Search...

Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)

2010-12-09T00:00:00

ID OPENVAS:1361412562310801554
Type openvas
Reporter Copyright (C) 2010 Greenbone Networks GmbH
Modified 2020-04-23T00:00:00

Description

This host is installed with Wireshark and is prone to denial of service vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)
#
# Authors:
# Antu Sanadi &lt;santu@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801554");
  script_version("2020-04-23T12:22:09+0000");
  script_tag(name:"last_modification", value:"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)");
  script_tag(name:"creation_date", value:"2010-12-09 06:36:39 +0100 (Thu, 09 Dec 2010)");
  script_cve_id("CVE-2010-4301");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)");
  script_xref(name:"URL", value:"http://secunia.com/advisories/42290");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/3038");
  script_xref(name:"URL", value:"http://www.wireshark.org/security/wnpa-sec-2010-14.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_wireshark_detect_win.nasl");
  script_mandatory_keys("Wireshark/Win/Ver");
  script_tag(name:"impact", value:"Successful exploitation will allow attackers to crash the application.");
  script_tag(name:"affected", value:"Wireshark version 1.4.0 to 1.4.1");
  script_tag(name:"insight", value:"The flaw is due to error in 'epan/dissectors/packet-zbee-zcl.c' in the
  ZigBee ZCL dissector, which allows remote attackers to cause a denial of
  service (infinite loop) via a crafted ZCL packet.");
  script_tag(name:"solution", value:"Upgrade to Wireshark 1.4.2 or later.");
  script_tag(name:"summary", value:"This host is installed with Wireshark and is prone to denial of
  service vulnerability.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"http://www.wireshark.org/download");
  exit(0);
}


include("version_func.inc");

