{"id": "SOLARIS11_WIRESHARK_20141120.NASL", "bulletinFamily": "scanner", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "published": "2015-01-19T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "reporter": "Tenable", "references": ["http://www.nessus.org/u?6ccbc2d4", "http://www.nessus.org/u?4a913f44"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "type": "nessus", "lastseen": "2019-02-21T01:23:18", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "edition": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "72b73d3049ea462f9e42559784c43e67ca0b491a3e19955b57f72c87e7180541", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "7fae14589dff05e1f9eb5bc104ac3f74", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "8189b3605d410522a0b672d079e88109", "key": "description"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "222db930eba6926f069661c53b483763", "key": "cpe"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "8f3a02b6075a1b6f6180c1c62ea229e7", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2017-10-29T13:42:51", "modified": "2015-01-19T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?ad9f40ee"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad9f40ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:42:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "edition": 1, "enchantments": {}, "hash": "a2d3f49bf4318d651b513af3e3ddd7735f553a957180bb863d7b94c764a8aa63", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "7fae14589dff05e1f9eb5bc104ac3f74", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "8189b3605d410522a0b672d079e88109", "key": "description"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "8f3a02b6075a1b6f6180c1c62ea229e7", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2016-09-26T17:25:54", "modified": "2015-01-19T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.2", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?ad9f40ee"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad9f40ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "72b73d3049ea462f9e42559784c43e67ca0b491a3e19955b57f72c87e7180541", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "7fae14589dff05e1f9eb5bc104ac3f74", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "8189b3605d410522a0b672d079e88109", "key": "description"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "222db930eba6926f069661c53b483763", "key": "cpe"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "8f3a02b6075a1b6f6180c1c62ea229e7", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2018-09-02T00:01:27", "modified": "2015-01-19T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?ad9f40ee"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad9f40ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:01:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "edition": 5, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "b0d122b337ae502d00ccb4aa3d37b305c6ea3a11cc0e1ad3d652dd34964754e8", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "d02a5327997be42235a6c7c9b905846d", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "8189b3605d410522a0b672d079e88109", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "222db930eba6926f069661c53b483763", "key": "cpe"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f45797895c9752666b7ed6411db56db5", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2018-11-17T03:10:39", "modified": "2018-11-15T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?6ccbc2d4", "http://www.nessus.org/u?4a913f44"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ccbc2d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-17T03:10:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string functions in epan/ dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/ packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2014-6432)", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "7ea007fa4f23d2cc251034be8f271f6cab6719fa66564c95be96e40a6c4fa1e1", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "7fae14589dff05e1f9eb5bc104ac3f74", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "8189b3605d410522a0b672d079e88109", "key": "description"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "222db930eba6926f069661c53b483763", "key": "cpe"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "8f3a02b6075a1b6f6180c1c62ea229e7", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2018-08-30T19:52:27", "modified": "2015-01-19T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?ad9f40ee"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad9f40ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:52:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "cvelist": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6422", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425", "CVE-2014-6429"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:20:41", "references": [{"idList": ["OPENVAS:703049", "OPENVAS:1361412562310123270", "OPENVAS:1361412562310703049", "OPENVAS:1361412562310121338", "OPENVAS:1361412562310871277", "OPENVAS:1361412562310123268", "OPENVAS:1361412562310882064", "OPENVAS:1361412562310120427", "OPENVAS:1361412562310882066", "OPENVAS:1361412562310871278"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:31109", "SECURITYVULNS:VULN:13981"], "type": "securityvulns"}, {"idList": ["GLSA-201412-52"], "type": "gentoo"}, {"idList": ["DEBIAN:DSA-3049-1:3F615", "DEBIAN:DLA-198-1:FF28E"], "type": "debian"}, {"idList": ["ALAS-2014-446"], "type": "amazon"}, {"idList": ["CESA-2014:1676", "CESA-2014:1677"], "type": "centos"}, {"idList": ["CVE-2014-6431", "CVE-2014-6432", "CVE-2014-6424", "CVE-2014-6426", "CVE-2014-6430", "CVE-2014-6421", "CVE-2014-6428", "CVE-2014-6427", "CVE-2014-6423", "CVE-2014-6425"], "type": "cve"}, {"idList": ["ELSA-2014-1677", "ELSA-2014-1676"], "type": "oraclelinux"}, {"idList": ["REDHAT-RHSA-2014-1676.NASL", "REDHAT-RHSA-2014-1677.NASL", "ORACLELINUX_ELSA-2014-1676.NASL", "GENTOO_GLSA-201412-52.NASL", "CENTOS_RHSA-2014-1676.NASL", "SL_20141021_WIRESHARK_ON_SL6_X.NASL", "SL_20141021_WIRESHARK_ON_SL5_X.NASL", "CENTOS_RHSA-2014-1677.NASL", "ALA_ALAS-2014-446.NASL", "ORACLELINUX_ELSA-2014-1677.NASL"], "type": "nessus"}, {"idList": ["SUSE-SU-2014:1221-1"], "type": "suse"}, {"idList": ["SOL16940", "F5:K16939", "F5:K16940", "SOL16939"], "type": "f5"}, {"idList": ["RHSA-2014:1676", "RHSA-2014:1677"], "type": "redhat"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "91e6178b4e21ecb6649c56bd8e84ff3612c03283482df24d2281a9f9ae3fdafd", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "490ce6584c91efd2b34fa6bb62c49a8e", "key": "href"}, {"hash": "d02a5327997be42235a6c7c9b905846d", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "2786b0e8e6205edac629e48d6992a79b", "key": "description"}, {"hash": "263dfe83041a90479c49d26e3bf00a3b", "key": "pluginID"}, {"hash": "ac3cfd3cc637cfc477535085d0623213", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "222db930eba6926f069661c53b483763", "key": "cpe"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "published"}, {"hash": "dd3b5da8259860b1b7fd1e3943da42db", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f45797895c9752666b7ed6411db56db5", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80816", "id": "SOLARIS11_WIRESHARK_20141120.NASL", "lastseen": "2019-01-16T20:20:41", "modified": "2018-11-15T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "80816", "published": "2015-01-19T00:00:00", "references": ["http://www.nessus.org/u?6ccbc2d4", "http://www.nessus.org/u?4a913f44"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ccbc2d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:20:41"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "222db930eba6926f069661c53b483763"}, {"key": "cvelist", "hash": "dd3b5da8259860b1b7fd1e3943da42db"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "8189b3605d410522a0b672d079e88109"}, {"key": "href", "hash": "490ce6584c91efd2b34fa6bb62c49a8e"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "be2073bfad5e624acf0f878f09eda795"}, {"key": "pluginID", "hash": "263dfe83041a90479c49d26e3bf00a3b"}, {"key": "published", "hash": "11f77624342c1d306e42f33a43f1ce21"}, {"key": "references", "hash": "d02a5327997be42235a6c7c9b905846d"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f45797895c9752666b7ed6411db56db5"}, {"key": "title", "hash": "ac3cfd3cc637cfc477535085d0623213"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b0d122b337ae502d00ccb4aa3d37b305c6ea3a11cc0e1ad3d652dd34964754e8", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2014-446"]}, {"type": "nessus", "idList": ["SL_20141021_WIRESHARK_ON_SL6_X.NASL", "GENTOO_GLSA-201412-52.NASL", "ALA_ALAS-2014-446.NASL", "REDHAT-RHSA-2014-1677.NASL", "REDHAT-RHSA-2014-1676.NASL", "CENTOS_RHSA-2014-1676.NASL", "ORACLELINUX_ELSA-2014-1676.NASL", "SL_20141021_WIRESHARK_ON_SL5_X.NASL", "DEBIAN_DSA-3049.NASL", "ORACLELINUX_ELSA-2014-1677.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871278", "OPENVAS:1361412562310123270", "OPENVAS:1361412562310882066", "OPENVAS:1361412562310703049", "OPENVAS:1361412562310882064", "OPENVAS:1361412562310120427", "OPENVAS:1361412562310121338", "OPENVAS:703049", "OPENVAS:1361412562310871277", "OPENVAS:1361412562310123268"]}, {"type": "centos", "idList": ["CESA-2014:1676", "CESA-2014:1677"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1676", "ELSA-2014-1677"]}, {"type": "redhat", "idList": ["RHSA-2014:1676", "RHSA-2014:1677"]}, {"type": "gentoo", "idList": ["GLSA-201412-52"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3049-1:3F615", "DEBIAN:DLA-198-1:FF28E"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13981", "SECURITYVULNS:DOC:31109"]}, {"type": "f5", "idList": ["F5:K16940", "F5:K16939", "SOL16939", "SOL16940"]}, {"type": "cve", "idList": ["CVE-2014-6426", "CVE-2014-6424", "CVE-2014-6421", "CVE-2014-6423", "CVE-2014-6431", "CVE-2014-6427", "CVE-2014-6425", "CVE-2014-6430", "CVE-2014-6432", "CVE-2014-6428"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1221-1"]}], "modified": "2019-02-21T01:23:18"}, "score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80816);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the SDP dissector in\n Wireshark 1.10.x before 1.10.10 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted packet that leverages split memory ownership\n between the SDP and RTP dissectors. (CVE-2014-6421)\n\n - The SDP dissector in Wireshark 1.10.x before 1.10.10\n creates duplicate hashtables for a media channel, which\n allows remote attackers to cause a denial of service\n (application crash) via a crafted packet to the RTP\n dissector. (CVE-2014-6422)\n\n - The tvb_raw_text_add function in\n epan/dissectors/packet-megaco.c in the MEGACO dissector\n in Wireshark 1.10.x before 1.10.10 and 1.12.x before\n 1.12.1 allows remote attackers to cause a denial of\n service (infinite loop) via an empty line.\n (CVE-2014-6423)\n\n - The dissect_v9_v10_pdu_data function in\n epan/dissectors/packet-netflow.c in the Netflow\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 refers to incorrect offset and start\n variables, which allows remote attackers to cause a\n denial of service (uninitialized memory read and\n application crash) via a crafted packet. (CVE-2014-6424)\n\n - The (1) get_quoted_string and (2) get_unquoted_string\n functions in epan/ dissectors/packet-cups.c in the CUPS\n dissector in Wireshark 1.12.x before 1.12.1 allow remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a CUPS packet that lacks a\n trailing '\\0' character. (CVE-2014-6425)\n\n - The dissect_hip_tlv function in\n epan/dissectors/packet-hip.c in the HIP dissector in\n Wireshark 1.12.x before 1.12.1 does not properly handle\n a NULL tree, which allows remote attackers to cause a\n denial of service (infinite loop) via a crafted packet.\n (CVE-2014-6426)\n\n - Off-by-one error in the is_rtsp_request_or_reply\n function in epan/dissectors/ packet-rtsp.c in the RTSP\n dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x\n before 1.12.1 allows remote attackers to cause a denial\n of service (application crash) via a crafted packet that\n triggers parsing of a token located one position beyond\n the current position. (CVE-2014-6427)\n\n - The dissect_spdu function in\n epan/dissectors/packet-ses.c in the SES dissector in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n does not initialize a certain ID value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n (CVE-2014-6428)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not properly\n handle empty input data, which allows remote attackers\n to cause a denial of service (application crash) via a\n crafted file. (CVE-2014-6429)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not validate\n bitmask data, which allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file. (CVE-2014-6430)\n\n - Buffer overflow in the SnifferDecompress function in\n wiretap/ngsniffer.c in the DOS Sniffer file parser in\n Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1\n allows remote attackers to cause a denial of service\n (application crash) via a crafted file that triggers\n writes of uncompressed bytes beyond the end of the\n output buffer. (CVE-2014-6431)\n\n - The SnifferDecompress function in wiretap/ngsniffer.c in\n the DOS Sniffer file parser in Wireshark 1.10.x before\n 1.10.10 and 1.12.x before 1.12.1 does not prevent data\n overwrites during copy operations, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file. (CVE-2014-6432)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-wireshark\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ccbc2d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "naslFamily": "Solaris Local Security Checks", "pluginID": "80816", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:wireshark"], "scheme": null}

