{"id": "SUSE_WIRESHARK-7943.NASL", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)", "description": "This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)", "published": "2012-02-24T00:00:00", "modified": "2012-02-24T00:00:00", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/58117", "reporter": "This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2012-0041.html", "http://support.novell.com/security/cve/CVE-2012-0066.html", "http://support.novell.com/security/cve/CVE-2012-0043.html", "http://support.novell.com/security/cve/CVE-2012-0042.html", "http://support.novell.com/security/cve/CVE-2012-0068.html", "http://support.novell.com/security/cve/CVE-2012-0067.html"], "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "type": "nessus", "lastseen": "2020-06-05T12:53:16", "edition": 16, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310802764", "OPENVAS:136141256231070713", "OPENVAS:863701", "OPENVAS:1361412562310802761", "OPENVAS:70713", "OPENVAS:70748", "OPENVAS:802764", "OPENVAS:1361412562310863898", "OPENVAS:802761", "OPENVAS:136141256231070748"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2395.NASL", "FEDORA_2012-0440.NASL", "SOLARIS11_WIRESHARK_20120404.NASL", "WIRESHARK_1_4_11.NASL", "SUSE_11_4_WIRESHARK-120201.NASL", "FEDORA_2012-0435.NASL", "OPENSUSE-2012-123.NASL", "FREEBSD_PKG_3EBB2DC8460911E19F4700E0815B8DA8.NASL", "WIRESHARK_1_6_5.NASL", "SUSE_11_WIRESHARK-120131.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12188", "SECURITYVULNS:DOC:27668"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2395-1:01533"]}, {"type": "freebsd", "idList": ["3EBB2DC8-4609-11E1-9F47-00E0815B8DA8"]}, {"type": "cve", "idList": ["CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0043", "CVE-2012-0067", "CVE-2012-0066", "CVE-2012-0068"]}, {"type": "fedora", "idList": ["FEDORA:8207220B7A", "FEDORA:4675F20B8C"]}, {"type": "centos", "idList": ["CESA-2012:0509", "CESA-2013:0125"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1569", "ELSA-2013-0125", "ELSA-2012-0509"]}, {"type": "redhat", "idList": ["RHSA-2013:0125", "RHSA-2012:0509"]}, {"type": "exploitdb", "idList": ["EDB-ID:36633"]}, {"type": "gentoo", "idList": ["GLSA-201308-05"]}], "modified": "2020-06-05T12:53:16", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-06-05T12:53:16", "rev": 2}, "vulnersScore": 6.5}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58117);\n script_version (\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0068.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7943.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.4.11-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.4.11-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.4.11-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "58117", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}

{"openvas": [{"lastseen": "2017-07-02T21:10:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-04-14T00:00:00", "published": "2012-04-23T00:00:00", "id": "OPENVAS:802761", "href": "http://plugins.openvas.org/nasl.php?oid=802761", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities - April 12 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win_apr12.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Wireshark Multiple Vulnerabilities - April 12 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Windows\";\ntag_insight = \"The flaws are due to\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802761);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-23 18:33:55 +0530 (Mon, 23 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities - April 12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47494/\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check for vulnerable Wireshark versions\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-24T00:00:00", "id": "OPENVAS:1361412562310802764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802764", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_macosx.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802764\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-24 15:23:18 +0530 (Tue, 24 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47494/\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-04-11T00:00:00", "published": "2012-04-24T00:00:00", "id": "OPENVAS:802764", "href": "http://plugins.openvas.org/nasl.php?oid=802764", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_macosx.nasl 5931 2017-04-11 09:02:04Z teissa $\n#\n# Wireshark Multiple Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Mac OS X\";\ntag_insight = \"The flaws are due to\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802764);\n script_version(\"$Revision: 5931 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-24 15:23:18 +0530 (Tue, 24 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47494/\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check for vulnerable Wireshark versions\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-23T00:00:00", "id": "OPENVAS:1361412562310802761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802761", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities - April 12 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win_apr12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities - April 12 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802761\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-23 18:33:55 +0530 (Mon, 23 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities - April 12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47494/\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70713", "href": "http://plugins.openvas.org/nasl.php?oid=70713", "type": "openvas", "title": "Debian Security Advisory DSA 2395-1 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2395_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2395-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202395-1\";\n\nif(description)\n{\n script_id(70713);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:37 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2395-1 (wireshark)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070713", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070713", "type": "openvas", "title": "Debian Security Advisory DSA 2395-1 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2395_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2395-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70713\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:37 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2395-1 (wireshark)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202395-1\");\n script_tag(name:\"insight\", value:\"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0041", "CVE-2012-0067"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070748", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070748", "type": "openvas", "title": "FreeBSD Ports: wireshark", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_wireshark6.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70748\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n wireshark\n wireshark-lite\n tshark\n tshark-lite\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0041", "CVE-2012-0067"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-21T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70748", "href": "http://plugins.openvas.org/nasl.php?oid=70748", "type": "openvas", "title": "FreeBSD Ports: wireshark", "sourceData": "#\n#VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n wireshark\n wireshark-lite\n tshark\n tshark-lite\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wireshark.org/security/wnpa-sec-2012-01.html\nhttp://www.wireshark.org/security/wnpa-sec-2012-02.html\nhttp://www.wireshark.org/security/wnpa-sec-2012-03.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\nhttp://www.vuxml.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70748);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 5999 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: wireshark\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041"], "description": "Check for the Version of wireshark", "modified": "2017-12-26T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:863701", "href": "http://plugins.openvas.org/nasl.php?oid=863701", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2012-0440", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2012-0440\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072409.html\");\n script_id(863701);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:14 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_xref(name: \"FEDORA\", value: \"2012-0440\");\n script_name(\"Fedora Update for wireshark FEDORA-2012-0440\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.11~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041"], "description": "Check for the Version of wireshark", "modified": "2017-12-28T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863898", "href": "http://plugins.openvas.org/nasl.php?oid=863898", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2012-0435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2012-0435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072237.html\");\n script_id(863898);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:46 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_xref(name: \"FEDORA\", value: \"2012-0435\");\n script_name(\"Fedora Update for wireshark FEDORA-2012-0435\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.6.5~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-06-05T11:11:39", "description": "Wireshark version 1.4.11 fixes several security issues", "edition": 14, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-2012-123)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-debuginfo"], "id": "OPENSUSE-2012-123.NASL", "href": "https://www.tenable.com/plugins/nessus/74551", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-123.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74551);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-2012-123)\");\n script_summary(english:\"Check for the openSUSE-2012-123 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark version 1.4.11 fixes several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-debuginfo-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-debugsource-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-devel-1.4.11-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T12:29:19", "description": "This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)", "edition": 16, "published": "2012-02-24T00:00:00", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2012-02-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:wireshark"], "id": "SUSE_11_WIRESHARK-120131.NASL", "href": "https://www.tenable.com/plugins/nessus/58115", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58115);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0068.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:01:19", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The dissect_packet function in epan/packet.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a capture file,\n as demonstrated by an airopeek file. (CVE-2012-0041)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n does not properly perform certain string conversions,\n which allows remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a crafted packet, related to epan/to_str.c.\n (CVE-2012-0042)\n\n - Buffer overflow in the reassemble_message function in\n epan/dissectors/ packet-rlc.c in the RLC dissector in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a series of fragmented RLC packets. (CVE-2012-0043)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a (1) Accellent\n 5Views (aka .5vw) file, (2) I4B trace file, or (3)\n NETMON 2 capture file. (CVE-2012-0066)\n\n - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and\n 1.6.x before 1.6.5 allows remote attackers to cause a\n denial of service (application crash) via a long packet\n in an AIX iptrace file. (CVE-2012-0067)\n\n - The lanalyzer_read function in wiretap/lanalyzer.