Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2023 Tenable Network Security, Inc.WIRESHARK_1_8_8.NASL
HistoryJun 14, 2013 - 12:00 a.m.

Wireshark 1.8.x < 1.8.8 Multiple Vulnerabilities

2013-06-1400:00:00
This script is Copyright (C) 2013-2023 Tenable Network Security, Inc.
www.tenable.com
52

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.061 Low

EPSS

Percentile

93.6%

JSON

The installed version of Wireshark 1.8 is earlier than 1.8.8. It is, therefore, affected by the following vulnerabilities :

  • Errors exist in the CAPWAP, DCP ETSI, GSM CBCH, GMR-1 BCCH, PPP, NBAP, RDP dissectors that could allow them to crash. (Bugs 7664, 7880, 8697, 8717, 8725, 8726, 8727, 8729, 8730)

  • An error exists in the Assa Abloy R3 dissector that could cause a denial of service, resulting in consumption of excessive memory and CPU. (Bug 8764)

  • An error exists in the HTTP dissector that could overrun the stack, which could result in an application crash.
    (Bug 8733)

  • An error exists in the Ixia IxVeriWave file parser that could overflow the heap, resulting in consumption of excessive CPU resources and crash. (Bug 8760)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(66895);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/09");

  script_cve_id(
    "CVE-2013-4074",
    "CVE-2013-4075",
    "CVE-2013-4076",
    "CVE-2013-4077",
    "CVE-2013-4078",
    "CVE-2013-4079",
    "CVE-2013-4080",
    "CVE-2013-4081",
    "CVE-2013-4082",
    "CVE-2013-4083"
  );
  script_bugtraq_id(
    60448,
    60495,
    60498,
    60499,
    60500,
    60501,
    60502,
    60503,
    60504,
    60505,
    60506
  );

  script_name(english:"Wireshark 1.8.x < 1.8.8 Multiple Vulnerabilities");
  script_summary(english:"Does a version check");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Wireshark 1.8 is earlier than 1.8.8.  It is,
therefore, affected by the following vulnerabilities :

  - Errors exist in the CAPWAP, DCP ETSI, GSM CBCH, GMR-1 
    BCCH, PPP, NBAP, RDP dissectors that could allow them to
    crash. (Bugs 7664, 7880, 8697, 8717, 8725, 8726, 8727, 
    8729, 8730)

  - An error exists in the Assa Abloy R3 dissector that
    could cause a denial of service, resulting in
    consumption of excessive memory and CPU. (Bug 8764)

  - An error exists in the HTTP dissector that could overrun
    the stack, which could result in an application crash.
    (Bug 8733)

  - An error exists in the Ixia IxVeriWave file parser that
    could overflow the heap, resulting in consumption of
    excessive CPU resources and crash. (Bug 8760)");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-32.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-33.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-34.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-35.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-36.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-37.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-38.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-39.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-40.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2013-41.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Wireshark version 1.8.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2023 Tenable Network Security, Inc.");

  script_dependencies("wireshark_installed.nasl");
  script_require_keys("SMB/Wireshark/Installed");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'Wireshark', win_local:TRUE);

var constraints = [
  { 'min_version' : '1.8.0', 'max_version' : '1.8.7', 'fixed_version' : '1.8.8' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
wiresharkwiresharkcpe:/a:wireshark:wireshark