sharkVer = get_kb_item("Wireshark/Win/Ver");
if(!sharkVer){
  exit(0);
}

if(version_in_range(version:sharkVer, test_version:"1.4.0", test_version2:"1.4.1")){
  report = report_fixed_ver(installed_version:sharkVer, vulnerable_range:"1.4.0 - 1.4.1");
  security_message(port: 0, data: report);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310801554", "type": "openvas", "bulletinFamily": "scanner", "title": "Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "published": "2010-12-09T00:00:00", "modified": "2020-04-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801554", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.wireshark.org/security/wnpa-sec-2010-14.html", "http://www.wireshark.org/download", "http://www.vupen.com/english/advisories/2010/3038", "http://secunia.com/advisories/42290"], "cvelist": ["CVE-2010-4301"], "lastseen": "2020-04-27T19:23:08", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4301"]}, {"type": "openvas", "idList": ["OPENVAS:801554", "OPENVAS:1361412562310802846", "OPENVAS:70765", "OPENVAS:802846", "OPENVAS:136141256231070765"]}, {"type": "exploitdb", "idList": ["EDB-ID:15973"]}, {"type": "nessus", "idList": ["SUSE_11_1_WIRESHARK-101222.NASL", "GENTOO_GLSA-201110-02.NASL", "WIRESHARK_1_4_2.NASL", "SUSE_11_2_WIRESHARK-101222.NASL", "SUSE_11_3_WIRESHARK-101222.NASL", "SUSE_WIRESHARK-7438.NASL", "SUSE_11_WIRESHARK-110331.NASL", "SUSE_WIRESHARK-7439.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201110-02"]}], "modified": "2020-04-27T19:23:08", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-04-27T19:23:08", "rev": 2}, "vulnersScore": 5.3}, "pluginID": "1361412562310801554", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801554\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 06:36:39 +0100 (Thu, 09 Dec 2010)\");\n script_cve_id(\"CVE-2010-4301\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42290\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/3038\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to crash the application.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.4.0 to 1.4.1\");\n script_tag(name:\"insight\", value:\"The flaw is due to error in 'epan/dissectors/packet-zbee-zcl.c' in the\n ZigBee ZCL dissector, which allows remote attackers to cause a denial of\n service (infinite loop) via a crafted ZCL packet.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark 1.4.2 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.1\")){\n report = report_fixed_ver(installed_version:sharkVer, vulnerable_range:\"1.4.0 - 1.4.1\");\n security_message(port: 0, data: report);\n}\n", "naslFamily": "Denial of Service", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:45:04", "description": "epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.", "edition": 4, "cvss3": {}, "published": "2010-11-26T19:00:00", "title": "CVE-2010-4301", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4301"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.1"], "id": "CVE-2010-4301", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4301", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-19T10:48:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4301"], "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "modified": "2017-07-04T00:00:00", "published": "2010-12-09T00:00:00", "id": "OPENVAS:801554", "href": "http://plugins.openvas.org/nasl.php?oid=801554", "type": "openvas", "title": "Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_zigbee_zcl_dissector_dos_vuln_win.nasl 6519 2017-07-04 14:08:14Z cfischer $\n#\n# Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to crash the application.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.4.0 to 1.4.1\";\ntag_insight = \"The flaw is due to error in 'epan/dissectors/packet-zbee-zcl.c' in the\n ZigBee ZCL dissector, which allows remote attackers to cause a denial of\n service (infinite loop) via a crafted ZCL packet.\";\ntag_solution = \"Upgrade to Wireshark 1.4.2 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(801554);\n script_version(\"$Revision: 6519 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:08:14 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-09 06:36:39 +0100 (Thu, 09 Dec 2010)\");\n script_cve_id(\"CVE-2010-4301\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42290\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/3038\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Confirm Windows\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check version from 1.4.0 through 1.4.1\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.1\")){\n security_message(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4301"], "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "modified": "2017-04-17T00:00:00", "published": "2012-05-04T00:00:00", "id": "OPENVAS:802846", "href": "http://plugins.openvas.org/nasl.php?oid=802846", "type": "openvas", "title": "Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_zigbee_zcl_dissector_dos_vuln_macosx.nasl 5958 2017-04-17 09:02:19Z teissa $\n#\n# Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to crash the application.\n Impact Level: Application\";\ntag_affected = \"Wireshark version 1.4.0 to 1.4.1\";\ntag_insight = \"The flaw is due to an error in 'epan/dissectors/packet-zbee-zcl.c' in\n the ZigBee ZCL dissector, which allows remote attackers to cause a denial of\n service (infinite loop) via a crafted ZCL packet.\";\ntag_solution = \"Upgrade to Wireshark 1.4.2 or later.\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(802846);\n script_version(\"$Revision: 5958 $\");\n script_cve_id(\"CVE-2010-4301\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-17 11:02:19 +0200 (Mon, 17 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 18:39:35 +0530 (Fri, 04 May 2012)\");\n script_name(\"Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42290\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/3038\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2010-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check version from 1.4.0 through 1.4.1\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.1\")){\n security_message(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-26T15:07:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4301"], "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "modified": "2020-04-22T00:00:00", "published": "2012-05-04T00:00:00", "id": "OPENVAS:1361412562310802846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802846", "type": "openvas", "title": "Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802846\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2010-4301\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 18:39:35 +0530 (Fri, 04 May 2012)\");\n script_name(\"Wireshark ZigBee ZCL Dissector Denial of Service Vulnerability (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42290\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/3038\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2010-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to crash the application.