MiracleLinux 4 : wireshark-1.8.10-4.AXS4 (AXSA:2014-031:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-031:01.
##

include('compat.inc');

if (description)
{
  script_id(291484);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2012-2392",
    "CVE-2012-3825",
    "CVE-2012-4285",
    "CVE-2012-4288",
    "CVE-2012-4289",
    "CVE-2012-4290",
    "CVE-2012-4291",
    "CVE-2012-4292",
    "CVE-2012-6056",
    "CVE-2012-6059",
    "CVE-2012-6060",
    "CVE-2012-6061",
    "CVE-2012-6062",
    "CVE-2013-3557",
    "CVE-2013-3559",
    "CVE-2013-3561",
    "CVE-2013-4081",
    "CVE-2013-4083",
    "CVE-2013-4927",
    "CVE-2013-4931"
  );

  script_name(english:"MiracleLinux 4 : wireshark-1.8.10-4.AXS4 (AXSA:2014-031:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2014-031:01 advisory.

    This package lays base for libpcap, a packet capture and filtering library, contains command-line
    utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged
    separately to GTK+ package.
    Security issues fixed with this release:
     CVE-2012-2392
    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service
    (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5)
    LTP dissectors.
     CVE-2012-3825
    Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers
    to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI
    dissectors, a different vulnerability than CVE-2012-2392.
     CVE-2012-4285
    The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x
    before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of
    service (divide-by-zero error and application crash) via a zero-length message.
     CVE-2012-4288
    Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in
    Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to
    cause a denial of service (loop or application crash) via a large value for a span length.
     CVE-2012-4289
    epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
    and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via
    a large number of ACL entries.
     CVE-2012-4290
    The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows
    remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
     CVE-2012-4291
    The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows
    remote attackers to cause a denial of service (memory consumption) via a malformed packet.
     CVE-2012-4292
    The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark
    1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-
    destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service
    (application crash) via a malformed packet.
     CVE-2012-6056
    Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector
    in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a
    crafted Duplicate TSN count.
     CVE-2012-6059
    The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x
    before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption
    parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed
    packet.
     CVE-2012-6060
    Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI
    dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a
    denial of service (infinite loop) via a malformed packet.
     CVE-2012-6061
    The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x
    before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows
    remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in
    a packet.
     CVE-2012-6062
    The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x
    before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop)
    via a crafted packet.
     CVE-2013-3557
    The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark
    1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows
    remote attackers to cause a denial of service (application crash) via a malformed packet.
     CVE-2013-3559
    epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect
    integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap
    memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
     CVE-2013-3561
    Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of
    service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector,
    an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
     CVE-2013-4081
    The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark
    1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach,
    which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.
     CVE-2013-4083
    The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x
    before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which
    allows remote attackers to cause a denial of service (application crash) via a crafted packet.
     CVE-2013-4927
    Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the
    Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers
    to cause a denial of service (loop and CPU consumption) via a crafted packet.
     CVE-2013-4931
    epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a
    denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.
     CVE-2013-4932
    Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in
    Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service
    (application crash) via a crafted packet.
     CVE-2013-4933
    The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and
    1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of
    service (application crash) via a crafted packet-trace file.
     CVE-2013-4934
    The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and
    1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause
    a denial of service (application crash) via a crafted packet-trace file.
     CVE-2013-4935
    The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in
    Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain
    abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a
    crafted packet.
     CVE-2013-4936
    The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in
    Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a
    denial of service (NULL pointer dereference and application crash) via a crafted packet.
     CVE-2013-5721
    The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before
    1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows
    remote attackers to cause a denial of service (application crash) via a crafted packet.
    Fixed bugs:
     Wireshark now support parsing the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1
    and as such can now dissect and handle NFSv4.1 traffic.
     Previously, the dfilter-test.py test suite reported many failures because the frame arrival times in a
    text file were reported one hour ahead from the timestamps in the packet capture file; this has been
    fixed.
     Previously, the tshark -D command returned output to STDERR instead of STDOUT. This could break scripts
    parsing the tshark -D output and has been fixed: tshark -D now outputs to STDOUT.
     Fixed an array overrun that could make wireshark crash.
     Added the manual pages for the dftest and randpkt commands.
    Enhancements:
     Added support for InfiniBand and GlusterFS traffic.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4491");
  script_set_attribute(attribute:"solution", value:
"Update the affected wireshark and / or wireshark-gnome packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4927");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2013-4931");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:wireshark");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:wireshark-gnome");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'wireshark-1.8.10-4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'wireshark-1.8.10-4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'wireshark-gnome-1.8.10-4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'wireshark-gnome-1.8.10-4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'wireshark / wireshark-gnome');
}