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a Novell catpure file containing\n a record that is too small. (CVE-2012-0068)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:wireshark", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_WIRESHARK_20120404.NASL", "href": "https://www.tenable.com/plugins/nessus/80801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80801);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The dissect_packet function in epan/packet.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a capture file,\n as demonstrated by an airopeek file. (CVE-2012-0041)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n does not properly perform certain string conversions,\n which allows remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a crafted packet, related to epan/to_str.c.\n (CVE-2012-0042)\n\n - Buffer overflow in the reassemble_message function in\n epan/dissectors/ packet-rlc.c in the RLC dissector in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a series of fragmented RLC packets. (CVE-2012-0043)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a (1) Accellent\n 5Views (aka .5vw) file, (2) I4B trace file, or (3)\n NETMON 2 capture file. (CVE-2012-0066)\n\n - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and\n 1.6.x before 1.6.5 allows remote attackers to cause a\n denial of service (application crash) via a long packet\n in an AIX iptrace file. (CVE-2012-0067)\n\n - The lanalyzer_read function in wiretap/lanalyzer.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a Novell catpure file containing\n a record that is too small. (CVE-2012-0068)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-vulnerabilities-in-wireshark\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e9c113c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 04.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.5.0\", sru:\"SRU 4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T07:00:53", "description": "The installed version of Wireshark is 1.6.x before 1.6.5. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)", "edition": 25, "published": "2012-01-13T00:00:00", "title": "Wireshark 1.6.x < 1.6.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/57539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57539);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2012-0041\",\n \"CVE-2012-0042\",\n \"CVE-2012-0043\",\n \"CVE-2012-0066\",\n \"CVE-2012-0067\",\n \"CVE-2012-0068\"\n );\n script_bugtraq_id(51368, 51710);\n\n script_name(english:\"Wireshark 1.6.x < 1.6.5 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.6.x before 1.6.5. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.securityfocus.com/vulnerabilities/exploits/51710.zip\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.6($|\\.[0-4])($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.6.5\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T12:28:51", "description": "This update fixes the following security issues :\n\n - 741187: multiple file parser vulnerabilities\n (CVE-2012-0041)\n\n - 741188: RLC dissector buffer overflow (CVE-2012-0043)\n\n - 741190: NULL pointer vulnerabilities (CVE-2012-0042)\n\n - CVE-2012-0066: DoS due to too large buffer alloc request\n\n - CVE-2012-0067: DoS due to integer underflow and too\n large buffer alloc. request\n\n - CVE-2012-0068: memory corruption due to buffer underflow", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-debuginfo"], "id": "SUSE_11_4_WIRESHARK-120201.NASL", "href": "https://www.tenable.com/plugins/nessus/76047", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-5742.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76047);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)\");\n script_summary(english:\"Check for the wireshark-5742 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - 741187: multiple file parser vulnerabilities\n (CVE-2012-0041)\n\n - 741188: RLC dissector buffer overflow (CVE-2012-0043)\n\n - 741190: NULL pointer vulnerabilities (CVE-2012-0042)\n\n - CVE-2012-0066: DoS due to too large buffer alloc request\n\n - CVE-2012-0067: DoS due to integer underflow and too\n large buffer alloc. request\n\n - CVE-2012-0068: memory corruption due to buffer underflow\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00058.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debuginfo-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debugsource-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-devel-1.4.11-0.2.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T07:00:51", "description": "The installed version of Wireshark is 1.4.x before 1.4.11. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)", "edition": 25, "published": "2012-01-13T00:00:00", "title": "Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_4_11.NASL", "href": "https://www.tenable.com/plugins/nessus/57538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57538);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2012-0041\",\n \"CVE-2012-0042\",\n \"CVE-2012-0043\",\n \"CVE-2012-0066\",\n \"CVE-2012-0067\",\n \"CVE-2012-0068\"\n );\n script_bugtraq_id(51368, 51710);\n\n script_name(english:\"Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.4.x before 1.4.11. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.11.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.securityfocus.com/vulnerabilities/exploits/51710.zip\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.4.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.4($|\\.([0-9]|10))($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.4.11\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:13", "description": "Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068 ).\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.", "edition": 16, "published": "2012-01-31T00:00:00", "title": "Debian DSA-2395-1 : wireshark - buffer underflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2012-01-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:wireshark"], "id": "DEBIAN_DSA-2395.NASL", "href": "https://www.tenable.com/plugins/nessus/57735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2395. