{"id": "OPENVAS:63595", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Core 9 FEDORA-2009-1877 (wireshark)", "description": "The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1877.", "published": "2009-03-20T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63595", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=485888", "https://bugzilla.redhat.com/show_bug.cgi?id=485889"], "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "lastseen": "2017-07-25T10:56:28", "viewCount": 1, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-07-25T10:56:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0600", "CVE-2009-0599"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063452", "OPENVAS:136141256231063595", "OPENVAS:136141256231063493", "OPENVAS:1361412562310800246", "OPENVAS:1361412562310800247", "OPENVAS:800247", "OPENVAS:63703", "OPENVAS:63493", "OPENVAS:63452", "OPENVAS:136141256231063703"]}, {"type": "fedora", "idList": ["FEDORA:0ABA5208770", "FEDORA:4A462208545"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0313.NASL", "FEDORA_2009-1798.NASL", "SL_20090304_WIRESHARK_ON_SL3_X.NASL", "FEDORA_2009-1877.NASL", "SUSE_WIRESHARK-6007.NASL", "SUSE_11_1_WIRESHARK-090218.NASL", "MANDRIVA_MDVSA-2009-058.NASL", "FREEBSD_PKG_F6F19735924549188A6087948EBB4907.NASL", "WIRESHARK_1_0_6.NASL", "SUSE_11_0_WIRESHARK-090218.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9702", "SECURITYVULNS:DOC:21402"]}, {"type": "freebsd", "idList": ["F6F19735-9245-4918-8A60-87948EBB4907"]}, {"type": "centos", "idList": ["CESA-2009:0313"]}, {"type": "redhat", "idList": ["RHSA-2009:0313"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0313"]}, {"type": "gentoo", "idList": ["GLSA-200906-05"]}], "modified": "2017-07-25T10:56:28", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "63595", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1877.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1877 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor security issues are fixed in new version of wireshark. Security-related\nbugs in the Tektronix K12 and NetScreen file formats have been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nChangeLog:\n\n* Tue Feb 17 2009 Radek Vokal 1.0.6-1\n- upgrade to 1.0.6\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update wireshark' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1877\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1877.\";\n\n\n\nif(description)\n{\n script_id(63595);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-1877 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485888\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485889\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T05:39:59", "description": "Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.", "edition": 4, "cvss3": {}, "published": "2009-02-16T20:30:00", "title": "CVE-2009-0600", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0600"], "modified": "2018-10-10T19:29:00", "cpe": ["cpe:/a:wireshark:wireshark:0.99.6a", "cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:0.99.6", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:1.0.3"], "id": "CVE-2009-0600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0600", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6a:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:39:59", "description": "Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.", "edition": 4, "cvss3": {}, "published": "2009-02-16T20:30:00", "title": "CVE-2009-0599", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0599"], "modified": "2018-10-10T19:29:00", "cpe": ["cpe:/a:wireshark:wireshark:1.0.5", "cpe:/a:wireshark:wireshark:1.0.0", "cpe:/a:wireshark:wireshark:1.0.2", "cpe:/a:wireshark:wireshark:1.0.4", "cpe:/a:wireshark:wireshark:1.0.1", "cpe:/a:wireshark:wireshark:0.99.8", "cpe:/a:wireshark:wireshark:1.0", "cpe:/a:wireshark:wireshark:0.99.7", "cpe:/a:wireshark:wireshark:1.0.3"], "id": "CVE-2009-0599", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0599", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "description": "The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1877.", "modified": "2018-04-06T00:00:00", "published": "2009-03-20T00:00:00", "id": "OPENVAS:136141256231063595", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063595", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-1877 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1877.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1877 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor security issues are fixed in new version of wireshark. Security-related\nbugs in the Tektronix K12 and NetScreen file formats have been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nChangeLog:\n\n* Tue Feb 17 2009 Radek Vokal 1.0.6-1\n- upgrade to 1.0.6\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update wireshark' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1877\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1877.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63595\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-1877 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485888\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485889\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "description": "The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1798.", "modified": "2018-04-06T00:00:00", "published": "2009-03-07T00:00:00", "id": "OPENVAS:136141256231063493", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063493", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1798 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1798.