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libsmi-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmi-devel-0.4.5-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-0.99.7-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-0.99.7-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:13", "description": "From Red Hat Security Advisory 2008:0059 :\n\nUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : wireshark (ELSA-2008-0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmi", "p-cpe:/a:oracle:linux:libsmi-devel", "p-cpe:/a:oracle:linux:wireshark", "p-cpe:/a:oracle:linux:wireshark-gnome", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2008-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/67643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0059 and \n# Oracle Linux Security Advisory ELSA-2008-0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67643);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(24662, 26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0059\");\n\n script_name(english:\"Oracle Linux 3 : wireshark (ELSA-2008-0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0059 :\n\nUpdated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6114,\nCVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,\nCVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118,\nCVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000494.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libsmi-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libsmi-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libsmi-devel-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libsmi-devel-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-0.99.7-EL3.1.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-0.99.7-EL3.1.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"wireshark-gnome-0.99.7-EL3.1.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"wireshark-gnome-0.99.7-EL3.1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:58", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2008-01-21T00:00:00", "type": "nessus", "title": "RHEL 3 : wireshark (RHSA-2008:0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmi", "p-cpe:/a:redhat:enterprise_linux:libsmi-devel", "p-cpe:/a:redhat:enterprise_linux:wireshark", "p-cpe:/a:redhat:enterprise_linux:wireshark-gnome", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2008-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/30035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0059. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30035);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(24662, 26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0059\");\n\n script_name(english:\"RHEL 3 : wireshark (RHSA-2008:0059)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6114,\nCVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,\nCVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118,\nCVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6451\"\n );\n # http://www.wireshark.org/docs/relnotes/wireshark-0.99.7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/docs/relnotes/wireshark-0.99.7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0059\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0059\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"libsmi-0.4.5-3.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"libsmi-devel-0.4.5-3.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-0.99.7-EL3.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"wireshark-gnome-0.99.7-EL3.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:28:07", "description": "Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is included in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2008-01-22T00:00:00", "type": "nessus", "title": "CentOS 3 : wireshark (CESA-2008:0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmi", "p-cpe:/a:centos:centos:libsmi-devel", "p-cpe:/a:centos:centos:wireshark", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/30044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0059 and \n# CentOS Errata and Security Advisory 2008:0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30044);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\", \"CVE-2007-6114\", \"CVE-2007-6115\", \"CVE-2007-6117\", \"CVE-2007-6118\", \"CVE-2007-6120\", \"CVE-2007-6121\", \"CVE-2007-6450\", \"CVE-2007-6451\");\n script_bugtraq_id(24662, 26532, 27071);\n script_xref(name:\"RHSA\", value:\"2008:0059\");\n\n script_name(english:\"CentOS 3 : wireshark (CESA-2008:0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. Wireshark could crash or\npossibly execute arbitrary code as the user running Wireshark if it\nread a malformed packet off the network. (CVE-2007-6114,\nCVE-2007-6115, CVE-2007-6117)\n\nSeveral denial of service bugs were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off the\nnetwork. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,\nCVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118,\nCVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451)\n\nAs well, Wireshark switched from using net-snmp to libsmi, which is\nincluded in this errata.\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 0.99.7, and resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22d27ace\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3853ddf8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014637.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?496d5c10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"libsmi-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"libsmi-devel-0.4.5-3.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-0.99.7-EL3.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-gnome-0.99.7-EL3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmi / libsmi-devel / wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:29:43", "description": "A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or exhaustion of system memory.\n\nThis updated provides wireshark 0.99.6 which is not vulnerable to these issues.", "cvss3": {}, "published": "2007-07-11T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : wireshark (MDKSA-2007:145)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64wireshark0", "p-cpe:/a:mandriva:linux:libwireshark0", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:wireshark-tools", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1"], "id": "MANDRAKE_MDKSA-2007-145.NASL", "href": "https://www.tenable.com/plugins/nessus/25698", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:145. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25698);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3389\", \"CVE-2007-3390\", \"CVE-2007-3391\", \"CVE-2007-3392\", \"CVE-2007-3393\", \"CVE-2007-6113\");\n script_xref(name:\"MDKSA\", value:\"2007:145\");\n\n script_name(english:\"Mandrake Linux Security Advisory : wireshark (MDKSA-2007:145)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities in the Wireshark program were found that\ncould cause crashes, excessive looping, or exhaustion of system\nmemory.\n\nThis updated provides wireshark 0.99.6 which is not vulnerable to\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2007-02.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.6-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libwireshark0-0.99.6-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"tshark-0.99.6-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-0.99.6-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wireshark-tools-0.99.6-0.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-0.99.6-0mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libwireshark0-0.99.6-0mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tshark-0.99.6-0mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-0.99.6-0mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wireshark-tools-0.99.6-0mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-22T01:50:46", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1414-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 27, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121\n\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-6114\n\n Stefan Esser discovered a buffer overflow in the SSL dissector.\n "Fabiodds" discovered a buffer overflow in the iSeries trace\n dissector.\n\nCVE-2007-6117\n\n A programming error was discovered in the HTTP dissector, which may\n lead to denial of service.\n\nCVE-2007-6118\n\n The MEGACO dissector could be tricked into ressource exhaustion.\n\nCVE-2007-6120\n\n The Bluetooth SDP dissector could be tricked into an endless loop.\n\nCVE-2007-6121\n\n The RPC portmap dissector could be tricked into dereferencing\n a NULL pointer.\n\nFor the stable distribution (etch), these problems have been fixed\nin version 0.99.4-5.etch.1. Updates packages for sparc will be provided\nlater.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\ncalled Ethereal). Updates packages for sparc and m68k will be provided\nlater.