\");\n script_tag(name:\"affected\", value:\"Wireshark version 1.4.0 to 1.4.1\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in 'epan/dissectors/packet-zbee-zcl.c' in\n the ZigBee ZCL dissector, which allows remote attackers to cause a denial of\n service (infinite loop) via a crafted ZCL packet.\");\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark 1.4.2 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to denial of\n service vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.1\")){\n report = report_fixed_ver(installed_version:sharkVer, vulnerable_range:\"1.4.0 - 1.4.1\");\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:50:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-02.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70765", "href": "http://plugins.openvas.org/nasl.php?oid=70765", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-02 (wireshark)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Wireshark allow for the remote\n execution of arbitrary code, or a Denial of Service condition.\";\ntag_solution = \"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=323859\nhttp://bugs.gentoo.org/show_bug.cgi?id=330479\nhttp://bugs.gentoo.org/show_bug.cgi?id=339401\nhttp://bugs.gentoo.org/show_bug.cgi?id=346191\nhttp://bugs.gentoo.org/show_bug.cgi?id=350551\nhttp://bugs.gentoo.org/show_bug.cgi?id=354197\nhttp://bugs.gentoo.org/show_bug.cgi?id=357237\nhttp://bugs.gentoo.org/show_bug.cgi?id=363895\nhttp://bugs.gentoo.org/show_bug.cgi?id=369683\nhttp://bugs.gentoo.org/show_bug.cgi?id=373961\nhttp://bugs.gentoo.org/show_bug.cgi?id=381551\nhttp://bugs.gentoo.org/show_bug.cgi?id=383823\nhttp://bugs.gentoo.org/show_bug.cgi?id=386179\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-02.\";\n\n \n \nif(description)\n{\n script_id(70765);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:38 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-02 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 1.4.9\"), vulnerable: make_list(\"lt 1.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-02.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070765", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070765", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-02 (wireshark)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:38 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-02 (wireshark)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Wireshark allow for the remote\n execution of arbitrary code, or a Denial of Service condition.\");\n script_tag(name:\"solution\", value:\"All Wireshark users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=323859\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=330479\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=339401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=346191\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=350551\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=354197\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=357237\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=363895\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=369683\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373961\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=381551\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=383823\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386179\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 1.4.9\"), vulnerable: make_list(\"lt 1.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-01T22:51:52", "description": "Wireshark - ZigBee ZCL Dissector Infinite Loop Denial of Service. Dos exploits for multiple platform", "published": "2011-01-11T00:00:00", "type": "exploitdb", "title": "Wireshark - ZigBee ZCL Dissector Infinite Loop Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4301"], "modified": "2011-01-11T00:00:00", "id": "EDB-ID:15973", "href": "https://www.exploit-db.com/exploits/15973/", "sourceData": "Source: http://www.securityfocus.com/bid/44986/info\r\n\r\nWireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.\r\n\r\nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions.\r\n\r\nWireshark 1.4.0 to 1.4.1 are vulnerable. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15973.pcap (44986.pcap)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/15973/"}], "nessus": [{"lastseen": "2021-04-01T07:45:55", "description": "The installed version of Wireshark is 1.2.x less than 1.2.13 or 1.4.x\nless than 1.4.2. Such versions are affected by the following\nvulnerabilities:\n\n - An error exists in the LDSS dissector that allows \n a series of malformed packets to cause a buffer\n overflow. (5318)\n\n - An error exists in the ZigBee ZCL dissector that allows\n a series of malformed packets to cause the dissector to\n enter an infinite loop. (5303)", "edition": 27, "published": "2010-11-22T00:00:00", "title": "Wireshark < 1.2.13 / 1.4.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4300", "CVE-2010-4301"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/50678", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50678);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2010-4300\", \"CVE-2010-4301\");\n script_bugtraq_id(44986, 44987);\n script_xref(name:\"EDB-ID\", value:\"15973\");\n script_xref(name:\"Secunia\", value:\"42290\");\n\n script_name(english:\"Wireshark < 1.2.13 / 1.4.2 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.2.x less than 1.2.13 or 1.4.x\nless than 1.4.2. Such versions are affected by the following\nvulnerabilities:\n\n - An error exists in the LDSS dissector that allows \n a series of malformed packets to cause a buffer\n overflow. (5318)\n\n - An error exists in the ZigBee ZCL dissector that allows\n a series of malformed packets to cause the dissector to\n enter an infinite loop. (5303)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.wireshark.org/security/wnpa-sec-2010-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www.wireshark.org/security/wnpa-sec-2010-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.4.2.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Wireshark version 1.2.13 / 1.4.2 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0, \"The 'SMB/Wireshark/*' KB items are missing.\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (\n version =~ \"^1\\.2($|\\.[0-9]|\\.1[012])($|[^0-9])\" || \n version =~ \"^1\\.4($|\\.[01])($|[^0-9])\"\n ) \n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.2.13 / 1.4.2\\n';\n else\n info2 += 'Version '+ version + ', under '+ installs[install] + '. ';\n}\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_warning(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_warning(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:05:12", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3731.