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1798 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Few minor security issues were fixed in new version of wireshark. Security-\nrelated bugs in the Tektronix K12 and NetScreen file formats have been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nChangeLog:\n\n* Tue Feb 17 2009 Radek Vokal 1.0.6-1\n- add netdump2 support\n- fix SELinux issues, remove pie patch\n- upgrade to 1.0.6\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update wireshark' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1798\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1798.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63493\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-1798 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485888\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485889\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "description": "The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1798.", "modified": "2017-07-10T00:00:00", "published": "2009-03-07T00:00:00", "id": "OPENVAS:63493", "href": "http://plugins.openvas.org/nasl.php?oid=63493", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1798 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1798.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1798 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Few minor security issues were fixed in new version of wireshark. Security-\nrelated bugs in the Tektronix K12 and NetScreen file formats have been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nChangeLog:\n\n* Tue Feb 17 2009 Radek Vokal 1.0.6-1\n- add netdump2 support\n- fix SELinux issues, remove pie patch\n- upgrade to 1.0.6\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update wireshark' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1798\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory FEDORA-2009-1798.\";\n\n\n\nif(description)\n{\n script_id(63493);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-1798 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485888\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=485889\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.0.6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-12-03T00:00:00", "published": "2009-02-20T00:00:00", "id": "OPENVAS:1361412562310800246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800246", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities Feb 09 (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_feb09_lin.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities Feb 09 (Linux)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:wireshark:wireshark';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800246\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-20 17:40:17 +0100 (Fri, 20 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_bugtraq_id(33690);\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_name(\"Wireshark Multiple Vulnerabilities Feb 09 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_lin.nasl\");\n script_mandatory_keys(\"Wireshark/Linux/Ver\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/33872\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2009-01.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause denial of service to the\n application by crafting malicious packets.\");\n\n script_tag(name:\"affected\", value:\"Wireshark for Linux version 0.99.6 through 1.0.5.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - a boundary error in the processing of NetScreen Snoop capture files.\n\n - format string vulnerability in wireshark through format string specifiers\n in the HOME environment variable.\n\n - improper handling of Tektronix K12 text capture files as demonstrated by a\n file with exactly one frame.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version 1.0.6.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!ver = get_app_version(cpe:CPE)) exit(0);\n\nif(version_in_range(version:ver, test_version:\"0.99.6\",\n test_version2:\"1.0.5\")){\n report = report_fixed_ver(installed_version:ver, fixed_version:\"1.0.6\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "The remote host is missing an update to wireshark\nannounced via advisory MDVSA-2009:058.", "modified": "2018-04-06T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:136141256231063452", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063452", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:058 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_058.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:058 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through\n1.0.5 allows user-assisted remote attackers to cause a denial\nof service (application crash) via a malformed NetScreen snoop\nfile. (CVE-2009-0599)\n\nWireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to\ncause a denial of service (application crash) via a crafted Tektronix\nK12 text capture file, as demonstrated by a file with exactly one\nframe. (CVE-2009-0600)\n\nFormat string vulnerability in Wireshark 0.99.8 through 1.0.5\non non-Windows platforms allows local users to cause a denial of\nservice (application crash) via format string specifiers in the HOME\nenvironment variable. (CVE-2009-0601)\n\nThis update provides Wireshark 1.0.6, which is not vulnerable to\nthese issues.\n\nAffected: 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:058\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory MDVSA-2009:058.