\n\nWe recommend that you upgrade your wireshark/ethereal packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.dsc\n Size/MD5 checksum: 857 13f70e9eb8c1e2fed6ddeabb44ac1d3a\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.diff.gz\n Size/MD5 checksum: 178414 82a9fb4100a52b10d70e6bc2dd46ba71\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz\n Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_alpha.deb\n Size/MD5 checksum: 5473208 67be7f7d2a830e1d67596be0a034acb7\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_alpha.deb\n Size/MD5 checksum: 543316 de8d2e0552b0597aa86909587f7fbdd4\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_alpha.deb\n Size/MD5 checksum: 155344 d0f405c14922bf0947bcaba9f1e1b5b5\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_alpha.deb\n Size/MD5 checksum: 106564 9e173e76cfee54406243122f54fb8736\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_amd64.deb\n Size/MD5 checksum: 486588 a01a55b5556b78c96edc8be6a03f6164\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_amd64.deb\n Size/MD5 checksum: 5334642 4c11f3efdd48b23115b5a06fa1a2cad4\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_amd64.deb\n Size/MD5 checksum: 99666 e5974fe4027fa34906e9a233cfe79d28\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_amd64.deb\n Size/MD5 checksum: 154610 51ee5b66077bd1824f1c671627623288\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_arm.deb\n Size/MD5 checksum: 472962 3243aa716b6a61aa5059ff40ad74d19c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_arm.deb\n Size/MD5 checksum: 155880 2543ccfdacd0ad69e87b58dda3eac422\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_arm.deb\n Size/MD5 checksum: 96354 ab073d35ef7816c489497a316bce3866\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_arm.deb\n Size/MD5 checksum: 4684296 861dae74eefe8efac4d3608046fb869a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_hppa.deb\n Size/MD5 checksum: 489400 4cae5e9cf2847e646c3df2cafa491952\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_hppa.deb\n Size/MD5 checksum: 5787380 9c600f1e3bbaa39b2a5e4a799bbdb9fd\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_hppa.deb\n Size/MD5 checksum: 98554 866f8f5c39a42e11893b8292bcde21b6\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_hppa.deb\n Size/MD5 checksum: 154624 33c6ef867a81e16d3b42b250baf1ab6a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_i386.deb\n Size/MD5 checksum: 154588 82db1d1552a6ccf512f6f5ec2e8eed6f\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_i386.deb\n Size/MD5 checksum: 443758 56a43d004cf577cbf09f06b3990c1c23\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_i386.deb\n Size/MD5 checksum: 4529320 8ed21cc29d85ca22b07565e531357c59\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_i386.deb\n Size/MD5 checksum: 90984 36e28654888ed491c0afe8ca0942c1dc\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_ia64.deb\n Size/MD5 checksum: 6630094 3b4aee38a7f3149c3f2cb80271d3945b\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_ia64.deb\n Size/MD5 checksum: 129266 c60411c1b16b1b4823afe539ff6cc57b\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_ia64.deb\n Size/MD5 checksum: 674538 25dbd3438c8c4a82b7ad257101c670ac\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_ia64.deb\n Size/MD5 checksum: 154596 6bd05ac93b14002e99478f3df87ea689\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mips.deb\n Size/MD5 checksum: 4723420 846bf6114c51724ff12c0708d3e27f34\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mips.deb\n Size/MD5 checksum: 462884 065921607b447f0a7077eab8e067e27c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mips.deb\n Size/MD5 checksum: 154634 705ca5dbef162d627e0287662a680e2f\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mips.deb\n Size/MD5 checksum: 94858 751305284a78ed0519919a66295346f3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mipsel.deb\n Size/MD5 checksum: 458148 92424b86e76671aa039fcebe522bbfc4\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mipsel.deb\n Size/MD5 checksum: 94764 bc6bfe73e35bc3fde71f9fd38b5a7463\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mipsel.deb\n Size/MD5 checksum: 4460978 8ead9a4793611f12ffca619198a8f844\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mipsel.deb\n Size/MD5 checksum: 154652 a94fccae248051cd70470c4a7e4b77ce\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_powerpc.deb\n Size/MD5 checksum: 5067716 62f0be94422a471a622899f3f6f11e7c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_powerpc.deb\n Size/MD5 checksum: 154632 b6041c857bed2dbeeb49e21c890264eb\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_powerpc.deb\n Size/MD5 checksum: 455806 f6c9db48b4373d84daf858f8dfb275a2\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_powerpc.deb\n Size/MD5 checksum: 94406 23b71c5db6f0443ca3db0d072b4bb14b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_s390.deb\n Size/MD5 checksum: 99992 30d7eeb09507017a10c42e98f46e1d47\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_s390.deb\n Size/MD5 checksum: 154572 29756abde9da24dac8254d128d44bd8d\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_s390.deb\n Size/MD5 checksum: 479760 c0d947771c2ad6b8f12e25812c1e7c5b\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_s390.deb\n Size/MD5 checksum: 5622238 7d86c0b58dc43c6bd84b88d27e3713c1\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz\n Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.dsc\n Size/MD5 checksum: 1066 12e8146f9cc10fe216e4d1a0a750037f\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.diff.gz\n Size/MD5 checksum: 42799 61ed409b92000f30877799228daff252\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 117224 d85a0b7e63b0c953b6f152e185fba6a9\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 22014 ad8ccffe577de4016acc15866f769829\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 9319128 e75f6f5ee1d858b0fc2f9413ee415f5d\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 21736 1c5d57697ebe337f34240c9dd342e3d8\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 181550 209f75537b0acc9c17b54e6b7cfdac2b\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 21744 e9b9909b4528978a75d323d02389eff8\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 674254 55b36078f6d6f9f278ff34ff67cae28d\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_alpha.deb\n Size/MD5 checksum: 21748 525cdcc7f345f729181fb9399ca84867\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 22342 2db8ccf0421954242c6b7352503e7cba\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 9119562 ae17852ca0431cbb1b8fc6401c81aa21\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 22704 aeb68a6daccbd9c1c6cb711f26e93296\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 111974 010a55a4127333689fa8416d6214ec94\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 22352 cb17e51ae331c059ee2e2c2a71f4aa49\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 22360 5ee1e412767f67919ce51d0b534394a8\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 181590 44888c58cf54dc4329a30f55c4990d95\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_amd64.deb\n Size/MD5 checksum: 619562 efa93cc7f881dba55c9b5b7cc8cb6e1a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 22356 4c49ab66e1e2706808ea9697f72ecfb7\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 107198 8a5a6b4ea6cc4e3ab657f31aa1d4e6dc\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 22714 0544f54d45e84847e71381a7d43f0003\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 22372 be24fc579f74dd24836a9371066a7b79\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 22364 d891953d3c4904a3dc4c30408b90d81c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 7739170 f8d2410802c8f03b68f27d9e07a5f962\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 600424 cbd6182358b03954f5026bd971073a8c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_arm.deb\n Size/MD5 checksum: 181894 76286939d57837fefaa8c0ec3d535eee\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 634494 6be054401a1db64c84e61c1260d01fb6\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 22696 be88e7f598274dc6161c8ec6b94c30e7\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 109690 97e0c2d2f877d6bc5eb2d766309c01f4\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 182482 e075af8dcb3d7a13fca3828de39fd3d9\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 22348 866c000ad64e3376d0d9320805119728\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 22356 cfcbb7502fdc4020b9aad33f67beb665\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 9854626 d36c3a094773a6c812ec0b4e3dc010c9\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_hppa.deb\n Size/MD5 checksum: 22340 45fc4629c3fc77e7987f2179ddfa24be\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 564526 4b8eb4fb7d8f606ed1789c8df2cb039a\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 7501872 cbdc35a89f36b126c89b478452736cc6\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 102150 59cf091877d995796a33b6482ac413ea\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 22344 e9e76892435a11ab9f504f044893331d\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 22354 6c8610eef3cdb923a5848c3c6e31d0fe\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 22698 b2ff8d7600e250a50459ddc964f7dbdf\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 22336 b1aad678b3ddf89bf94759f9f3858fe4\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_i386.deb\n Size/MD5 checksum: 182520 a3d50d0da284264b733f40ee7febd08f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 182478 17b94fb0f374818cdd5ff7fffb814e3c\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 10650318 867330a74271726f25ec7cb437881675\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 145608 712a2349fd200a7d786416ed2e90b888\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 22350 db12f448877fa43dc8d16cf9f1bc0e76\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 22336 eab2d2ff1a049de7b0c350df34c49c6b\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 22344 4eebff3e87f1ef9410592a749c3d2542\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 827424 0b3cf3ee033095dc2b77b5e4c7a031fb\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_ia64.deb\n Size/MD5 checksum: 22690 c5c429e114db82106e54b6b850eee18b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 22338 0959e956ec8a654df5783d41f25fe097\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 8025014 79b62949c040c67c4bcab05f54b140a4\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 22692 473b7ab46163aa2eec6fc283d4d8b326\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 22354 93832d797079af2c7ed673eb8605ad08\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 