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53689);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)\");\n script_summary(english:\"Check for the wireshark-3731 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:21", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/75771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75771);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-1.4.2-1.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"wireshark-devel-1.4.2-1.1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:43", "description": "Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)", "edition": 26, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2010-4301", "CVE-2010-3445", "CVE-2010-2993", "CVE-2010-2994"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_WIRESHARK-101222.NASL", "href": "https://www.tenable.com/plugins/nessus/53808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-3738.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53808);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)\");\n script_summary(english:\"Check for the wireshark-3738 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark version 1.4.2 fixes several security issues that allowed\nattackers to crash wireshark or potentially even execute arbitrary\ncode\n\n(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,\nCVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,\nCVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,\nCVE-2010-4301)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-1.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"wireshark-devel-1.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:18:08", "description": "Wireshark was updated to version 1.4.4 to fix several security issues.", "edition": 19, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2010-4301", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1138", "CVE-2011-0445"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2011-12-13T00:00:00", "id": "SUSE_WIRESHARK-7438.NASL", "href": "https://www.tenable.com/plugins/nessus/57261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57261);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7438.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.4.4-0.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:18:08", "description": "Wireshark was updated to version 1.4.4 to fix several security issues.", "edition": 19, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2010-4301", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1138", "CVE-2011-0445"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2011-04-07T00:00:00", "id": "SUSE_WIRESHARK-7439.NASL", "href": "https://www.tenable.com/plugins/nessus/53319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53319);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7439.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-1.4.4-0.37.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"wireshark-devel-1.4.4-0.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:41:57", "description": "Wireshark was updated to version 1.4.4 to fix several security issues", "edition": 24, "published": "2011-04-07T00:00:00", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2285", "CVE-2010-2284", "CVE-2010-2287", "CVE-2010-1455", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2010-4301", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1138", "CVE-2011-0445"], "modified": "2011-04-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:wireshark"], "id": "SUSE_11_WIRESHARK-110331.NASL", "href": "https://www.tenable.com/plugins/nessus/53315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53315);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1455\", \"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1143\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark was updated to version 1.4.4 to fix several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=613487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2283.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2992.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2993.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2994.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2995.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4301.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0713.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4267.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.4-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:45", "description": "The remote host is affected by the vulnerability described in GLSA-201110-02\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send specially crafted packets on a network\n being monitored by Wireshark, entice a user to open a malformed packet\n trace file using Wireshark, or deploy a specially crafted Lua script for\n use by Wireshark, possibly resulting in the execution of arbitrary code,\n or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2011-10-10T00:00:00", "title": "GLSA-201110-02 : Wireshark: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "modified": "2011-10-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:wireshark"], "id": "GENTOO_GLSA-201110-02.NASL", "href": "https://www.tenable.com/plugins/nessus/56426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56426);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2283\", \"CVE-2010-2284\", \"CVE-2010-2285\", \"CVE-2010-2286\", \"CVE-2010-2287\", \"CVE-2010-2992\", \"CVE-2010-2993\", \"CVE-2010-2994\", \"CVE-2010-2995\", \"CVE-2010-3133\", \"CVE-2010-3445\", \"CVE-2010-4300\", \"CVE-2010-4301\", \"CVE-2010-4538\", \"CVE-2011-0024\", \"CVE-2011-0444\", \"CVE-2011-0445\", \"CVE-2011-0538\", \"CVE-2011-0713\", \"CVE-2011-1138\", \"CVE-2011-1139\", \"CVE-2011-1140\", \"CVE-2011-1141\", \"CVE-2011-1142\", \"CVE-2011-1143\", \"CVE-2011-1590\", \"CVE-2011-1591\", \"CVE-2011-1592\", \"CVE-2011-1956\", \"CVE-2011-1957\", \"CVE-2011-1958\", \"CVE-2011-1959\", \"CVE-2011-2174\", \"CVE-2011-2175\", \"CVE-2011-2597\", \"CVE-2011-2698\", \"CVE-2011-3266\", \"CVE-2011-3360\", \"CVE-2011-3482\", \"CVE-2011-3483\");\n script_xref(name:\"GLSA\", value:\"201110-02\");\n\n script_name(english:\"GLSA-201110-02 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-02\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send specially crafted packets on a network\n being monitored by Wireshark, entice a user to open a malformed packet\n trace file using Wireshark, or deploy a specially crafted Lua script for\n use by Wireshark, possibly resulting in the execution of arbitrary code,\n or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark console.lua Pre-Loading Script Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 1.4.9\"), vulnerable:make_list(\"lt 1.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "modified": "2011-10-09T00:00:00", "published": "2011-10-09T00:00:00", "id": "GLSA-201110-02", "href": "https://security.gentoo.org/glsa/201110-02", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}