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57735);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_xref(name:\"DSA\", value:\"2395\");\n\n script_name(english:\"Debian DSA-2395-1 : wireshark - buffer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068 ).\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2395\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tshark\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-common\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dbg\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dev\", reference:\"1.2.11-6+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:41:52", "description": "Wireshark reports :\n\nLaurent Butti discovered that Wireshark failed to properly check\nrecord sizes for many packet capture file formats\n\nWireshark could dereference a NULL pointer and crash.\n\nThe RLC dissector could overflow a buffer.", "edition": 22, "published": "2012-01-24T00:00:00", "title": "FreeBSD : Wireshark -- Multiple vulnerabilities (3ebb2dc8-4609-11e1-9f47-00e0815b8da8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0041", "CVE-2012-0067"], "modified": "2012-01-24T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tshark-lite", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:wireshark-lite", "p-cpe:/a:freebsd:freebsd:tshark", "p-cpe:/a:freebsd:freebsd:wireshark"], "id": "FREEBSD_PKG_3EBB2DC8460911E19F4700E0815B8DA8.NASL", "href": "https://www.tenable.com/plugins/nessus/57646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57646);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"FreeBSD : Wireshark -- Multiple vulnerabilities (3ebb2dc8-4609-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark reports :\n\nLaurent Butti discovered that Wireshark failed to properly check\nrecord sizes for many packet capture file formats\n\nWireshark could dereference a NULL pointer and crash.\n\nThe RLC dissector could overflow a buffer.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-01.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-02.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\"\n );\n # https://vuxml.freebsd.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0ceafae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wireshark>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark-lite>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark-lite>=1.6.0<1.6.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:09:50", "description": "The following vulnerabilities have been fixed. wnpa-sec-2012-01\nLaurent Butti discovered that Wireshark failed to properly record\nsizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-01-25T00:00:00", "title": "Fedora 15 : wireshark-1.4.11-1.fc15 (2012-0440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041"], "modified": "2012-01-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-0440.NASL", "href": "https://www.tenable.com/plugins/nessus/57670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0440.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57670);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_bugtraq_id(51368);\n script_xref(name:\"FEDORA\", value:\"2012-0440\");\n\n script_name(english:\"Fedora 15 : wireshark-1.4.11-1.fc15 (2012-0440)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been fixed. wnpa-sec-2012-01\nLaurent Butti discovered that Wireshark failed to properly record\nsizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773729\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072409.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c31d36fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"wireshark-1.4.11-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:50", "description": "The following vulnerabilities have been fixed.\n\nwnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to\nproperly record sizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-01-23T00:00:00", "title": "Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0043", "CVE-2012-0042", "CVE-2012-0041"], "modified": "2012-01-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-0435.NASL", "href": "https://www.tenable.com/plugins/nessus/57624", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0435.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57624);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_bugtraq_id(51368);\n script_xref(name:\"FEDORA\", value:\"2012-0435\");\n\n script_name(english:\"Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been fixed.\n\nwnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to\nproperly record sizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773729\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0173046\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"wireshark-1.6.5-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "LANalyzer buffer overflow, DoS.", "edition": 1, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "SECURITYVULNS:VULN:12188", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12188", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2395-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJanuary 27, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : buffer underflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 \r\n CVE-2012-0067 CVE-2012-0068 \r\n\r\nLaurent Butti discovered a buffer underflow in the LANalyzer dissector\r\nof the Wireshark network traffic analyzer, which could lead to the \r\nexecution of arbitrary code &#40;CVE-2012-0068&#41;\r\n\r\nThis update also addresses several bugs, which can lead to crashes of \r\nWireshark. These are not treated as security issues, but are fixed \r\nnonetheless if security updates are scheduled: CVE-2011-3483, \r\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 1.2.11-6+squeeze6.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 1.6.5-1.