182502 abb2e923e897c8e5737a3304ff879ed7\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 104892 7e25d3d517b0eb9ced49791660866358\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 588506 fed1a6a3a87b13a2cf706849b1cfab8b\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mips.deb\n Size/MD5 checksum: 22350 b1d818602719192cd5438c849b31ed4d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 22338 d7abb1c1005e8c57f6d9e9d74a32a8fa\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 104400 ca6d57ab13113dbaa3887a15dd65b6ea\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 575842 47be3916d499a906a4fe36b57c0cd17b\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 22690 910a891b06d9a04be03c69b70ae9cc9a\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 7406172 1385d56073bbd6ed2cfe42b1184937ac\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 22350 97e7d6303d485700ea905521a4e46a6f\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 22358 9d188ba3e2989713f6eb406a56602588\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mipsel.deb\n Size/MD5 checksum: 182486 28a53abb380114393defbff0ec50df65\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 22692 2f49b7a64f01b0a1037b61c36a015ed3\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 104106 3418723376cbb0c3c18570ff68799836\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 22338 99363115fa0dd4224dda0bc0e2e4762b\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 182508 32eeaf5941336b48467accf6d14ea9ce\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 583462 dc78a9149389f6bc886a0211247e3539\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 22352 47332c4cbce63f538b5b9d4f610b0a24\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 22356 38c932a69d2a5ef6ba577d82b1b16857\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_powerpc.deb\n Size/MD5 checksum: 8605364 a431421901f9019bff4ce868f4e46c40\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 22694 fa6f3fc7a39dc1b8b6030452488bf12a\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 22334 9c6cd498668d092e4b9794c40356466f\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 9755928 444aa912362bae9470537dd497bd60a3\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 22338 24797312504679250cdd8b893e0996d4\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 182454 fe98e9d9ad70ceb84d66657815bd6778\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 640886 c4eb7212909a6ad41cb1becf8bfe3656\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 115478 7761780c7281fd5d3c488fc16df95a1e\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_s390.deb\n Size/MD5 checksum: 22354 75e8c12f8e5530ce95fdcbea118ec269\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2007-11-27T00:39:25", "type": "debian", "title": "[SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121"], "modified": "2007-11-27T00:39:25", "id": "DEBIAN:DSA-1414-1:6CA34", "href": "https://lists.debian.org/debian-security-announce/2007/msg00194.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1414-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 27, 2007 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121\r\n\r\nSeveral remote vulnerabilities have been discovered in the Wireshark\r\nnetwork traffic analyzer, which may lead to denial of service or the\r\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems:\r\n\r\nCVE-2007-6114\r\n\r\n Stefan Esser discovered a buffer overflow in the SSL dissector.\r\n "Fabiodds" discovered a buffer overflow in the iSeries trace\r\n dissector.\r\n\r\nCVE-2007-6117\r\n\r\n A programming error was discovered in the HTTP dissector, which may\r\n lead to denial of service.\r\n\r\nCVE-2007-6118\r\n\r\n The MEGACO dissector could be tricked into ressource exhaustion.\r\n\r\nCVE-2007-6120\r\n\r\n The Bluetooth SDP dissector could be tricked into an endless loop.\r\n\r\nCVE-2007-6121\r\n\r\n The RPC portmap dissector could be tricked into dereferencing\r\n a NULL pointer.\r\n\r\nFor the stable distribution (etch), these problems have been fixed\r\nin version 0.99.4-5.etch.1. Updates packages for sparc will be provided\r\nlater.\r\n\r\nFor the old stable distribution (sarge), these problems have been\r\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\r\ncalled Ethereal). Updates packages for sparc and m68k will be provided\r\nlater.\r\n\r\nWe recommend that you upgrade your wireshark/ethereal packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian 3.1 (oldstable)\r\n- ----------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.dsc\r\n Size/MD5 checksum: 857 13f70e9eb8c1e2fed6ddeabb44ac1d3a\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.diff.gz\r\n Size/MD5 checksum: 178414 82a9fb4100a52b10d70e6bc2dd46ba71\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz\r\n Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_alpha.deb\r\n Size/MD5 checksum: 5473208 67be7f7d2a830e1d67596be0a034acb7\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_alpha.deb\r\n Size/MD5 checksum: 543316 de8d2e0552b0597aa86909587f7fbdd4\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_alpha.deb\r\n Size/MD5 checksum: 155344 d0f405c14922bf0947bcaba9f1e1b5b5\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_alpha.deb\r\n Size/MD5 checksum: 106564 9e173e76cfee54406243122f54fb8736\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_amd64.deb\r\n Size/MD5 checksum: 486588 a01a55b5556b78c96edc8be6a03f6164\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_amd64.deb\r\n Size/MD5 checksum: 5334642 4c11f3efdd48b23115b5a06fa1a2cad4\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_amd64.deb\r\n Size/MD5 checksum: 99666 e5974fe4027fa34906e9a233cfe79d28\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_amd64.deb\r\n Size/MD5 checksum: 154610 51ee5b66077bd1824f1c671627623288\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_arm.deb\r\n Size/MD5 checksum: 472962 3243aa716b6a61aa5059ff40ad74d19c\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_arm.deb\r\n Size/MD5 checksum: 155880 2543ccfdacd0ad69e87b58dda3eac422\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_arm.deb\r\n Size/MD5 checksum: 96354 ab073d35ef7816c489497a316bce3866\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_arm.deb\r\n Size/MD5 checksum: 4684296 861dae74eefe8efac4d3608046fb869a\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_hppa.deb\r\n Size/MD5 checksum: 489400 4cae5e9cf2847e646c3df2cafa491952\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_hppa.deb\r\n Size/MD5 checksum: 5787380 9c600f1e3bbaa39b2a5e4a799bbdb9fd\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_hppa.deb\r\n Size/MD5 checksum: 98554 866f8f5c39a42e11893b8292bcde21b6\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_hppa.deb\r\n Size/MD5 checksum: 154624 33c6ef867a81e16d3b42b250baf1ab6a\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_i386.deb\r\n Size/MD5 checksum: 154588 82db1d1552a6ccf512f6f5ec2e8eed6f\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_i386.deb\r\n Size/MD5 checksum: 443758 56a43d004cf577cbf09f06b3990c1c23\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_i386.deb\r\n Size/MD5 checksum: 4529320 8ed21cc29d85ca22b07565e531357c59\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_i386.deb\r\n Size/MD5 checksum: 90984 36e28654888ed491c0afe8ca0942c1dc\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_ia64.deb\r\n Size/MD5 checksum: 6630094 3b4aee38a7f3149c3f2cb80271d3945b\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_ia64.deb\r\n Size/MD5 checksum: 129266 c60411c1b16b1b4823afe539ff6cc57b\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_ia64.deb\r\n Size/MD5 checksum: 674538 25dbd3438c8c4a82b7ad257101c670ac\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_ia64.deb\r\n Size/MD5 checksum: 154596 6bd05ac93b14002e99478f3df87ea689\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mips.deb\r\n Size/MD5 checksum: 4723420 846bf6114c51724ff12c0708d3e27f34\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mips.deb\r\n Size/MD5 checksum: 462884 065921607b447f0a7077eab8e067e27c\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mips.deb\r\n Size/MD5 checksum: 154634 705ca5dbef162d627e0287662a680e2f\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mips.deb\r\n Size/MD5 checksum: 94858 751305284a78ed0519919a66295346f3\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mipsel.deb\r\n Size/MD5 checksum: 458148 92424b86e76671aa039fcebe522bbfc4\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mipsel.deb\r\n Size/MD5 checksum: 94764 bc6bfe73e35bc3fde71f9fd38b5a7463\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mipsel.deb\r\n Size/MD5 checksum: 4460978 8ead9a4793611f12ffca619198a8f844\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mipsel.deb\r\n Size/MD5 checksum: 154652 a94fccae248051cd70470c4a7e4b77ce\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_powerpc.deb\r\n Size/MD5 checksum: 5067716 62f0be94422a471a622899f3f6f11e7c\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_powerpc.deb\r\n Size/MD5 checksum: 154632 b6041c857bed2dbeeb49e21c890264eb\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_powerpc.deb\r\n Size/MD5 checksum: 455806 f6c9db48b4373d84daf858f8dfb275a2\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_powerpc.deb\r\n Size/MD5 checksum: 94406 23b71c5db6f0443ca3db0d072b4bb14b\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_s390.deb\r\n Size/MD5 checksum: 99992 30d7eeb09507017a10c42e98f46e1d47\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_s390.deb\r\n Size/MD5 checksum: 154572 29756abde9da24dac8254d128d44bd8d\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_s390.deb\r\n Size/MD5 checksum: 479760 c0d947771c2ad6b8f12e25812c1e7c5b\r\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_s390.deb\r\n Size/MD5 checksum: 5622238 