{"gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a network protocol analyzer formerly known as ethereal.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause a Denial of Service condition via specially crafted packets. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.12.2\"", "modified": "2014-12-28T00:00:00", "published": "2014-12-28T00:00:00", "id": "GLSA-201412-52", "href": "https://security.gentoo.org/glsa/201412-52", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-29T12:39:28", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-52", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121338", "title": "Gentoo Security Advisory GLSA 201412-52", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-52.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121338\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:26 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-52\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-52\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-52\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 1.12.2\"), vulnerable: make_list(\"lt 1.12.2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-10-22T00:00:00", "id": "OPENVAS:1361412562310871278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871278", "title": "RedHat Update for wireshark RHSA-2014:1676-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2014:1676-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871278\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-22 06:01:13 +0200 (Wed, 22 Oct 2014)\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for wireshark RHSA-2014:1676-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1676-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00039.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~12.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.10.3~12.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.10.3~12.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~8.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~8.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~8.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:33", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1676", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123270", "title": "Oracle Linux Local Check: ELSA-2014-1676", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1676.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123270\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1676\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1676 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1676\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1676.html\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~12.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.10.3~12.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.10.3~12.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~8.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~8.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~8.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-03-11T14:42:06", "bulletinFamily": "scanner", "description": "Check the version of wireshark", "modified": "2019-03-08T00:00:00", "published": "2014-10-22T00:00:00", "id": "OPENVAS:1361412562310882064", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882064", "title": "CentOS Update for wireshark CESA-2014:1676 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2014:1676 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882064\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-22 06:01:56 +0200 (Wed, 22 Oct 2014)\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\",\n \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\",\n \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for wireshark CESA-2014:1676 centos7\");\n\n script_tag(name:\"summary\", value:\"Check the version of wireshark\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer.\nIt is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1676\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-October/020702.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~12.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.10.3~12.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.10.3~12.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-03-11T14:42:29", "bulletinFamily": "scanner", "description": "Check the version of wireshark", "modified": "2019-03-08T00:00:00", "published": "2014-10-22T00:00:00", "id": "OPENVAS:1361412562310882066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882066", "title": "CentOS Update for wireshark CESA-2014:1677 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2014:1677 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882066\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-22 06:02:27 +0200 (Wed, 22 Oct 2014)\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\",\n \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\",\n \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for wireshark CESA-2014:1677 centos5\");\n\n script_tag(name:\"summary\", value:\"Check the version of wireshark\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer.\nIt is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1677\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-October/020703.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~7.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~7.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:26:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1677", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123268", "title": "Oracle Linux Local Check: ELSA-2014-1677", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1677.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123268\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:31 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1677\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1677 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1677\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1677.html\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~7.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~7.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-03-19T12:39:09", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.", "modified": "2019-03-19T00:00:00", "published": "2014-10-14T00:00:00", "id": "OPENVAS:1361412562310703049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703049", "title": "Debian Security Advisory DSA 3049-1 (wireshark - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3049.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3049-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703049\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_name(\"Debian Security Advisory DSA 3049-1 (wireshark - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-14 00:00:00 +0200 (Tue, 14 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3049.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy12.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:21", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.", "modified": "2017-07-10T00:00:00", "published": "2014-10-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703049", "id": "OPENVAS:703049", "title": "Debian Security Advisory DSA 3049-1 (wireshark - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3049.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 3049-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703049);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_name(\"Debian Security Advisory DSA 3049-1 (wireshark - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-14 00:00:00 +0200 (Tue, 14 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3049.