Mandriva Linux Security Advisory : wireshark (MDVSA-2008:001-1)

2009-04-2300:00:00

www.tenable.com

A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution.

This update provides Wireshark 0.99.7 which is not vulnerable to these issues.

An updated version of libsmi is also being provided, not because of security issues, but because this version of wireshark uses it instead of net-snmp for SNMP support.

Update :

This update is being reissued without libcap (kernel capabilities) support, as that is not required by the original released packages, and thus gave trouble for a number of users.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2008:001. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36583);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451");
  script_xref(name:"MDVSA", value:"2008:001-1");

  script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2008:001-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities in the Wireshark program were found that
could cause crashes, excessive looping, or arbitrary code execution.

This update provides Wireshark 0.99.7 which is not vulnerable to these
issues.

An updated version of libsmi is also being provided, not because of
security issues, but because this version of wireshark uses it instead
of net-snmp for SNMP support.

Update :

This update is being reissued without libcap (kernel capabilities)
support, as that is not required by the original released packages,
and thus gave trouble for a number of users."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.wireshark.org/security/wnpa-sec-2007-03.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 119, 189, 264, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64wireshark0-0.99.7-0.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libwireshark0-0.99.7-0.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"tshark-0.99.7-0.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"wireshark-0.99.7-0.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"wireshark-tools-0.99.7-0.2mdv2007.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64wireshark0-0.99.7-0.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libwireshark0-0.99.7-0.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tshark-0.99.7-0.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"wireshark-0.99.7-0.2mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"wireshark-tools-0.99.7-0.2mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64wireshark-devel-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64wireshark0-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libwireshark-devel-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libwireshark0-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tshark-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"wireshark-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"wireshark-tools-0.99.7-0.2mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxlib64wireshark-develp-cpe:/a:mandriva:linux:lib64wireshark-devel
mandrivalinuxlib64wireshark0p-cpe:/a:mandriva:linux:lib64wireshark0
mandrivalinuxlibwireshark-develp-cpe:/a:mandriva:linux:libwireshark-devel
mandrivalinuxlibwireshark0p-cpe:/a:mandriva:linux:libwireshark0
mandrivalinuxtsharkp-cpe:/a:mandriva:linux:tshark
mandrivalinuxwiresharkp-cpe:/a:mandriva:linux:wireshark
mandrivalinuxwireshark-toolsp-cpe:/a:mandriva:linux:wireshark-tools
mandrivalinux2007cpe:/o:mandriva:linux:2007
mandrivalinux2007.1cpe:/o:mandriva:linux:2007.1
mandrivalinux2008.0cpe:/o:mandriva:linux:2008.0

Vendor	Product	Version	CPE
mandriva	linux	lib64wireshark-devel	p-cpe:/a:mandriva:linux:lib64wireshark-devel
mandriva	linux	lib64wireshark0	p-cpe:/a:mandriva:linux:lib64wireshark0
mandriva	linux	libwireshark-devel	p-cpe:/a:mandriva:linux:libwireshark-devel
mandriva	linux	libwireshark0	p-cpe:/a:mandriva:linux:libwireshark0
mandriva	linux	tshark	p-cpe:/a:mandriva:linux:tshark
mandriva	linux	wireshark	p-cpe:/a:mandriva:linux:wireshark
mandriva	linux	wireshark-tools	p-cpe:/a:mandriva:linux:wireshark-tools
mandriva	linux	2007	cpe:/o:mandriva:linux:2007
mandriva	linux	2007.1	cpe:/o:mandriva:linux:2007.1
mandriva	linux	2008.0	cpe:/o:mandriva:linux:2008.0