7d86c0b58dc43c6bd84b88d27e3713c1\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz\r\n Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.dsc\r\n Size/MD5 checksum: 1066 12e8146f9cc10fe216e4d1a0a750037f\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.diff.gz\r\n Size/MD5 checksum: 42799 61ed409b92000f30877799228daff252\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 117224 d85a0b7e63b0c953b6f152e185fba6a9\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 22014 ad8ccffe577de4016acc15866f769829\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 9319128 e75f6f5ee1d858b0fc2f9413ee415f5d\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 21736 1c5d57697ebe337f34240c9dd342e3d8\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 181550 209f75537b0acc9c17b54e6b7cfdac2b\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 21744 e9b9909b4528978a75d323d02389eff8\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 674254 55b36078f6d6f9f278ff34ff67cae28d\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_alpha.deb\r\n Size/MD5 checksum: 21748 525cdcc7f345f729181fb9399ca84867\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 22342 2db8ccf0421954242c6b7352503e7cba\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 9119562 ae17852ca0431cbb1b8fc6401c81aa21\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 22704 aeb68a6daccbd9c1c6cb711f26e93296\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 111974 010a55a4127333689fa8416d6214ec94\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 22352 cb17e51ae331c059ee2e2c2a71f4aa49\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 22360 5ee1e412767f67919ce51d0b534394a8\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 181590 44888c58cf54dc4329a30f55c4990d95\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_amd64.deb\r\n Size/MD5 checksum: 619562 efa93cc7f881dba55c9b5b7cc8cb6e1a\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 22356 4c49ab66e1e2706808ea9697f72ecfb7\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 107198 8a5a6b4ea6cc4e3ab657f31aa1d4e6dc\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 22714 0544f54d45e84847e71381a7d43f0003\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 22372 be24fc579f74dd24836a9371066a7b79\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 22364 d891953d3c4904a3dc4c30408b90d81c\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 7739170 f8d2410802c8f03b68f27d9e07a5f962\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 600424 cbd6182358b03954f5026bd971073a8c\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_arm.deb\r\n Size/MD5 checksum: 181894 76286939d57837fefaa8c0ec3d535eee\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 634494 6be054401a1db64c84e61c1260d01fb6\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 22696 be88e7f598274dc6161c8ec6b94c30e7\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 109690 97e0c2d2f877d6bc5eb2d766309c01f4\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 182482 e075af8dcb3d7a13fca3828de39fd3d9\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 22348 866c000ad64e3376d0d9320805119728\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 22356 cfcbb7502fdc4020b9aad33f67beb665\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 9854626 d36c3a094773a6c812ec0b4e3dc010c9\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_hppa.deb\r\n Size/MD5 checksum: 22340 45fc4629c3fc77e7987f2179ddfa24be\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 564526 4b8eb4fb7d8f606ed1789c8df2cb039a\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 7501872 cbdc35a89f36b126c89b478452736cc6\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 102150 59cf091877d995796a33b6482ac413ea\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 22344 e9e76892435a11ab9f504f044893331d\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 22354 6c8610eef3cdb923a5848c3c6e31d0fe\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 22698 b2ff8d7600e250a50459ddc964f7dbdf\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 22336 b1aad678b3ddf89bf94759f9f3858fe4\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_i386.deb\r\n Size/MD5 checksum: 182520 a3d50d0da284264b733f40ee7febd08f\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 182478 17b94fb0f374818cdd5ff7fffb814e3c\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 10650318 867330a74271726f25ec7cb437881675\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 145608 712a2349fd200a7d786416ed2e90b888\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 22350 db12f448877fa43dc8d16cf9f1bc0e76\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 22336 eab2d2ff1a049de7b0c350df34c49c6b\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 22344 4eebff3e87f1ef9410592a749c3d2542\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 827424 0b3cf3ee033095dc2b77b5e4c7a031fb\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_ia64.deb\r\n Size/MD5 checksum: 22690 c5c429e114db82106e54b6b850eee18b\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 22338 0959e956ec8a654df5783d41f25fe097\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 8025014 79b62949c040c67c4bcab05f54b140a4\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 22692 473b7ab46163aa2eec6fc283d4d8b326\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 22354 93832d797079af2c7ed673eb8605ad08\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 182502 abb2e923e897c8e5737a3304ff879ed7\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 104892 7e25d3d517b0eb9ced49791660866358\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 588506 fed1a6a3a87b13a2cf706849b1cfab8b\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mips.deb\r\n Size/MD5 checksum: 22350 b1d818602719192cd5438c849b31ed4d\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 22338 d7abb1c1005e8c57f6d9e9d74a32a8fa\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 104400 ca6d57ab13113dbaa3887a15dd65b6ea\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 575842 47be3916d499a906a4fe36b57c0cd17b\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 22690 910a891b06d9a04be03c69b70ae9cc9a\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 7406172 1385d56073bbd6ed2cfe42b1184937ac\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 22350 97e7d6303d485700ea905521a4e46a6f\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 22358 9d188ba3e2989713f6eb406a56602588\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mipsel.deb\r\n Size/MD5 checksum: 182486 28a53abb380114393defbff0ec50df65\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 22692 2f49b7a64f01b0a1037b61c36a015ed3\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 104106 3418723376cbb0c3c18570ff68799836\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 22338 99363115fa0dd4224dda0bc0e2e4762b\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 182508 32eeaf5941336b48467accf6d14ea9ce\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 583462 dc78a9149389f6bc886a0211247e3539\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 22352 47332c4cbce63f538b5b9d4f610b0a24\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 22356 38c932a69d2a5ef6ba577d82b1b16857\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_powerpc.deb\r\n Size/MD5 checksum: 8605364 a431421901f9019bff4ce868f4e46c40\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 22694 fa6f3fc7a39dc1b8b6030452488bf12a\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 22334 9c6cd498668d092e4b9794c40356466f\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 9755928 444aa912362bae9470537dd497bd60a3\r\n http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 22338 24797312504679250cdd8b893e0996d4\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 182454 fe98e9d9ad70ceb84d66657815bd6778\r\n http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 640886 c4eb7212909a6ad41cb1becf8bfe3656\r\n http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 115478 7761780c7281fd5d3c488fc16df95a1e\r\n http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_s390.deb\r\n Size/MD5 checksum: 22354 75e8c12f8e5530ce95fdcbea118ec269\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFHS2GEXm3vHE4uyloRAoQ2AKC5GfbCzvCX3+6gRt5uPMr4sxAgqACfQGz3\r\nWhpZ2Bo2+NDEtZs7ba3jwGo=\r\n=5Tfg\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2007-11-29T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120"], "modified": "2007-11-29T00:00:00", "id": "SECURITYVULNS:DOC:18530", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18530", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:27", "description": "Buffer overflow on SSL parsing, DoS on HTTP, MEGACO, Bluetooth SDP, RPC parsing.", "cvss3": {}, "published": "2007-11-29T00:00:00", "type": "securityvulns", "title": "WireShark sniffer multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120"], "modified": "2007-11-29T00:00:00", "id": "SECURITYVULNS:VULN:8386", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8386", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osv": [{"lastseen": "2022-07-21T08:35:00", "description": "\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or \nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\n* [CVE-2007-6114](https://security-tracker.debian.org/tracker/CVE-2007-6114)\nStefan Esser discovered a buffer overflow in the SSL dissector.\n Fabiodds discovered a buffer overflow in the iSeries trace\n dissector.\n* [CVE-2007-6117](https://security-tracker.debian.org/tracker/CVE-2007-6117)\nA programming error was discovered in the HTTP dissector, which may\n lead to denial of service.\n* [CVE-2007-6118](https://security-tracker.debian.org/tracker/CVE-2007-6118)\nThe MEGACO dissector could be tricked into resource exhaustion.\n* [CVE-2007-6120](https://security-tracker.debian.org/tracker/CVE-2007-6120)\nThe Bluetooth SDP dissector could be tricked into an endless loop.