\r\n\r\nWe recommend that you upgrade your wireshark packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk8i6FwACgkQXm3vHE4uylrDkQCg5khLjhIkYAbItri576Q4ufHt\r\nBFwAnjQINWnTLRDCg3CLlZOX6ke/Wn3T\r\n=o4sR\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "SECURITYVULNS:DOC:27668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27668", "title": "[SECURITY] [DSA 2395-1] wireshark security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2011-3483", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2395-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 \n CVE-2012-0067 CVE-2012-0068 \n\nLaurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the \nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of \nWireshark. These are not treated as security issues, but are fixed \nnonetheless if security updates are scheduled: CVE-2011-3483, \nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-01-27T18:27:11", "published": "2012-01-27T18:27:11", "id": "DEBIAN:DSA-2395-1:01533", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00019.html", "title": "[SECURITY] [DSA 2395-1] wireshark security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0068", "CVE-2012-0066", "CVE-2012-0041", "CVE-2012-0067"], "description": "\nWireshark reports:\n\nLaurent Butti discovered that Wireshark failed to properly check\n\t record sizes for many packet capture file formats\nWireshark could dereference a NULL pointer and crash.\nThe RLC dissector could overflow a buffer.\n\n", "edition": 4, "modified": "2010-01-10T00:00:00", "published": "2010-01-10T00:00:00", "id": "3EBB2DC8-4609-11E1-9F47-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html", "title": "Wireshark -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-10-03T12:05:58", "description": "The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0068", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0068"], "modified": "2017-09-27T01:29:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.11", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.6.5", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0068", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0043", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0043"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0043", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.\nPer: http://cwe.mitre.org/data/definitions/476.html\n\n'CWE-476: NULL Pointer Dereference'", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0042", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0042"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0042", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0041", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0041"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0041", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0067", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0067"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0067", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.", "edition": 3, "cvss3": {}, "published": "2012-04-11T10:39:00", "title": "CVE-2012-0066", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0066"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.4.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.4.9", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.10", "cpe:/a:wireshark:wireshark:1.4.8", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2012-0066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0066", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0043"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2012-01-22T22:52:56", "published": "2012-01-22T22:52:56", "id": "FEDORA:4675F20B8C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: wireshark-1.6.5-1.fc16", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0043"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2012-01-24T20:01:29", "published": "2012-01-24T20:01:29", "id": "FEDORA:8207220B7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: wireshark-1.4.11-1.fc15", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-10-30T13:25:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0125\n\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031161.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/006657.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0125.html", "edition": 11, "modified": "2013-01-11T13:19:17", "published": "2013-01-09T19:42:29", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/031161.html", "id": "CESA-2013:0125", "title": "wireshark security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:29:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0509\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030629.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0509.html", "edition": 3, "modified": "2012-04-24T14:27:48", "published": "2012-04-24T14:27:48", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030629.html", "id": "CESA-2012:0509", "title": "wireshark security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "description": "[1.0.15-5.0.1.el5]\r\n- Added oracle-ocfs2-network.patch\r\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\r\n \n[1.0.15-5]\r\n- fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290\r\n (#849521)\r\n \n[1.0.15-4]\r\n- fixed NetDump dissector (#484999)\r\n \n[1.0.15-3]\r\n- fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066\r\n CVE-2012-0067\r\n \n[1.0.15-2]\r\n- fixed tshark -s option (#580513)\r\n- fixed tshark exit code when dumpcap fails (#580510)\r\n- fixed editing of columns in Wireshark preferences (#493693)\r\n- added netdump protocol dissector (#484999)\r\n- fixed tshark / Wireshark automatic filter when started in ssh connection\r\n over IPv6 (#438473)", "edition": 4, "modified": "2013-01-11T00:00:00", "published": "2013-01-11T00:00:00", "id": "ELSA-2013-0125", "href": "http://linux.oracle.com/errata/ELSA-2013-0125.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "description": "[1.2.15-2.0.1.el6_2.