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wireshark on Debian Linux\");\n script_tag(name: \"insight\", value: \"Wireshark is a network 'sniffer' - a tool that captures and analyzes\npackets off the wire. Wireshark can decode too many protocols to list\nhere.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy12.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:33:12", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120427", "title": "Amazon Linux Local Check: ALAS-2014-446", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-446.nasl 6637 2017-07-10 09:58:13Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120427\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:06 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-446\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432 )Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428 )\");\n script_tag(name:\"solution\", value:\"Run yum update wireshark to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-446.html\");\n script_cve_id(\"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6431\", \"CVE-2014-6430\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~8.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~8.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~8.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:14:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-10-22T00:00:00", "id": "OPENVAS:1361412562310871277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871277", "title": "RedHat Update for wireshark RHSA-2014:1677-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2014:1677-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871277\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-22 06:00:50 +0200 (Wed, 22 Oct 2014)\");\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for wireshark RHSA-2014:1677-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1677-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00040.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.15~7.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.15~7.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.15~7.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:12", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. ([CVE-2014-6429 __](<https://access.redhat.com/security/cve/CVE-2014-6429>), [CVE-2014-6430 __](<https://access.redhat.com/security/cve/CVE-2014-6430>), [CVE-2014-6431 __](<https://access.redhat.com/security/cve/CVE-2014-6431>), [CVE-2014-6432 __](<https://access.redhat.com/security/cve/CVE-2014-6432>))\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. ([CVE-2014-6421 __](<https://access.redhat.com/security/cve/CVE-2014-6421>), [CVE-2014-6422 __](<https://access.redhat.com/security/cve/CVE-2014-6422>), [CVE-2014-6423 __](<https://access.redhat.com/security/cve/CVE-2014-6423>), [CVE-2014-6424 __](<https://access.redhat.com/security/cve/CVE-2014-6424>), [CVE-2014-6425 __](<https://access.redhat.com/security/cve/CVE-2014-6425>), [CVE-2014-6426 __](<https://access.redhat.com/security/cve/CVE-2014-6426>), [CVE-2014-6427 __](<https://access.redhat.com/security/cve/CVE-2014-6427>), [CVE-2014-6428 __](<https://access.redhat.com/security/cve/CVE-2014-6428>))\n\n \n**Affected Packages:** \n\n\nwireshark\n\n \n**Issue Correction:** \nRun _yum update wireshark_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n wireshark-debuginfo-1.8.10-8.14.amzn1.i686 \n wireshark-1.8.10-8.14.amzn1.i686 \n wireshark-devel-1.8.10-8.14.amzn1.i686 \n \n src: \n wireshark-1.8.10-8.14.amzn1.src \n \n x86_64: \n wireshark-debuginfo-1.8.10-8.14.amzn1.x86_64 \n wireshark-1.8.10-8.14.amzn1.x86_64 \n wireshark-devel-1.8.10-8.14.amzn1.x86_64 \n \n \n", "modified": "2014-11-11T10:34:00", "published": "2014-11-11T10:34:00", "id": "ALAS-2014-446", "href": "https://alas.aws.amazon.com/ALAS-2014-446.html", "title": "Medium: wireshark", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20141021_WIRESHARK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78649", "published": "2014-10-23T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78649);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,\nCVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1410&L=scientific-linux-errata&T=0&P=2400\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f54b7f92\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-1.8.10-8.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-debuginfo-1.8.10-8.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-devel-1.8.10-8.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-gnome-1.8.10-8.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wireshark-1.10.3-12.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.10.3-12.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wireshark-devel-1.10.3-12.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.10.3-12.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-1676.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78608", "published": "2014-10-22T00:00:00", "title": "CentOS 6 / 7 : wireshark (CESA-2014:1676)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1676 and \n# CentOS Errata and Security Advisory 2014:1676 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78608);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_xref(name:\"RHSA\", value:\"2014:1676\");\n\n script_name(english:\"CentOS 6 / 7 : wireshark (CESA-2014:1676)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,\nCVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020702.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d7ebc4e\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2014-October/001484.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e9e1c47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-1.8.10-8.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-devel-1.8.10-8.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-gnome-1.8.10-8.el6_6\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"wireshark-1.10.3-12.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"wireshark-devel-1.10.3-12.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.10.3-12.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1676 :\n\nUpdated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2014-1676.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78619", "published": "2014-10-22T00:00:00", "title": "Oracle Linux 6 / 7 : wireshark (ELSA-2014-1676)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1676 and \n# Oracle Linux Security Advisory ELSA-2014-1676 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78619);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_bugtraq_id(69853, 69855, 69860, 69861, 69862, 69863, 69865, 69866);\n script_xref(name:\"RHSA\", value:\"2014:1676\");\n\n script_name(english:\"Oracle Linux 6 / 7 : wireshark (ELSA-2014-1676)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1676 :\n\nUpdated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,\nCVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004559.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-1.8.10-8.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-devel-1.8.10-8.