\n* [CVE-2007-6121](https://security-tracker.debian.org/tracker/CVE-2007-6121)\nThe RPC portmap dissector could be tricked into dereferencing\n a NULL pointer.\n\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\ncalled Ethereal). Updated packages for sparc and m68k will be provided\nlater.\n\n\nFor the stable distribution (etch), these problems have been fixed\nin version 0.99.4-5.etch.1. Updated packages for sparc will be provided\nlater.\n\n\nWe recommend that you upgrade your wireshark/ethereal packages.\n\n\n", "cvss3": {}, "published": "2007-11-27T00:00:00", "type": "osv", "title": "wireshark - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6121", "CVE-2007-6114", "CVE-2007-6120"], "modified": "2022-07-21T05:46:24", "id": "OSV:DSA-1414-1", "href": "https://osv.dev/vulnerability/DSA-1414-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:51", "description": "### Background\n\nWireshark is a network protocol analyzer with a graphical front-end. \n\n### Description\n\nMultiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored with Wireshark or entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running Wireshark (which might be the root user), or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-0.99.7\"", "cvss3": {}, "published": "2007-12-30T00:00:00", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2007-12-30T00:00:00", "id": "GLSA-200712-23", "href": "https://security.gentoo.org/glsa/200712-23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-01-01T02:55:51", "description": "**CentOS Errata and Security Advisory** CESA-2008:0058\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\r\npreviously known as Ethereal.\r\n\r\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly\r\nexecute arbitrary code as the user running Wireshark if it read a malformed\r\npacket off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\r\nCVE-2007-6117)\r\n\r\nSeveral denial of service bugs were found in Wireshark. Wireshark could\r\ncrash or stop responding if it read a malformed packet off the network.\r\n(CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\r\nCVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\r\nCVE-2007-6450, CVE-2007-6451)\r\n\r\nAs well, Wireshark switched from using net-snmp to libsmi, which is\r\nincluded in this errata.\r\n\r\nUsers of wireshark should upgrade to these updated packages, which contain\r\nWireshark version 0.99.7, and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064110.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064111.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064113.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064119.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064127.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064128.html\n\n**Affected packages:**\nlibsmi\nlibsmi-devel\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0058", "cvss3": {}, "published": "2008-01-21T17:15:49", "type": "centos", "title": "libsmi, wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2008-01-25T02:24:10", "id": "CESA-2008:0058", "href": "https://lists.centos.org/pipermail/centos-announce/2008-January/064110.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-01T02:55:51", "description": "**CentOS Errata and Security Advisory** CESA-2008:0059\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\r\npreviously known as Ethereal.\r\n\r\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly\r\nexecute arbitrary code as the user running Wireshark if it read a malformed\r\npacket off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\r\n\r\nSeveral denial of service bugs were found in Wireshark. Wireshark could\r\ncrash or stop responding if it read a malformed packet off the network.\r\n(CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\r\nCVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\r\nCVE-2007-6450, CVE-2007-6451)\r\n\r\nAs well, Wireshark switched from using net-snmp to libsmi, which is\r\nincluded in this errata.\r\n\r\nUsers of wireshark should upgrade to these updated packages, which contain\r\nWireshark version 0.99.7, and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064106.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064107.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064112.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-January/064117.html\n\n**Affected packages:**\nlibsmi\nlibsmi-devel\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0059", "cvss3": {}, "published": "2008-01-21T15:05:11", "type": "centos", "title": "libsmi, wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2008-01-24T00:41:11", "id": "CESA-2008:0059", "href": "https://lists.centos.org/pipermail/centos-announce/2008-January/064106.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:18", "description": " wireshark-0.99.7-1.el5.0.1:\n \n [0.99.7-1.el5.0.1]\n - Add oracle-ocfs2-network.patch\n \n [0.99.7-1]\n - upgrade to 0.99.7\n - switch to libsmi from net-snmp\n - disable ADNS due to its lack of Ipv6 support\n - Resolves: #397411\n \n libsmi-0.4.5-2.el5:\n \n [0.4.5-2]\n - Handle rpath problems in 64-bit systems (#209522).\n \n [0.4.5-1]\n - Update to 0.4.5.\n \n [0.4.4-1]\n - Update to 0.4.4.\n \n [0.4.3-1]\n - First build. ", "cvss3": {}, "published": "2008-01-22T00:00:00", "type": "oraclelinux", "title": "Moderate: wireshark security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6438", "CVE-2007-6119", "CVE-2007-6112", "CVE-2007-6111", "CVE-2007-6121", "CVE-2007-6451", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6114", "CVE-2007-6120", "CVE-2007-6439", "CVE-2007-6113", "CVE-2007-6116", "CVE-2007-6115"], "modified": "2008-01-22T00:00:00", "id": "ELSA-2008-0058", "href": "http://linux.oracle.com/errata/ELSA-2008-0058.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:43:28", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\r\npreviously known as Ethereal.\r\n\r\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly\r\nexecute arbitrary code as the user running Wireshark if it read a malformed\r\npacket off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,\r\nCVE-2007-6117)\r\n\r\nSeveral denial of service bugs were found in Wireshark. Wireshark could\r\ncrash or stop responding if it read a malformed packet off the network.\r\n(CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,\r\nCVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,\r\nCVE-2007-6450, CVE-2007-6451)\r\n\r\nAs well, Wireshark switched from using net-snmp to libsmi, which is\r\nincluded in this errata.\r\n\r\nUsers of wireshark should upgrade to these updated packages, which contain\r\nWireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2008-01-21T00:00:00", "type": "redhat", "title": "(RHSA-2008:0058) Moderate: wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2017-09-08T08:06:06", "id": "RHSA-2008:0058", "href": "https://access.redhat.com/errata/RHSA-2008:0058", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:58", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\r\npreviously known as Ethereal.\r\n\r\nSeveral flaws were found in Wireshark. Wireshark could crash or possibly\r\nexecute arbitrary code as the user running Wireshark if it read a malformed\r\npacket off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117)\r\n\r\nSeveral denial of service bugs were found in Wireshark. Wireshark could\r\ncrash or stop responding if it read a malformed packet off the network.\r\n(CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392,\r\nCVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121,\r\nCVE-2007-6450, CVE-2007-6451)\r\n\r\nAs well, Wireshark switched from using net-snmp to libsmi, which is\r\nincluded in this errata.\r\n\r\nUsers of wireshark should upgrade to these updated packages, which contain\r\nWireshark version 0.99.7, and resolve these issues.", "cvss3": {}, "published": "2008-01-21T00:00:00", "type": "redhat", "title": "(RHSA-2008:0059) Moderate: wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2017-07-28T14:43:39", "id": "RHSA-2008:0059", "href": "https://access.redhat.com/errata/RHSA-2008:0059", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nThe Wireshark team reports of multiple vulnerabilities:\n\n\nWireshark could crash when reading an MP3 file.\nBeyond Security discovered that Wireshark could loop\n\t excessively while reading a malformed DNP packet.\nStefan Esser discovered a buffer overflow in the SSL\n\t dissector.\nThe ANSI MAP dissector could be susceptible to a\n\t buffer overflow on some platforms.\nThe Firebird/Interbase dissector could go into an\n\t infinite loop or crash.\nThe NCP dissector could cause a crash.\nThe HTTP dissector could crash on some systems while\n\t decoding chunked messages.\nThe MEGACO dissector could enter a large loop and\n\t consume system resources.\nThe DCP ETSI dissector could enter a large loop and\n\t consume system resources.\nFabiodds discovered a buffer overflow in the iSeries\n\t (OS/400) Communication trace file parser.\nThe PPP dissector could overflow a buffer.\nThe Bluetooth SDP dissector could go into an infinite\n\t loop.\nA malformed RPC Portmap packet could cause a\n\t crash.\nThe IPv6 dissector could loop excessively.\nThe USB dissector could loop excessively or crash.\nThe SMB dissector could crash.\nThe RPL dissector could go into an infinite loop.\nThe WiMAX dissector could crash due to unaligned\n\t access on some platforms.\nThe CIP dissector could attempt to allocate a huge\n\t amount of memory and crash.\n\nImpact\nIt may be possible to make Wireshark or Ethereal crash or\n\t use up available memory by injecting a purposefully\n\t malformed packet onto the wire or by convincing someone to\n\t read a malformed packet trace file.\n\n\n", "cvss3": {}, "published": "2007-12-19T00:00:00", "type": "freebsd", "title": "wireshark -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"], "modified": "2007-12-22T00:00:00", "id": "8A835235-AE84-11DC-A5F9-001A4D49522B", "href": "https://vuxml.freebsd.org/freebsd/8a835235-ae84-11dc-a5f9-001a4d49522b.