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.2.15-2.1]\n- security patches\n- Resolves: CVE-2011-1143\n CVE-2011-1590\n CVE-2011-1957\n CVE-2011-1959\n CVE-2011-2174\n CVE-2011-2175 CVE-2011-1958\n CVE-2011-2597 CVE-2011-2698\n CVE-2011-4102\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\n CVE-2012-0042\n CVE-2012-1595", "edition": 4, "modified": "2012-04-23T00:00:00", "published": "2012-04-23T00:00:00", "id": "ELSA-2012-0509", "href": "http://linux.oracle.com/errata/ELSA-2012-0509.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:14", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5598", "CVE-2013-3561", "CVE-2011-2174", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-5595", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2013-4933", "CVE-2012-4288", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-4292", "CVE-2013-4927", "CVE-2012-5599", "CVE-2013-3559", "CVE-2012-6060", "CVE-2013-4932", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-2392", "CVE-2012-6056", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2012-4290", "CVE-2011-1143", "CVE-2012-5600", "CVE-2013-4083", "CVE-2012-6061", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-6062", "CVE-2013-4935", "CVE-2013-4081", "CVE-2013-3557", "CVE-2012-6059", "CVE-2011-1958", "CVE-2013-4934", "CVE-2012-5597", "CVE-2013-5721", "CVE-2012-3825"], "description": "[1.8.10-4.0.1.el6]\r\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\r\n \n[1.8.10-4]\r\n- fix memory leak when reassemblying a packet\r\n- Related: #711024\r\n \n[1.8.10-3]\r\n- fix config.h conflict\r\n- Related: #711024\r\n \n[1.8.10-2]\r\n- do not configure with setcap-install\r\n- Related: #711024\r\n \n[1.8.10-1]\r\n- upgrade to 1.8.10\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html\r\n- Related: #711024\r\n \n[1.8.8-10]\r\n- fix consolehelper path for dumpcap\r\n- Related: #711024\r\n \n[1.8.8-9]\r\n- fix dumpcap group\r\n- Related: #711024\r\n \n[1.8.8-8]\r\n- fix tshark output streams and formatting for -L, -D\r\n- Resolves: #1004636\r\n \n[1.8.8-7]\r\n- fix double free in wiretap/netmon.c\r\n- Related: #711024\r\n \n[1.8.8-6]\r\n- security patches\r\n- Resolves: CVE-2013-4927\r\n CVE-2013-4931\r\n CVE-2013-4932\r\n CVE-2013-4933\r\n CVE-2013-4934\r\n CVE-2013-4935\r\n CVE-2013-3557\r\n \n[1.8.8-5]\r\n- fix desktop file\r\n- Related: #711024\r\n \n[1.8.8-4]\r\n- fix tap-iostat buffer overflow\r\n- fix dcom string overrun\r\n- fix sctp bytes graph crash\r\n- fix airpcap dialog crash\r\n- Related: #711024\r\n \n[1.8.8-3]\r\n- fix dumpcap privileges to 755\r\n- Related: #711024\r\n \n[1.8.8-2]\r\n- new sources\r\n- Related: #711024\r\n \n[1.8.8-1]\r\n- upgrade to 1.8.8\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\r\n- Resolves: #711024\r\n- Resolves: #858976\r\n- Resolves: #699636\r\n- Resolves: #750712\r\n- Resolves: #832021\r\n- Resolves: #889346\r\n- Resolves: #659661\r\n- Resolves: #715560\r\n \n[1.2.15-3]\r\n- security patches\r\n- Resolves: CVE-2011-1143\r\n CVE-2011-1590\r\n CVE-2011-1957\r\n CVE-2011-1959\r\n CVE-2011-2174\r\n CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2597 CVE-2011-2698\r\n CVE-2011-4102\r\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\r\n CVE-2012-0042\r\n CVE-2012-1595", "edition": 4, "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "ELSA-2013-1569", "href": "http://linux.oracle.com/errata/ELSA-2013-1569.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2175", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-4285", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291"], "description": "Wireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n", "modified": "2017-09-08T12:15:55", "published": "2013-01-08T05:00:00", "id": "RHSA-2013:0125", "href": "https://access.redhat.com/errata/RHSA-2013:0125", "type": "redhat", "title": "(RHSA-2013:0125) Moderate: wireshark security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:26", "published": "2012-04-23T04:00:00", "id": "RHSA-2012:0509", "href": "https://access.redhat.com/errata/RHSA-2012:0509", "type": "redhat", "title": "(RHSA-2012:0509) Moderate: wireshark security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-04T03:57:01", "description": "Wireshark Buffer Underflow and Denial of Service Vulnerabilities. CVE-2012-0067. Dos exploit for linux platform", "published": "2012-01-10T00:00:00", "type": "exploitdb", "title": "Wireshark - Buffer Underflow and Denial of Service Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0067"], "modified": "2012-01-10T00:00:00", "id": "EDB-ID:36633", "href": "https://www.exploit-db.com/exploits/36633/", "sourceData": "source: http://www.securityfocus.com/bid/51710/info\r\n\r\nWireshark is prone to a buffer-underflow vulnerability and multiple denial-of-service vulnerabilities.\r\n\r\nRemote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.\r\n\r\nWireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36633.zip", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36633/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0068", "CVE-2013-3561", "CVE-2012-4297", "CVE-2012-4048", "CVE-2013-4921", "CVE-2013-4079", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-4049", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2012-4288", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2012-4294", "CVE-2012-4292", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2012-0043", "CVE-2013-3558", "CVE-2013-3556", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-4287", "CVE-2012-4298", "CVE-2012-4296", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2012-3548", "CVE-2012-0042", "CVE-2013-4923", "CVE-2013-4925", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2013-4083", "CVE-2013-4922", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-4286", "CVE-2012-4293", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2012-4295", "CVE-2013-4077"], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.10.1\"\n \n\nAll Wireshark 1.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.8.9\"", "modified": "2013-08-30T00:00:00", "published": "2013-08-28T00:00:00", "id": "GLSA-201308-05", "href": "https://security.gentoo.org/glsa/201308-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}