Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 Tenable Network Security, Inc.WIRESHARK_2_2_2.NASL
HistoryDec 01, 2016 - 12:00 a.m.

Wireshark 2.0.x < 2.0.8 / 2.2.x < 2.2.2 Multiple DoS

2016-12-0100:00:00
This script is Copyright (C) 2016-2023 Tenable Network Security, Inc.
www.tenable.com
32
JSON

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.8 or 2.2.x prior to 2.2.2. It is, therefore, affected by multiple denial of service vulnerabilities :

  • A flaw exists in the dissect_PNIO_C_SDU_RTC1() function in packet-pn-rtc-one.c that causes excessive looping. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to exhaust available resources. Note that this vulnerability only affects 2.2.x versions.
    (CVE-2016-9372)

  • A use-after-free error exists in the DCEPRC dissector due to improper handling of IA5 SMS decoding. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash.
    (CVE-2016-9373)

  • A buffer over-read flaw exists in the AllJoyn dissector due to improper handling of signature lengths. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash.
    (CVE-2016-9374)

  • A flaw exists in the DTN dissector in the display_metadata_block() function due to improper SDNV evaluation. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause an infinite loop. (CVE-2016-9375)

  • Multiple flaws exist in the OpenFlow dissector in packet-openflow_v5.c due to improper handling of too short data lengths. An unauthenticated, remote attacker can exploit this, via specially crafted network traffic or a specially crafted capture file, to cause the application to crash. (CVE-2016-9376)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(95435);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/09");

  script_cve_id(
    "CVE-2016-9372",
    "CVE-2016-9373",
    "CVE-2016-9374",
    "CVE-2016-9375",
    "CVE-2016-9376"
  );
script_bugtraq_id(
    94368,
    94369
  );

  script_name(english:"Wireshark 2.0.x < 2.0.8 / 2.2.x < 2.2.2 Multiple DoS");
  script_summary(english:"Checks the version of Wireshark.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by
multiple denial of service vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.8 or 2.2.x prior to 2.2.2. It is, therefore, affected by
multiple denial of service vulnerabilities :

  - A flaw exists in the dissect_PNIO_C_SDU_RTC1() function
    in packet-pn-rtc-one.c that causes excessive looping. An 
    unauthenticated, remote attacker can exploit this, via
    specially crafted network traffic or a specially crafted
    capture file, to exhaust available resources. Note that
    this vulnerability only affects 2.2.x versions.
    (CVE-2016-9372)

  - A use-after-free error exists in the DCEPRC dissector
    due to improper handling of IA5 SMS decoding. An
    unauthenticated, remote attacker can exploit this, via
    specially crafted network traffic or a specially crafted
    capture file, to cause the application to crash.
    (CVE-2016-9373)

  - A buffer over-read flaw exists in the AllJoyn dissector
    due to improper handling of signature lengths. An
    unauthenticated, remote attacker can exploit this, via
    specially crafted network traffic or a specially crafted
    capture file, to cause the application to crash.
    (CVE-2016-9374)

  - A flaw exists in the DTN dissector in the
    display_metadata_block() function due to improper SDNV
    evaluation. An unauthenticated, remote attacker can
    exploit this, via specially crafted network traffic or a
    specially crafted capture file, to cause an infinite
    loop. (CVE-2016-9375)

  - Multiple flaws exist in the OpenFlow dissector in
    packet-openflow_v5.c due to improper handling of too
    short data lengths. An unauthenticated, remote attacker
    can exploit this, via specially crafted network traffic
    or a specially crafted capture file, to cause the
    application to crash. (CVE-2016-9376)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2016-58.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2016-59.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2016-60.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2016-61.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2016-62.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Wireshark version 2.0.8 / 2.2.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2023 Tenable Network Security, Inc.");

  script_dependencies("wireshark_installed.nasl");
  script_require_keys("installed_sw/Wireshark");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'Wireshark', win_local:TRUE);

var constraints = [
  { 'min_version' : '2.2.0', 'max_version' : '2.2.1', 'fixed_version' : '2.2.2' },
  { 'min_version' : '2.0.0', 'max_version' : '2.0.7', 'fixed_version' : '2.0.8' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
wiresharkwiresharkcpe:/a:wireshark:wireshark

Related

nessus 7
freebsd 1
altlinux 2
kaspersky 1
osv 2
openvas 11
archlinux 3
debian 3
mageia 1
prion 5
cve 5
ubuntucve 5
debiancve 5
redhatcve 5
nessus
nessus
openSUSE Security Update : wireshark (openSUSE-2016-2923)
2016-11-29 00:00:00
FreeBSD : wireshark -- multiple vulnerabilities (7fff2b16-b0ee-11e6-86b8-589cfc054129)
2016-12-01 00:00:00
Debian DLA-714-1 : wireshark security update
2016-11-22 00:00:00
freebsd
freebsd
wireshark -- multiple vulnerabilities
2016-11-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 2.2.2-alt1
2016-11-21 00:00:00
Security fix for the ALT Linux 7 package wireshark version 2.2.2-alt1
2016-11-21 00:00:00
kaspersky
kaspersky
KLA10905 Multiple denial of service vulnerabilities in Wireshark
2016-11-16 00:00:00
osv
osv
wireshark - security update
2016-11-21 00:00:00
wireshark - security update
2016-11-21 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3719-1)
2016-11-20 00:00:00
Debian: Security Advisory (DLA-714-1)
2023-03-08 00:00:00
Wireshark Multiple Denial of Service Vulnerabilities (Nov 2016) - Mac OS X
2016-11-18 00:00:00
archlinux
archlinux
[ASA-201611-25] wireshark-cli: multiple issues
2016-11-24 00:00:00
[ASA-201611-23] wireshark-gtk: multiple issues
2016-11-24 00:00:00
[ASA-201611-24] wireshark-qt: multiple issues
2016-11-24 00:00:00
debian
debian
[SECURITY] [DSA 3719-1] wireshark security update
2016-11-21 08:59:41
[SECURITY] [DLA 714-1] wireshark security update
2016-11-21 11:37:39
[SECURITY] [DSA 3719-1] wireshark security update
2016-11-21 08:59:41
mageia
mageia
Updated wireshark packages fix security vulnerability
2016-11-18 02:40:52
prion
prion
Input validation
2016-11-17 05:59:00
Design/Logic Flaw
2016-11-17 05:59:00
Code injection
2016-11-17 05:59:00
cve
cve
CVE-2016-9372
2016-11-17 05:59:00
CVE-2016-9373
2016-11-17 05:59:00
CVE-2016-9375
2016-11-17 05:59:00
ubuntucve
ubuntucve
CVE-2016-9372
2016-11-17 00:00:00
CVE-2016-9374
2016-11-17 00:00:00
CVE-2016-9373
2016-11-17 00:00:00
debiancve
debiancve
CVE-2016-9372
2016-11-17 05:59:00
CVE-2016-9373
2016-11-17 05:59:00
CVE-2016-9375
2016-11-17 05:59:00
redhatcve
redhatcve
CVE-2016-9372
2016-11-18 09:47:47
CVE-2016-9376
2016-11-18 09:47:26
CVE-2016-9375
2016-11-18 09:47:31
JSON
Related for WIRESHARK_2_2_2.NASL
nessus7freebsd1altlinux2kaspersky1osv2openvas11archlinux3debian3mageia1prion5cve5ubuntucve5debiancve5redhatcve5