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-02-14T06:12:39", "description": "Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "debiancve", "title": "CVE-2007-6439", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116", "CVE-2007-6119", "CVE-2007-6439"], "modified": "2007-12-19T22:46:00", "id": "DEBIANCVE:CVE-2007-6439", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6439", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6119", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6119"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6119", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6119", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6115", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6115"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6115", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6115", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6118", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6118"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6118", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6118", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6112", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6112", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6112", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6114", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6114", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6114", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6121", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6121"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6121", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-23T06:10:00", "description": "The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6120", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6120"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6120", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6120", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6113", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6113"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6113", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6113", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6117", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6117"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6117", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6117", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-23T06:10:00", "description": "The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6116", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-23T06:10:00", "description": "Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "debiancve", "title": "CVE-2007-6111", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111"], "modified": "2007-11-23T20:46:00", "id": "DEBIANCVE:CVE-2007-6111", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6111", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-14T06:12:39", "description": "Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "debiancve", "title": "CVE-2007-6438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6438"], "modified": "2007-12-19T22:46:00", "id": "DEBIANCVE:CVE-2007-6438", "href": "https://security-tracker.debian.org/tracker/CVE-2007-6438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-02-15T16:44:19", "description": "Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a\ndenial of service (infinite or large loop) via the (1) IPv6 or (2) USB\ndissector, which can trigger resource consumption or a crash. NOTE: this\nidentifier originally included Firebird/Interbase, but it is already\ncovered by CVE-2007-6116. The DCP ETSI issue is already covered by\nCVE-2007-6119.", "cvss3": {}, "published": "2007-12-19T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6439", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116", "CVE-2007-6119", "CVE-2007-6439"], "modified": "2007-12-19T00:00:00", "id": "UB:CVE-2007-6439", "href": "https://ubuntu.com/security/CVE-2007-6439", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T16:44:46", "description": "The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows\nremote attackers to cause a denial of service (long loop and resource\nconsumption) via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6119", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6119"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6119", "href": "https://ubuntu.com/security/CVE-2007-6119", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T16:44:48", "description": "Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal)\n0.99.5 to 0.99.6, when running on unspecified platforms, allows remote\nattackers to cause a denial of service and possibly execute arbitrary code\nvia unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6115", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6115"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6115", "href": "https://ubuntu.com/security/CVE-2007-6115", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-15T16:44:48", "description": "Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6\nallows remote attackers to cause a denial of service (crash) and possibly\nexecute arbitrary code via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6112", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6112", "href": "https://ubuntu.com/security/CVE-2007-6112", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-15T16:44:47", "description": "The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6\nallows remote attackers to cause a denial of service (long loop and\nresource consumption) via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6118", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6118"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6118", "href": "https://ubuntu.com/security/CVE-2007-6118", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T16:44:47", "description": "Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through\n0.99.6 allow remote attackers to cause a denial of service (crash) and\npossibly execute arbitrary code via (1) the SSL dissector or (2) the\niSeries (OS/400) Communication trace file parser.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6114", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6114", "href": "https://ubuntu.com/security/CVE-2007-6114", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-15T16:44:48", "description": "Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to\ncause a denial of service (crash) via a malformed RPC Portmap packet.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6121", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6121"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6121", "href": "https://ubuntu.com/security/CVE-2007-6121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T16:44:49", "description": "Integer signedness error in the DNP3 dissector in Wireshark (formerly\nEthereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of\nservice (long loop) via a malformed DNP3 packet.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6113", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6113"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6113", "href": "https://ubuntu.com/security/CVE-2007-6113", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T16:44:45", "description": "The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6\nallows remote attackers to cause a denial of service (infinite loop) via\nunknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6120", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6120"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6120", "href": "https://ubuntu.com/security/CVE-2007-6120", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T16:44:48", "description": "Unspecified vulnerability in the HTTP dissector for Wireshark (formerly\nEthereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via crafted chunked\nmessages.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6117", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6117"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6117", "href": "https://ubuntu.com/security/CVE-2007-6117", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T16:44:47", "description": "The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6\nallows remote attackers to cause a denial of service (infinite loop or\ncrash) via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6116", "href": "https://ubuntu.com/security/CVE-2007-6116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-15T16:44:50", "description": "Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow\nremote attackers to cause a denial of service (crash) via (1) a crafted MP3\nfile or (2) unspecified vectors to the NCP dissector.