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63452\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:058 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-29T22:26:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2020-04-27T00:00:00", "published": "2009-02-20T00:00:00", "id": "OPENVAS:1361412562310800247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800247", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities Feb-09 (Windows)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark Multiple Vulnerabilities Feb-09 (Windows)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800247\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-02-20 17:40:17 +0100 (Fri, 20 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_bugtraq_id(33690);\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_name(\"Wireshark Multiple Vulnerabilities Feb-09 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/33872\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2009-01.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause denial of service to the\n application by crafting malicious packets.\");\n script_tag(name:\"affected\", value:\"Wireshark for Windows version 1.0.5 and prior.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - a boundary error in the processing of NetScreen Snoop capture files.\n\n - format string vulnerability in wireshark through format string specifiers\n in the HOME environment variable.\n\n - improper handling of Tektronix K12 text capture files as demonstrated by a\n file with exactly one frame.\");\n script_tag(name:\"solution\", value:\"Upgrade to the latest version 1.0.6.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nwireshark = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wireshark)\n exit(0);\n\nif(version_in_range(version:wireshark, test_version:\"0.99.6\", test_version2:\"1.0.5\")){\n report = report_fixed_ver(installed_version:wireshark, vulnerable_range:\"0.99.6 - 1.0.5\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:13:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-03-31T00:00:00", "id": "OPENVAS:63703", "href": "http://plugins.openvas.org/nasl.php?oid=63703", "type": "openvas", "title": "wireshark -- multiple vulnerabilities", "sourceData": "#\n#VID f6f19735-9245-4918-8a60-87948ebb4907\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID f6f19735-9245-4918-8a60-87948ebb4907\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ethereal\n ethereal-lite\n tethereal\n tethereal-lite\n wireshark\n wireshark-lite\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\nhttp://www.vuxml.org/freebsd/f6f19735-9245-4918-8a60-87948ebb4907.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63703);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_name(\"wireshark -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package ethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package ethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package tethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package tethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-01-09T00:00:00", "published": "2009-02-20T00:00:00", "id": "OPENVAS:800247", "href": "http://plugins.openvas.org/nasl.php?oid=800247", "type": "openvas", "title": "Wireshark Multiple Vulnerabilities Feb-09 (Windows)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_feb09_win.nasl 4970 2017-01-09 15:00:59Z teissa $\n#\n# Wireshark Multiple Vulnerabilities Feb-09 (Windows)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause denial of service to the\n application by crafting malicious packets.\";\ntag_affected = \"Wireshark for Windows version 1.0.5 and prior.\";\ntag_insight = \"Multiple flaws are due to,\n - a boundary error in the processing of NetScreen Snoop capture files.\n - format string vulnerability in wireshark through format string specifiers\n in the HOME environment variable.\n - improper handling of Tektronix K12 text capture files as demonstrated by a\n file with exactly one frame.\";\ntag_solution = \"Upgrade to the latest version 1.0.6\n http://www.wireshark.org/download.html\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(800247);\n script_version(\"$Revision: 4970 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-09 16:00:59 +0100 (Mon, 09 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-20 17:40:17 +0100 (Fri, 20 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_bugtraq_id(33690);\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_name(\"Wireshark Multiple Vulnerabilities Feb-09 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/33872\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2009-01.html\");\n script_xref(name : \"URL\" , value : \"https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwireshark = get_kb_item(\"Wireshark/Win/Ver\");\nif(!wireshark){\n exit(0);\n}\n\n# Grep for Wireshark version 0.99.6 and prior to 1.0.6\nif(version_in_range(version:wireshark, test_version:\"0.99.6\",\n test_version2:\"1.0.5\")){\n security_message(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "The remote host is missing an update to wireshark\nannounced via advisory MDVSA-2009:058.", "modified": "2017-07-06T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:63452", "href": "http://plugins.openvas.org/nasl.php?oid=63452", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:058 (wireshark)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_058.