References

Related

mageia 2
openvas 34
nessus 30
debian 2
securityvulns 2
f5 2
fedora 3
cvelist 10
cve 10
zdt 1
debiancve 10
prion 10
ubuntucve 10
nvd 10
packetstorm 1
veracode 28
kaspersky 1
gentoo 1
redhat 3
oraclelinux 3
centos 3
amazon 2
ibm 1
osv 1
kitploit 1
mageia
mageia
Updated wireshark packages fix multiple security vulnerabilities
2013-06-26 22:08:11
Updated wireshark packages fix multiple security vulverabilities
2013-06-26 22:07:40
openvas
openvas
Debian: Security Advisory (DSA-2709-1)
2013-06-16 00:00:00
Wireshark Multiple Vulnerabilities - June 13 (Mac OS X)
2013-05-28 00:00:00
Wireshark Multiple Vulnerabilities (Jun 2013) - Windows
2013-05-28 00:00:00
nessus
nessus
Debian DSA-2709-1 : wireshark - several vulnerabilities
2013-06-18 00:00:00
SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8044 / 8045)
2013-07-28 00:00:00
Wireshark 1.6.x < 1.6.16 Multiple Vulnerabilities (macOS)
2023-05-26 00:00:00
debian
debian
[SECURITY] [DSA 2709-1] wireshark security update
2013-06-17 16:52:21
[SECURITY] [DLA 497-1] wireshark security update
2016-05-31 10:22:31
securityvulns
securityvulns
[ MDVSA-2013:172 ] wireshark
2013-06-17 00:00:00
Wireshark multiple security vulnerabilities
2013-06-17 00:00:00
f5
f5
SOL15868 - Multiple Wireshark vulnerabilities
2014-11-27 00:00:00
K15868 : Multiple Wireshark vulnerabilities
2015-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: wireshark-1.10.2-4.fc18
2013-12-19 07:14:40
[SECURITY] Fedora 19 Update: wireshark-1.10.2-6.fc19
2013-09-28 00:16:37
[SECURITY] Fedora 20 Update: wireshark-1.10.2-7.fc20
2013-10-03 01:07:39
cvelist
cvelist
CVE-2013-4080
2013-06-09 21:00:00
CVE-2013-4082
2013-06-09 21:00:00
CVE-2013-4074
2013-06-09 21:00:00
cve
cve
CVE-2013-4074
2013-06-09 21:55:01
CVE-2013-4082
2013-06-09 21:55:01
CVE-2013-4080
2013-06-09 21:55:01
zdt
zdt
Wireshark CAPWAP Dissector - Denial of Service (msf)
2014-06-01 00:00:00
debiancve
debiancve
CVE-2013-4074
2013-06-09 21:55:01
CVE-2013-4082
2013-06-09 21:55:01
CVE-2013-4080
2013-06-09 21:55:01
prion
prion
Heap overflow
2013-06-09 21:55:00
Design/Logic Flaw
2013-06-09 21:55:00
Design/Logic Flaw
2013-06-09 21:55:00
ubuntucve
ubuntucve
CVE-2013-4074
2013-06-09 00:00:00
CVE-2013-4080
2013-06-09 00:00:00
CVE-2013-4078
2013-06-09 00:00:00
nvd
nvd
CVE-2013-4082
2013-06-09 21:55:01
CVE-2013-4074
2013-06-09 21:55:01
CVE-2013-4079
2013-06-09 21:55:01
packetstorm
packetstorm
Wireshark CAPWAP Dissector Denial Of Service
2014-05-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:16:36
Denial Of Service (DoS)
2019-05-02 05:02:02
Denial Of Service (DoS)
2019-05-02 05:02:01
kaspersky
kaspersky
KLA10587 Denial of service vulnerability in Wireshark
2013-06-07 00:00:00
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2013-08-28 00:00:00
redhat
redhat
(RHSA-2017:0631) Moderate: wireshark security and bug fix update
2017-03-21 06:17:44
(RHSA-2014:0341) Moderate: wireshark security update
2014-03-31 00:00:00
(RHSA-2013:1569) Moderate: wireshark security, bug fix, and enhancement update
2013-11-21 00:00:00
oraclelinux
oraclelinux
wireshark security and bug fix update
2017-03-27 00:00:00
wireshark security update
2014-03-31 00:00:00
wireshark security, bug fix, and enhancement update
2013-11-25 00:00:00
centos
centos
wireshark security update
2017-03-24 15:46:57
wireshark security update
2014-03-31 17:51:37
wireshark security update
2013-11-26 13:33:12
amazon
amazon
Medium: wireshark
2017-04-04 12:00:00
Medium: wireshark
2013-12-02 20:29:00
ibm
ibm
Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.
2020-10-28 17:16:55
osv
osv
wireshark - security update
2016-05-31 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for WIRESHARK_1_8_8.NASL
mageia2openvas34nessus30debian2securityvulns2f52fedora3cvelist10cve10zdt1debiancve10prion10ubuntucve10nvd10packetstorm1veracode28kaspersky1gentoo1redhat3oraclelinux3centos3amazon2ibm1osv1kitploit1