Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-717.NASL
HistoryNov 27, 2014 - 12:00 a.m.

openSUSE Security Update : wireshark (openSUSE-SU-2014:1503-1)

2014-11-2700:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

wireshark was updated to fix five security issues. These security issues were fixed :

  • SigComp UDVM buffer overflow (CVE-2014-8710).

  • AMQP crash (CVE-2014-8711).

  • NCP crashes (CVE-2014-8712, CVE-2014-8713).

  • TN5250 infinite loops (CVE-2014-8714).

For openSUSE 12.3 and 13.1 further bug fixes and updated protocol support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html

For openSUSE 13.2 further bug fixes and updated protocol support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-717.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79592);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-8710", "CVE-2014-8711", "CVE-2014-8712", "CVE-2014-8713", "CVE-2014-8714");

  script_name(english:"openSUSE Security Update : wireshark (openSUSE-SU-2014:1503-1)");
  script_summary(english:"Check for the openSUSE-2014-717 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"wireshark was updated to fix five security issues. 	 These security
issues were fixed :

  - SigComp UDVM buffer overflow (CVE-2014-8710).

  - AMQP crash (CVE-2014-8711).

  - NCP crashes (CVE-2014-8712, CVE-2014-8713).

  - TN5250 infinite loops (CVE-2014-8714).

For openSUSE 12.3 and 13.1 further bug fixes and updated protocol
support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html

For openSUSE 13.2 further bug fixes and updated protocol support are
described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905246"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905247"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected wireshark packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"wireshark-1.10.11-1.48.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"wireshark-debuginfo-1.10.11-1.48.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"wireshark-debugsource-1.10.11-1.48.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"wireshark-devel-1.10.11-1.48.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"wireshark-1.10.11-28.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"wireshark-debuginfo-1.10.11-28.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"wireshark-debugsource-1.10.11-28.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"wireshark-devel-1.10.11-28.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-debuginfo-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-debugsource-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-devel-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-gtk-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-gtk-debuginfo-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-qt-1.12.2-4.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"wireshark-ui-qt-debuginfo-1.12.2-4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-debuginfo / wireshark-debugsource / etc");
}
VendorProductVersionCPE
novellopensusewiresharkp-cpe:/a:novell:opensuse:wireshark
novellopensusewireshark-debuginfop-cpe:/a:novell:opensuse:wireshark-debuginfo
novellopensusewireshark-debugsourcep-cpe:/a:novell:opensuse:wireshark-debugsource
novellopensusewireshark-develp-cpe:/a:novell:opensuse:wireshark-devel
novellopensusewireshark-ui-gtkp-cpe:/a:novell:opensuse:wireshark-ui-gtk
novellopensusewireshark-ui-gtk-debuginfop-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo
novellopensusewireshark-ui-qtp-cpe:/a:novell:opensuse:wireshark-ui-qt
novellopensusewireshark-ui-qt-debuginfop-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo
novellopensuse12.3cpe:/o:novell:opensuse:12.3
novellopensuse13.1cpe:/o:novell:opensuse:13.1
Rows per page:
1-10 of 111

Related

openvas 16
archlinux 3
nessus 17
osv 2
debian 2
fedora 2
securityvulns 2
mageia 1
veracode 9
redhat 2
oraclelinux 2
amazon 1
centos 2
ubuntucve 5
debiancve 5
prion 5
cvelist 5
cve 5
oracle 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1520-1)
2021-06-09 00:00:00
Fedora Update for wireshark FEDORA-2014-15320
2015-01-05 00:00:00
Fedora Update for wireshark FEDORA-2014-15244
2014-12-05 00:00:00
archlinux
archlinux
wireshark-qt: denial of service
2014-11-20 00:00:00
wireshark-cli: denial of service
2014-11-20 00:00:00
wireshark-gtk: denial of service
2014-11-20 00:00:00
nessus
nessus
SuSE 11.3 Security Update : wireshark (SAT Patch Number 9968)
2014-11-28 00:00:00
Debian DSA-3076-1 : wireshark - security update
2014-11-26 00:00:00
Wireshark 1.12.x < 1.12.2 Multiple DoS Vulnerabilities
2014-11-14 00:00:00
osv
osv
wireshark - security update
2014-11-25 00:00:00
wireshark - security update
2015-04-22 00:00:00
debian
debian
[SECURITY] [DSA 3076-1] wireshark security update
2014-11-25 20:51:42
[SECURITY] [DLA 198-1] wireshark security update
2015-04-22 09:45:46
fedora
fedora
[SECURITY] Fedora 20 Update: wireshark-1.10.11-1.fc20
2014-12-04 06:22:05
[SECURITY] Fedora 21 Update: wireshark-1.12.2-1.fc21
2014-12-06 10:51:00
securityvulns
securityvulns
[ MDVSA-2014:223 ] wireshark
2014-11-24 00:00:00
wireshark multiple security vulnerabilities
2014-11-24 00:00:00
mageia
mageia
Updated wireshark packages fix security vulnerabilities
2014-11-21 15:44:16
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:41:09
Buffer Underflow
2019-05-02 05:41:10
Out-of-bounds Read
2019-05-02 05:41:10
redhat
redhat
(RHSA-2015:1460) Moderate: wireshark security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2393) Moderate: wireshark security, bug fix, and enhancement update
2015-11-19 13:43:56
oraclelinux
oraclelinux
wireshark security, bug fix, and enhancement update
2015-07-28 00:00:00
wireshark security, bug fix, and enhancement update
2015-11-23 00:00:00
amazon
amazon
Medium: wireshark
2015-08-17 12:29:00
centos
centos
wireshark security update
2015-07-26 14:12:34
wireshark security update
2015-11-30 19:55:40
ubuntucve
ubuntucve
CVE-2014-8713
2014-11-23 00:00:00
CVE-2014-8714
2014-11-23 00:00:00
CVE-2014-8711
2014-11-23 00:00:00
debiancve
debiancve
CVE-2014-8713
2014-11-23 02:59:00
CVE-2014-8711
2014-11-23 02:59:00
CVE-2014-8712
2014-11-23 02:59:00
prion
prion
Code injection
2014-11-23 02:59:00
Integer overflow
2014-11-23 02:59:00
Code injection
2014-11-23 02:59:00
cvelist
cvelist
CVE-2014-8712
2014-11-23 02:00:00
CVE-2014-8714
2014-11-23 02:00:00
CVE-2014-8713
2014-11-23 02:00:00
cve
cve
CVE-2014-8712
2014-11-23 02:59:00
CVE-2014-8711
2014-11-23 02:59:00
CVE-2014-8714
2014-11-23 02:59:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
JSON
Related for OPENSUSE-2014-717.NASL
openvas16archlinux3nessus17osv2debian2fedora2securityvulns2mageia1veracode9redhat2oraclelinux2amazon1centos2ubuntucve5debiancve5prion5cvelist5cve5oracle1