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:058 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through\n1.0.5 allows user-assisted remote attackers to cause a denial\nof service (application crash) via a malformed NetScreen snoop\nfile. (CVE-2009-0599)\n\nWireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to\ncause a denial of service (application crash) via a crafted Tektronix\nK12 text capture file, as demonstrated by a file with exactly one\nframe. (CVE-2009-0600)\n\nFormat string vulnerability in Wireshark 0.99.8 through 1.0.5\non non-Windows platforms allows local users to cause a denial of\nservice (application crash) via format string specifiers in the HOME\nenvironment variable. (CVE-2009-0601)\n\nThis update provides Wireshark 1.0.6, which is not vulnerable to\nthese issues.\n\nAffected: 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:058\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory MDVSA-2009:058.\";\n\n \n\nif(description)\n{\n script_id(63452);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:058 (wireshark)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dumpcap\", rpm:\"dumpcap~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark0\", rpm:\"libwireshark0~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwireshark-devel\", rpm:\"libwireshark-devel~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rawshark\", rpm:\"rawshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tshark\", rpm:\"tshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-tools\", rpm:\"wireshark-tools~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark0\", rpm:\"lib64wireshark0~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wireshark-devel\", rpm:\"lib64wireshark-devel~1.0.6~0.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-03-31T00:00:00", "id": "OPENVAS:136141256231063703", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063703", "type": "openvas", "title": "wireshark -- multiple vulnerabilities", "sourceData": "#\n#VID f6f19735-9245-4918-8a60-87948ebb4907\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID f6f19735-9245-4918-8a60-87948ebb4907\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ethereal\n ethereal-lite\n tethereal\n tethereal-lite\n wireshark\n wireshark-lite\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\nhttp://www.vuxml.org/freebsd/f6f19735-9245-4918-8a60-87948ebb4907.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63703\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_name(\"wireshark -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package ethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package ethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package tethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package tethereal-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.6\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2009-03-16T19:54:08", "published": "2009-03-16T19:54:08", "id": "FEDORA:0ABA5208770", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: wireshark-1.0.6-1.fc9", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2009-03-05T16:35:39", "published": "2009-03-05T16:35:39", "id": "FEDORA:4A462208545", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: wireshark-1.0.6-1.fc10", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:07:07", "description": "Few minor security issues were fixed in new version of wireshark.\nSecurity- related bugs in the Tektronix K12 and NetScreen file formats\nhave been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html NFSv4.1: Add\nsupport for backchannel decoding - Dynamically registers a callback\ndissector based on the CREATE_SESSION args. - Supports the decoding of\nCB_SEQUENCE, CB_RECALL, CB_LAYOUTRECALL operations\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : wireshark-1.0.6-1.fc10 (2009-1798)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:wireshark"], "id": "FEDORA_2009-1798.NASL", "href": "https://www.tenable.com/plugins/nessus/37388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1798.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37388);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_xref(name:\"FEDORA\", value:\"2009-1798\");\n\n script_name(english:\"Fedora 10 : wireshark-1.0.6-1.fc10 (2009-1798)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Few minor security issues were fixed in new version of wireshark.\nSecurity- related bugs in the Tektronix K12 and NetScreen file formats\nhave been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html NFSv4.1: Add\nsupport for backchannel decoding - Dynamically registers a callback\ndissector based on the CREATE_SESSION args. - Supports the decoding of\nCB_SEQUENCE, CB_RECALL, CB_LAYOUTRECALL operations\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2009-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2009-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485889\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/020980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8baebabd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"wireshark-1.0.6-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:07", "description": "Minor security issues are fixed in new version of wireshark.\nSecurity-related bugs in the Tektronix K12 and NetScreen file formats\nhave been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-03-17T00:00:00", "title": "Fedora 9 : wireshark-1.0.6-1.fc9 (2009-1877)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "modified": "2009-03-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-1877.NASL", "href": "https://www.tenable.com/plugins/nessus/35933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1877.