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-gnome-1.8.10-8.0.1.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"wireshark-1.10.3-12.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"wireshark-devel-1.10.3-12.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.10.3-12.0.1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-1676.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78620", "published": "2014-10-22T00:00:00", "title": "RHEL 6 / 7 : wireshark (RHSA-2014:1676)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1676. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78620);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_xref(name:\"RHSA\", value:\"2014:1676\");\n\n script_name(english:\"RHEL 6 / 7 : wireshark (RHSA-2014:1676)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,\nCVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6432\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1676\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-1.8.10-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-debuginfo-1.8.10-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-devel-1.8.10-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wireshark-gnome-1.8.10-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wireshark-gnome-1.8.10-8.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.8.10-8.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"wireshark-1.10.3-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"wireshark-debuginfo-1.10.3-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"wireshark-devel-1.10.3-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"wireshark-gnome-1.10.3-12.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.10.3-12.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:08", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201412-52 (Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause a Denial of Service condition via specially crafted packets.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2015-04-13T00:00:00", "id": "GENTOO_GLSA-201412-52.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80273", "published": "2014-12-29T00:00:00", "title": "GLSA-201412-52 : Wireshark: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-52.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80273);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:57 $\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_bugtraq_id(69853, 69855, 69856, 69857, 69858, 69859, 69860, 69861, 69862, 69863, 69865, 69866);\n script_xref(name:\"GLSA\", value:\"201412-52\");\n\n script_name(english:\"GLSA-201412-52 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-52\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause a Denial of Service condition via specially\n crafted packets.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-52\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.12.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 1.12.2\"), vulnerable:make_list(\"lt 1.12.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:49", "bulletinFamily": "scanner", "description": "Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429 , CVE-2014-6430 , CVE-2014-6431 , CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421 , CVE-2014-6422 , CVE-2014-6423 , CVE-2014-6424 , CVE-2014-6425 , CVE-2014-6426 , CVE-2014-6427 , CVE-2014-6428)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-446.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79295", "published": "2014-11-18T00:00:00", "title": "Amazon Linux AMI : wireshark (ALAS-2014-446)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-446.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79295);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6424\", \"CVE-2014-6425\", \"CVE-2014-6426\", \"CVE-2014-6427\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_xref(name:\"ALAS\", value:\"2014-446\");\n script_xref(name:\"RHSA\", value:\"2014:1676\");\n\n script_name(english:\"Amazon Linux AMI : wireshark (ALAS-2014-446)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429 , CVE-2014-6430 , CVE-2014-6431 , CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421 ,\nCVE-2014-6422 , CVE-2014-6423 , CVE-2014-6424 , CVE-2014-6425 ,\nCVE-2014-6426 , CVE-2014-6427 , CVE-2014-6428)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-446.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update wireshark' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-1.8.10-8.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-debuginfo-1.8.10-8.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-devel-1.8.10-8.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-12-14T00:00:00", "id": "REDHAT-RHSA-2014-1677.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78621", "published": "2014-10-22T00:00:00", "title": "RHEL 5 : wireshark (RHSA-2014:1677)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1677. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78621);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/12/14 9:50:14\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_bugtraq_id(69853, 69855, 69856, 69857, 69858, 69859, 69860, 69865, 69866);\n script_xref(name:\"RHSA\", value:\"2014:1677\");\n\n script_name(english:\"RHEL 5 : wireshark (RHSA-2014:1677)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1677\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1677\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-debuginfo-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-debuginfo-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"wireshark-gnome-1.0.15-7.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.15-7.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1677 :\n\nUpdated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2014-1677.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78640", "published": "2014-10-23T00:00:00", "title": "Oracle Linux 5 : wireshark (ELSA-2014-1677)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1677 and \n# Oracle Linux Security Advisory ELSA-2014-1677 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78640);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_bugtraq_id(69853, 69855, 69856, 69857, 69858, 69859, 69860, 69865, 69866);\n script_xref(name:\"RHSA\", value:\"2014:1677\");\n\n script_name(english:\"Oracle Linux 5 : wireshark (ELSA-2014-1677)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1677 :\n\nUpdated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004571.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-1.0.15-7.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"wireshark-gnome-1.0.15-7.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-1677.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78609", "published": "2014-10-22T00:00:00", "title": "CentOS 5 : wireshark (CESA-2014:1677)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1677 and \n# CentOS Errata and Security Advisory 2014:1677 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78609);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n script_bugtraq_id(69853, 69855, 69856, 69857, 69858, 69859, 69860, 69865, 69866);\n script_xref(name:\"RHSA\", value:\"2014:1677\");\n\n script_name(english:\"CentOS 5 : wireshark (CESA-2014:1677)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020703.