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501>\n", "cvss3": {}, "published": "2007-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6111", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111"], "modified": "2007-11-23T00:00:00", "id": "UB:CVE-2007-6111", "href": "https://ubuntu.com/security/CVE-2007-6111", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T16:44:20", "description": "Unspecified vulnerability in the SMB dissector in Wireshark (formerly\nEthereal) 0.99.6 allows remote attackers to cause a denial of service via\nunknown vectors. NOTE: this identifier originally included MP3 and NCP, but\nthose issues are already covered by CVE-2007-6111.", "cvss3": {}, "published": "2007-12-19T00:00:00", "type": "ubuntucve", "title": "CVE-2007-6438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6438"], "modified": "2007-12-19T00:00:00", "id": "UB:CVE-2007-6438", "href": "https://ubuntu.com/security/CVE-2007-6438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-13T06:40:15", "description": "Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6439", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116", "CVE-2007-6119", "CVE-2007-6439"], "modified": "2023-02-13T02:18:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6439", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:41", "description": "The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6119", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6119"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6119", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6119", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:38", "description": "Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6115", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6115"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6115", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:40", "description": "Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6112", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112"], "modified": "2018-10-15T21:49:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6112", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:41", "description": "The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6118", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6118"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.16", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:ethereal_group:ethereal:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9.14", "cpe:/a:ethereal_group:ethereal:0.9.15", "cpe:/a:wireshark:wireshark:0.99", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99.5"], "id": "CVE-2007-6118", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6118", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:40", "description": "Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6114", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:0.99"], "id": "CVE-2007-6114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6114", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:40", "description": "Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6121", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6121"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.10", "cpe:/a:ethereal_group:ethereal:0.9.6", "cpe:/a:ethereal_group:ethereal:0.10", "cpe:/a:wireshark:wireshark:0.8.16", "cpe:/a:ethereal_group:ethereal:0.8.20", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9.9", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.8.18", "cpe:/a:ethereal_group:ethereal:0.10.13", "cpe:/a:ethereal_group:ethereal:0.10.2", "cpe:/a:ethereal_group:ethereal:0.10.11", "cpe:/a:ethereal_group:ethereal:0.10.14", "cpe:/a:ethereal_group:ethereal:0.10.6", "cpe:/a:ethereal_group:ethereal:0.10.3", "cpe:/a:ethereal_group:ethereal:0.9.16", "cpe:/a:wireshark:wireshark:0.9.8", "cpe:/a:ethereal_group:ethereal:0.9", "cpe:/a:ethereal_group:ethereal:0.9.7", "cpe:/a:ethereal_group:ethereal:0.10.7", "cpe:/a:ethereal_group:ethereal:0.8.16", "cpe:/a:ethereal_group:ethereal:0.9.12", "cpe:/a:ethereal_group:ethereal:0.10.4", "cpe:/a:ethereal_group:ethereal:0.8.17a", "cpe:/a:ethereal_group:ethereal:0.10.0", "cpe:/a:ethereal_group:ethereal:0.10.10", "cpe:/a:ethereal_group:ethereal:0.9.8", "cpe:/a:ethereal_group:ethereal:0.9.14", "cpe:/a:ethereal_group:ethereal:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9.15", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:ethereal_group:ethereal:0.8.19", "cpe:/a:ethereal_group:ethereal:0.9.0", "cpe:/a:ethereal_group:ethereal:0.9.11", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99", "cpe:/a:ethereal_group:ethereal:0.8.17", "cpe:/a:ethereal_group:ethereal:0.10.9", "cpe:/a:ethereal_group:ethereal:0.10.1", "cpe:/a:ethereal_group:ethereal:0.10.5", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:ethereal_group:ethereal:0.10.12", "cpe:/a:ethereal_group:ethereal:0.9.13", "cpe:/a:wireshark:wireshark:0.9.10", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:ethereal_group:ethereal:0.10.8", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.10.0a", "cpe:/a:ethereal_group:ethereal:0.9.5"], "id": "CVE-2007-6121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.20:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.17a:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:40", "description": "Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6113", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6113"], "modified": "2018-10-15T21:49:00", "cpe": ["cpe:/a:wireshark:wireshark:0.10.9", "cpe:/a:wireshark:wireshark:0.8.16", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:0.10.2", "cpe:/a:wireshark:wireshark:0.9.14", "cpe:/a:wireshark:wireshark:0.10.8", "cpe:/a:wireshark:wireshark:0.9.8", "cpe:/a:wireshark:wireshark:0.10.6", "cpe:/a:wireshark:wireshark:0.10.4", "cpe:/a:wireshark:wireshark:0.9.2", "cpe:/a:wireshark:wireshark:0.6", "cpe:/a:wireshark:wireshark:0.9.15", "cpe:/a:wireshark:wireshark:0.9.5", "cpe:/a:wireshark:wireshark:0.7.9", "cpe:/a:wireshark:wireshark:0.9.6", "cpe:/a:wireshark:wireshark:0.9.7", "cpe:/a:wireshark:wireshark:0.10.7", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:0.99", "cpe:/a:wireshark:wireshark:0.8.20", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:0.9.10", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.10.12", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.10.13", "cpe:/a:wireshark:wireshark:0.10.5", "cpe:/a:wireshark:wireshark:0.8.19", "cpe:/a:wireshark:wireshark:0.10.3"], "id": "CVE-2007-6113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6113", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.14:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.19:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.20:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:41", "description": "The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6120", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6120"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.10", "cpe:/a:ethereal_group:ethereal:0.9.6", "cpe:/a:ethereal_group:ethereal:0.10", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9.9", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.8.18", "cpe:/a:ethereal_group:ethereal:0.10.13", "cpe:/a:ethereal_group:ethereal:0.10.2", "cpe:/a:ethereal_group:ethereal:0.10.11", "cpe:/a:ethereal_group:ethereal:0.10.14", "cpe:/a:ethereal_group:ethereal:0.8.5", "cpe:/a:ethereal_group:ethereal:0.10.6", "cpe:/a:ethereal_group:ethereal:0.10.3", "cpe:/a:ethereal_group:ethereal:0.9.16", "cpe:/a:ethereal_group:ethereal:0.9", "cpe:/a:ethereal_group:ethereal:0.9.7", "cpe:/a:ethereal_group:ethereal:0.10.7", "cpe:/a:ethereal_group:ethereal:0.8.16", "cpe:/a:ethereal_group:ethereal:0.9.12", "cpe:/a:ethereal_group:ethereal:0.10.4", "cpe:/a:ethereal_group:ethereal:0.10.10", "cpe:/a:ethereal_group:ethereal:0.9.8", "cpe:/a:ethereal_group:ethereal:0.9.14", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:0.99", "cpe:/a:ethereal_group:ethereal:0.8.19", "cpe:/a:ethereal_group:ethereal:0.9.15", "cpe:/a:ethereal_group:ethereal:0.9.11", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:ethereal_group:ethereal:0.8.17", "cpe:/a:ethereal_group:ethereal:0.10.9", "cpe:/a:ethereal_group:ethereal:0.10.1", "cpe:/a:ethereal_group:ethereal:0.10.5", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:ethereal_group:ethereal:0.10.12", "cpe:/a:ethereal_group:ethereal:0.9.13", "cpe:/a:ethereal_group:ethereal:0.10.8", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.9.5"], "id": "CVE-2007-6120", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6120", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:41", "description": "Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6117", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6117"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:0.10.14", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:wireshark:wireshark:0.99"], "id": "CVE-2007-6117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6117", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:39", "description": "The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6116", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116"], "modified": "2018-10-15T21:50:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:16:40", "description": "Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.", "cvss3": {}, "published": "2007-11-23T20:46:00", "type": "cve", "title": "CVE-2007-6111", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111"], "modified": "2018-10-15T21:49:00", "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.10", "cpe:/a:ethereal_group:ethereal:0.8.7", "cpe:/a:ethereal_group:ethereal:0.9.9", "cpe:/a:ethereal_group:ethereal:0.9.6", "cpe:/a:ethereal_group:ethereal:0.10", "cpe:/a:wireshark:wireshark:0.8.16", "cpe:/a:ethereal_group:ethereal:0.8.20", "cpe:/a:wireshark:wireshark:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9_.0", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.8.13", "cpe:/a:ethereal_group:ethereal:0.8.18", "cpe:/a:ethereal_group:ethereal:0.10.13", "cpe:/a:ethereal_group:ethereal:0.8.9", "cpe:/a:ethereal_group:ethereal:0.10.2", "cpe:/a:ethereal_group:ethereal:0.10.11", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.8.5", "cpe:/a:ethereal_group:ethereal:0.10.14", "cpe:/a:ethereal_group:ethereal:0.10.3", "cpe:/a:ethereal_group:ethereal:0.8.4", "cpe:/a:ethereal_group:ethereal:0.10.6", "cpe:/a:ethereal_group:ethereal:0.9.16", "cpe:/a:wireshark:wireshark:0.9.8", "cpe:/a:ethereal_group:ethereal:0.9", "cpe:/a:ethereal_group:ethereal:0.9.7", "cpe:/a:ethereal_group:ethereal:0.10.7", "cpe:/a:ethereal_group:ethereal:0.8.14", "cpe:/a:ethereal_group:ethereal:0.8.16", "cpe:/a:ethereal_group:ethereal:0.9.12", "cpe:/a:ethereal_group:ethereal:0.10.4", "cpe:/a:ethereal_group:ethereal:0.8.17a", "cpe:/a:ethereal_group:ethereal:0.10.0", "cpe:/a:wireshark:wireshark:0.99.4", "cpe:/a:ethereal_group:ethereal:0.10.10", "cpe:/a:ethereal_group:ethereal:0.8.8", "cpe:/a:ethereal_group:ethereal:0.8", "cpe:/a:wireshark:wireshark:0.7.9", "cpe:/a:ethereal_group:ethereal:0.9.8", "cpe:/a:ethereal_group:ethereal:0.8.6", "cpe:/a:ethereal_group:ethereal:0.7.7", "cpe:/a:ethereal_group:ethereal:0.9.14", "cpe:/a:ethereal_group:ethereal:0.99.0", "cpe:/a:ethereal_group:ethereal:0.9.15", "cpe:/a:ethereal_group:ethereal:0.8.15", "cpe:/a:ethereal_group:ethereal:0.8.19", "cpe:/a:ethereal_group:ethereal:0.9.0", "cpe:/a:ethereal_group:ethereal:0.8.11", "cpe:/a:ethereal_group:ethereal:0.8.12", "cpe:/a:wireshark:wireshark:0.99.5", "cpe:/a:ethereal_group:ethereal:0.9.11", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:wireshark:wireshark:0.99", "cpe:/a:ethereal_group:ethereal:0.8.10", "cpe:/a:ethereal_group:ethereal:0.8.17", "cpe:/a:ethereal_group:ethereal:0.10.1", "cpe:/a:ethereal_group:ethereal:0.10.5", "cpe:/a:ethereal_group:ethereal:0.10.9", "cpe:/a:wireshark:wireshark:0.99.1", "cpe:/a:ethereal_group:ethereal:0.10.12", "cpe:/a:ethereal_group:ethereal:0.9.13", "cpe:/a:wireshark:wireshark:0.9.10", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:ethereal_group:ethereal:0.10.8", "cpe:/a:wireshark:wireshark:0.99.3", "cpe:/a:wireshark:wireshark:0.99.2", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.10.0a", "cpe:/a:ethereal_group:ethereal:0.9.5"], "id": "CVE-2007-6111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6111", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.20:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.17a:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9_.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:48", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6115. Reason: This candidate is a duplicate of CVE-2007-6115. Notes: All CVE users should reference CVE-2007-6115 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6443", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6115", "CVE-2007-6443"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6443", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6443", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:49", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6118. Reason: This candidate is a duplicate of CVE-2007-6118. Notes: All CVE users should reference CVE-2007-6118 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6446", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6118", "CVE-2007-6446"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6446", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6446", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:47", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6112. Reason: This candidate is a duplicate of CVE-2007-6112. Notes: All CVE users should reference CVE-2007-6112 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6440", "cwe": ["CWE-119", "NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6112", "CVE-2007-6440"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6440", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:48", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6114. Reason: This candidate is a duplicate of CVE-2007-6114. Notes: All CVE users should reference CVE-2007-6114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6442", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6114", "CVE-2007-6442"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6442", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:50", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6114. Reason: This candidate is a duplicate of CVE-2007-6114. Notes: All CVE users should reference CVE-2007-6114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6447", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6114", "CVE-2007-6447"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6447", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:51", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6449", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6121", "CVE-2007-6449"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6449", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:03:46", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113. Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-09-05T19:17:00", "type": "cve", "title": "CVE-2007-4721", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-4721", "CVE-2007-6113"], "modified": "2008-02-11T05:00:00", "cpe": [], "id": "CVE-2007-4721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4721", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:49", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6444", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6113", "CVE-2007-6444"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6444", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:50", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6448", "cwe": ["CWE-119", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6120", "CVE-2007-6448"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6448", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T13:32:54", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6445", "cwe": ["NVD-CWE-noinfo", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-6117", "CVE-2007-6445"], "modified": "2008-01-10T05:00:00", "cpe": [], "id": "CVE-2007-6445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6445", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-13T06:40:16", "description": "Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.", "cvss3": {}, "published": "2007-12-19T22:46:00", "type": "cve", "title": "CVE-2007-6438", "cwe": ["CWE-119", "NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111", "CVE-2007-6438"], "modified": "2023-02-13T02:18:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6"], "id": "CVE-2007-6438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-07-27T10:06:42", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. \n", "cvss3": {}, "published": "2020-04-10T00:23:13", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6119"], "modified": "2022-04-19T18:28:53", "id": "VERACODE:23338", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23338/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-27T09:59:51", "description": "wireshark is vulnerable to arbitrary code execution. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:11", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6115"], "modified": "2022-04-19T18:28:54", "id": "VERACODE:23334", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23334/summary", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:00:06", "description": "wireshark is vulnerable to arbitrary code execution. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:10", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6112"], "modified": "2022-04-19T18:28:49", "id": "VERACODE:23331", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23331/summary", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:06:42", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:12", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6118"], "modified": "2022-04-19T18:28:49", "id": "VERACODE:23337", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23337/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-27T09:59:35", "description": "wireshark is vulnerable to arbitrary code execution. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:11", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6114"], "modified": "2022-04-19T18:28:51", "id": "VERACODE:23333", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23333/summary", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:23:23", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. \n", "cvss3": {}, "published": "2020-04-10T00:23:13", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6121"], "modified": "2022-04-19T18:28:53", "id": "VERACODE:23340", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23340/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:23:22", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. \n", "cvss3": {}, "published": "2020-04-10T00:23:13", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6120"], "modified": "2022-04-19T18:28:52", "id": "VERACODE:23339", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23339/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:42:16", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:11", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6113"], "modified": "2022-04-19T18:35:54", "id": "VERACODE:23332", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23332/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:23:22", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:12", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6117"], "modified": "2022-04-19T18:28:53", "id": "VERACODE:23336", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23336/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:23:20", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:12", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6116"], "modified": "2022-04-19T18:28:48", "id": "VERACODE:23335", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23335/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:12:03", "description": "wireshark is vulnerable to denial of service. Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network.\n", "cvss3": {}, "published": "2020-04-10T00:23:10", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6111"], "modified": "2022-04-19T18:28:51", "id": "VERACODE:23330", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23330/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}]}
Fedora 7 : wireshark-0.99.7-1.fc7 (2007-4690)