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a210b6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-1.0.15-7.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"wireshark-gnome-1.0.15-7.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:37", "bulletinFamily": "scanner", "description": "Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll running instances of Wireshark must be restarted for the update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20141021_WIRESHARK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78648", "published": "2014-10-23T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78648);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-6421\", \"CVE-2014-6422\", \"CVE-2014-6423\", \"CVE-2014-6425\", \"CVE-2014-6428\", \"CVE-2014-6429\", \"CVE-2014-6430\", \"CVE-2014-6431\", \"CVE-2014-6432\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2014-6421,\nCVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1410&L=scientific-linux-errata&T=0&P=1444\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b0557cb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wireshark, wireshark-debuginfo and / or\nwireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.15-7.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-debuginfo-1.0.15-7.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.15-7.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:06", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3049-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 14, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 \n CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431\n CVE-2014-6432\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy12.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-14T19:36:14", "published": "2014-10-14T19:36:14", "id": "DEBIAN:DSA-3049-1:3F615", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00236.html", "title": "[SECURITY] [DSA 3049-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:43", "bulletinFamily": "unix", "description": "Package : wireshark\nVersion : 1.8.2-5wheezy15~deb6u1\nCVE ID : CVE-2015-2191 CVE-2015-2188 CVE-2015-0564 CVE-2015-0562\n CVE-2014-8714 CVE-2014-8713 CVE-2014-8712 CVE-2014-8711\n CVE-2014-8710 CVE-2014-6432 CVE-2014-6431 CVE-2014-6430\n CVE-2014-6429 CVE-2014-6428 CVE-2014-6423 CVE-2014-6422\n\nThe following vulnerabilities were discovered in the Squeeze&#x27;s Wireshark\nversion:\n\n CVE-2015-2188 The WCP dissector could crash\n CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions\n CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash\n CVE-2014-8714 TN5250 infinite loops\n CVE-2014-8713 NCP crashes\n CVE-2014-8712 NCP crashes\n CVE-2014-8711 AMQP crash\n CVE-2014-8710 SigComp UDVM buffer overflow\n CVE-2014-6432 Sniffer file parser crash\n CVE-2014-6431 Sniffer file parser crash\n CVE-2014-6430 Sniffer file parser crash\n CVE-2014-6429 Sniffer file parser crash\n CVE-2014-6428 SES dissector crash\n CVE-2014-6423 MEGACO dissector infinite loop\n CVE-2014-6422 RTP dissector crash\n\nSince back-porting upstream patches to 1.2.11-6+squeeze15 did not fix\nall the outstanding issues and some issues are not even tracked publicly\nthe LTS Team decided to sync squeeze-lts&#x27;s wireshark package with\nwheezy-security to provide the best possible security support.\n\nNote that upgrading Wireshark from 1.2.x to 1.8.x introduces\nseveral backward-incompatible changes in package structure, shared\nlibrary API/ABI, availability of dissectors and in syntax of command\nline parameters.\n\n\n\n", "modified": "2015-04-22T09:45:46", "published": "2015-04-22T09:45:46", "id": "DEBIAN:DLA-198-1:FF28E", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00020.html", "title": "[SECURITY] [DLA 198-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:26", "bulletinFamily": "unix", "description": "[1.0.15-7.0.1.el5]\n- Added oracle-ocfs2-network.patch\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\n[1.0.15-7]\n- security patches\n- Resolves: CVE-2014-6421\n CVE-2014-6423\n CVE-2014-6425\n CVE-2014-6428\n CVE-2014-6429", "modified": "2014-10-22T00:00:00", "published": "2014-10-22T00:00:00", "id": "ELSA-2014-1677", "href": "http://linux.oracle.com/errata/ELSA-2014-1677.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:39:39", "bulletinFamily": "unix", "description": "[1.10.3-12.0.1.el7]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.10.3-12]\n- security patches\n- Related: #1148266\n[1.10.3-11]\n- security patches\n- Resolves: CVE-2014-6421\n CVE-2014-6423\n CVE-2014-6424\n CVE-2014-6425\n CVE-2014-6426\n CVE-2014-6427\n CVE-2014-6428\n CVE-2014-6429", "modified": "2014-10-21T00:00:00", "published": "2014-10-21T00:00:00", "id": "ELSA-2014-1676", "href": "http://linux.oracle.com/errata/ELSA-2014-1676.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:38", "bulletinFamily": "unix", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:26", "published": "2014-10-21T04:00:00", "id": "RHSA-2014:1676", "href": "https://access.redhat.com/errata/RHSA-2014:1676", "type": "redhat", "title": "(RHSA-2014:1676) Moderate: wireshark security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:41:26", "bulletinFamily": "unix", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:50:48", "published": "2014-10-21T04:00:00", "id": "RHSA-2014:1677", "href": "https://access.redhat.com/errata/RHSA-2014:1677", "type": "redhat", "title": "(RHSA-2014:1677) Moderate: wireshark security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-03-09T11:46:17", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1676\n\n\nWireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020702.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2014-October/001484.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1676.html", "modified": "2014-10-22T00:02:14", "published": "2014-10-21T19:49:27", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020702.html", "id": "CESA-2014:1676", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:53", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1677\n\n\nWireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,\nCVE-2014-6425, CVE-2014-6428)\n\nAll wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020703.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1677.html", "modified": "2014-10-21T23:32:37", "published": "2014-10-21T23:32:37", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020703.html", "id": "CESA-2014:1677", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "Multiple memory corruptions and DoS conditions on dufferent formats.", "modified": "2014-09-29T00:00:00", "published": "2014-09-29T00:00:00", "id": "SECURITYVULNS:VULN:13981", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13981", "title": "wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:188\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : September 25, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated wireshark packages fix security vulnerabilities:\r\n \r\n RTP dissector crash &#40;CVE-2014-6421, CVE-2014-6422&#41;.\r\n \r\n MEGACO dissector infinite loop &#40;CVE-2014-6423&#41;.\r\n \r\n Netflow dissector crash &#40;CVE-2014-6424&#41;.\r\n \r\n RTSP dissector crash &#40;CVE-2014-6427&#41;.\r\n \r\n SES dissector crash &#40;CVE-2014-6428&#41;.\r\n \r\n Sniffer file parser crash &#40;CVE-2014-6429, CVE-2014-6430, CVE-2014-6431,\r\n CVE-2014-6432&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432\r\n http://advisories.mageia.org/MGASA-2014-0386.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n a0fa2dca9bd648848b00458ce38e73ec mbs1/x86_64/dumpcap-1.10.10-1.mbs1.x86_64.rpm\r\n ad22c8b39c0010256e34e53b0ee57cb9 mbs1/x86_64/lib64wireshark3-1.10.10-1.mbs1.x86_64.rpm\r\n 884e299dcbfce105717912c3afdbed4d mbs1/x86_64/lib64wireshark-devel-1.10.10-1.mbs1.x86_64.rpm\r\n 0025255c9c4c9725d273586a9dae9655 mbs1/x86_64/lib64wiretap3-1.10.10-1.mbs1.x86_64.rpm\r\n e2104e85accdb8c2d1a537c006344b9e mbs1/x86_64/lib64wsutil3-1.10.10-1.mbs1.x86_64.rpm\r\n 43795790f5177861be53ace64b853820 mbs1/x86_64/rawshark-1.10.10-1.mbs1.x86_64.rpm\r\n e523b31562ae42318976d5894d26532e mbs1/x86_64/tshark-1.10.10-1.mbs1.x86_64.rpm\r\n 6add8933110e7dd1a802f0b0ec866084 mbs1/x86_64/wireshark-1.10.10-1.mbs1.x86_64.rpm\r\n 542ad02f513c39daba31368a111c39ea mbs1/x86_64/wireshark-tools-1.10.10-1.mbs1.x86_64.rpm \r\n 07f6832d6e5b0e90de2ece20d336e2ca mbs1/SRPMS/wireshark-1.10.10-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUI8O+mqjQ0CJFipgRAm5PAJwPxlqQCblupA+4CpUQ2HN26NvC6QCff7Kh\r\ndGYIqXpQNIz0deNnPzxEI9g=\r\n=scSH\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-09-29T00:00:00", "published": "2014-09-29T00:00:00", "id": "SECURITYVULNS:DOC:31109", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31109", "title": "[ MDVSA-2014:188 ] wireshark", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-10-12T02:11:06", "bulletinFamily": "software", "description": "Description\n\n * [CVE-2014-6421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421>) \n \nUse-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.\n * [CVE-2014-6422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422>) \n \nThe SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.\n * [CVE-2014-6424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424>) \n \nThe dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.\n * [CVE-2014-6426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6426>) \n \nThe dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n * [CVE-2014-6427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427>) \n \nOff-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.\n\nImpact\n\nNone. F5 products are not affected by these vulnerabilities.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable | None \nEnterprise Manager | None | 3.1.1 \n| Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ ADC | None \n| 4.5.0 \n| Not vulnerable | None \nLineRate | None \n| 2.6.0 \n2.5.0 - 2.5.1 \n| Not vulnerable | None \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2016-01-09T02:24:00", "published": "2015-07-10T01:58:00", "href": "https://support.f5.com/csp/article/K16939", "id": "F5:K16939", "title": "Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:53", "bulletinFamily": "software", "description": " * [CVE-2014-6421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421>) \n \nUse-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.\n * [CVE-2014-6422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422>) \n \nThe SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.\n * [CVE-2014-6424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424>) \n \nThe dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.\n * [CVE-2014-6426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6426>) \n \nThe dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.\n * [CVE-2014-6427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427>) \n \nOff-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.\n", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16939.html", "id": "SOL16939", "title": "SOL16939 - Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:39", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can use the **tcpdump** utility to perform packet captures instead of the **tshark** utility. For information about the** tcpdump** utility, refer to SOL411: Overview of packet tracing with the tcpdump utility.\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\n * This vulnerability is remotely exploitable only when an administrative user of the device is actively using the **tshark** utility, and the **tshark **utility receives attack packets as described in the CVEs.\n * The **tshark** utility does not run as a process on F5 devices, and the **tshark** utility is not used by any F5 processes.\n * The **tcpdump** utility is not affected by the CVEs listed in this article.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-09-01T00:00:00", "published": "2015-07-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16940.html", "id": "SOL16940", "title": "SOL16940 - Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-04-09T03:14:09", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 486791 (BIG-IP), ID 486791 (BIG-IQ), and ID 531742 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16940 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP AAM| 11.4.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2| Low| Wireshark (**tshark**) \nBIG-IP AFM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2| Low| Wireshark (**tshark**) \nBIG-IP Analytics| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1| Low| Wireshark (**tshark**) \nBIG-IP APM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP ASM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP Edge Gateway| 11.3.0| 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP GTM| 11.3.0 - 11.6.1| 11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP Link Controller| 11.3.0 - 11.6.0| 12.0.0 - 12.1.1 \n11.6.1 HF1 \n11.5.4 HF2 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP PEM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.1 \n11.6.1 HF1| Low| Wireshark (**tshark**) \nBIG-IP PSM| 11.3.0 - 11.4.1| 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP WebAccelerator| 11.3.0| 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nBIG-IP WOM| 11.3.0| 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Low| Wireshark (**tshark**) \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| Wireshark (**tshark**) \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Wireshark (**tshark**) \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Wireshark (**tshark**) \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Wireshark (**tshark**) \nBIG-IQ ADC| 4.5.0| None| Low| Wireshark (**tshark**) \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can use the **tcpdump** utility to perform packet captures instead of the **tshark** utility. For information about the** tcpdump** utility, refer to [K411: Overview of packet tracing with the tcpdump utility](<https://support.f5.com/csp/article/K411>).\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\n * This vulnerability is remotely exploitable only when an administrative user of the device is actively using the **tshark** utility, and the **tshark **utility receives attack packets as described in the CVEs.\n * The **tshark** utility does not run as a process on F5 devices, and the **tshark** utility is not used by any F5 processes.\n * The **tcpdump** utility is not affected by the CVEs listed in this article.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2017-04-06T18:40:00", "published": "2015-07-09T01:58:00", "id": "F5:K16940", "href": "https://support.f5.com/csp/article/K16940", "title": "Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2016-09-03T21:04:04", "bulletinFamily": "NVD", "description": "The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.", "modified": "2014-11-05T03:28:53", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6426", "id": "CVE-2014-6426", "title": "CVE-2014-6426", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:02", "bulletinFamily": "NVD", "description": "The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.", "modified": "2014-11-05T03:28:52", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6424", "id": "CVE-2014-6424", "title": "CVE-2014-6424", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:03", "bulletinFamily": "NVD", "description": "The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character.", "modified": "2014-11-05T03:28:53", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6425", "id": "CVE-2014-6425", "title": "CVE-2014-6425", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:09", "bulletinFamily": "NVD", "description": "Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.", "modified": "2014-11-05T03:28:55", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6431", "id": "CVE-2014-6431", "title": "CVE-2014-6431", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:01", "bulletinFamily": "NVD", "description": "The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.", "modified": "2014-11-05T03:28:52", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6423", "id": "CVE-2014-6423", "type": "cve", "title": "CVE-2014-6423", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:09", "bulletinFamily": "NVD", "description": "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.", "modified": "2014-11-05T03:28:54", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6430", "id": "CVE-2014-6430", "type": "cve", "title": "CVE-2014-6430", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:09", "bulletinFamily": "NVD", "description": "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.", "modified": "2014-11-05T03:28:54", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6429", "id": "CVE-2014-6429", "title": "CVE-2014-6429", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:04:10", "bulletinFamily": "NVD", "description": "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.", "modified": "2014-11-05T03:28:55", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6432", "id": "CVE-2014-6432", "title": "CVE-2014-6432", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:03:59", "bulletinFamily": "NVD", "description": "The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.", "modified": "2014-11-05T03:28:52", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6422", "id": "CVE-2014-6422", "type": "cve", "title": "CVE-2014-6422", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T21:03:59", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.", "modified": "2014-11-05T03:28:51", "published": "2014-09-20T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6421", "id": "CVE-2014-6421", "title": "CVE-2014-6421", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:46", "bulletinFamily": "unix", "description": "The wireshark package was upgraded to 1.10.10 from 1.8.x as 1.8 was\n discontinued.\n\n This update fixes vulnerabilities that could allow an attacker to crash\n Wireshark or make it become unresponsive by sending specific packets onto\n the network or have them loaded via a capture file while the dissectors\n are running. It also contains a number of other bug fixes.\n\n * RTP dissector crash. (wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422)\n * MEGACO dissector infinite loop. (wnpa-sec-2014-13 CVE-2014-6423)\n * Netflow dissector crash. (wnpa-sec-2014-14 CVE-2014-6424)\n * RTSP dissector crash. (wnpa-sec-2014-17 CVE-2014-6427)\n * SES dissector crash. (wnpa-sec-2014-18 CVE-2014-6428)\n * Sniffer file parser crash. (wnpa-sec-2014-19 CVE-2014-6429\n CVE-2014-6430 CVE-2014-6431 CVE-2014-6432)\n * The Catapult DCT2000 and IrDA dissectors could underrun a buffer.\n (wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162, bnc#889901)\n * The GSM Management dissector could crash. (wnpa-sec-2014-09\n CVE-2014-5163, bnc#889906)\n * The RLC dissector could crash. (wnpa-sec-2014-10 CVE-2014-5164,\n bnc#889900)\n * The ASN.1 BER dissector could crash. (wnpa-sec-2014-11\n CVE-2014-5165, bnc#889899)\n\n Further bug fixes as listed in:\n <a rel=\"nofollow\" href=\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html\">https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html</a>\n &lt;<a rel=\"nofollow\" href=\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html\">https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html</a>&gt; and\n <a rel=\"nofollow\" href=\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html\">https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html</a>\n &lt;<a rel=\"nofollow\" href=\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html\">https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html</a>&gt; .\n\n Security Issues:\n\n * CVE-2014-5161\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161</a>&gt;\n * CVE-2014-5162\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162</a>&gt;\n * CVE-2014-5163\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163</a>&gt;\n * CVE-2014-5164\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164</a>&gt;\n * CVE-2014-5165\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165</a>&gt;\n * CVE-2014-6421\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421</a>&gt;\n * CVE-2014-6422\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422</a>&gt;\n * CVE-2014-6423\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423</a>&gt;\n * CVE-2014-6424\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424</a>&gt;\n * CVE-2014-6427\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427</a>&gt;\n * CVE-2014-6428\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428</a>&gt;\n * CVE-2014-6429\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429</a>&gt;\n * CVE-2014-6430\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430</a>&gt;\n * CVE-2014-6431\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431</a>&gt;\n * CVE-2014-6432\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432</a>&gt;\n\n", "modified": "2014-09-27T00:04:33", "published": "2014-09-27T00:04:33", "id": "SUSE-SU-2014:1221-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html", "type": "suse", "title": "Security update for wireshark (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}