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35933);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_xref(name:\"FEDORA\", value:\"2009-1877\");\n\n script_name(english:\"Fedora 9 : wireshark-1.0.6-1.fc9 (2009-1877)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor security issues are fixed in new version of wireshark.\nSecurity-related bugs in the Tektronix K12 and NetScreen file formats\nhave been fixed.\nhttp://www.wireshark.org/security/wnpa-sec-2009-01.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2009-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2009-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485889\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021445.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12d0f230\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"wireshark-1.0.6-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T07:50:04", "description": "The installed version of Wireshark or Ethereal is affected by multiple\ndenial of service issues :\n\n - Wireshark could crash while reading a malformed NetScreen\n snoop file. (Bug 3151)\n\n - Wireshark could crash while reading a Tektronix K12 \n text capture file. (Bug 1937)", "edition": 27, "published": "2009-02-10T00:00:00", "title": "Wireshark / Ethereal 0.99.6 to 1.0.5 Multiple Denial of Service Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_0_6.NASL", "href": "https://www.tenable.com/plugins/nessus/35629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35629);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\");\n script_bugtraq_id(33690);\n script_xref(name:\"Secunia\", value:\"33872\");\n\n script_name(english:\"Wireshark / Ethereal 0.99.6 to 1.0.5 Multiple Denial of Service Vulnerabilities\");\n script_summary(english:\"Checks Wireshark / Ethereal version\"); \n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is susceptible to multiple\ndenial of service attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark or Ethereal is affected by multiple\ndenial of service issues :\n\n - Wireshark could crash while reading a malformed NetScreen\n snoop file. (Bug 3151)\n\n - Wireshark could crash while reading a Tektronix K12 \n text capture file. (Bug 1937)\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3151\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2009-01.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/news/20090206.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark 1.0.6 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/02/10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# Check each install.\ninstalls = get_kb_list(\"SMB/Wireshark/*\");\nif (isnull(installs)) exit(0);\n\ninfo = \"\";\ninfo2 = \"\";\nforeach install (keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n ver = split(version, sep:\".\", keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n v[i] = int(ver[i]);\n\n if (\n (\n ver[0] == 0 && \n (\n (ver[1] == 99 && ver[2] >= 6) ||\n ver[1] > 99\n )\n ) ||\n (ver[0] == 1 && ver[1] == 0 && ver[2] < 6)\n )\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.0.6\\n';\n else\n info2 += ' - Version ' + version + ', under ' + installs[install] + '\\n';\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark / Ethereal are\";\n else s = \" of Wireshark or Ethereal is\";\n\n report = string(\n \"\\n\",\n \"The following vulnerable instance\", s, \" installed on the\\n\",\n \"remote host :\\n\",\n \"\\n\",\n info\n );\n security_note(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_note(get_kb_item(\"SMB/transport\"));\n}\nif (info2)\n exit(0, \"The following instance(s) of Wireshark / Ethereal are installed and are not vulnerable : \"+info2);\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:51:28", "description": "Vendor reports :\n\nOn non-Windows systems Wireshark could crash if the HOME environment\nvariable contained sprintf-style string formatting characters.\nWireshark could crash while reading a malformed NetScreen snoop file.\nWireshark could crash while reading a Tektronix K12 text capture file.", "edition": 26, "published": "2009-03-23T00:00:00", "title": "FreeBSD : wireshark -- multiple vulnerabilities (f6f19735-9245-4918-8a60-87948ebb4907)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "modified": "2009-03-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tethereal", "p-cpe:/a:freebsd:freebsd:ethereal", "p-cpe:/a:freebsd:freebsd:wireshark-lite", "p-cpe:/a:freebsd:freebsd:wireshark", "p-cpe:/a:freebsd:freebsd:ethereal-lite", "p-cpe:/a:freebsd:freebsd:tethereal-lite"], "id": "FREEBSD_PKG_F6F19735924549188A6087948EBB4907.NASL", "href": "https://www.tenable.com/plugins/nessus/35990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35990);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n\n script_name(english:\"FreeBSD : wireshark -- multiple vulnerabilities (f6f19735-9245-4918-8a60-87948ebb4907)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vendor reports :\n\nOn non-Windows systems Wireshark could crash if the HOME environment\nvariable contained sprintf-style string formatting characters.\nWireshark could crash while reading a malformed NetScreen snoop file.\nWireshark could crash while reading a Tektronix K12 text capture file.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2009-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2009-01.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f6f19735-9245-4918-8a60-87948ebb4907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10d285bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ethereal-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tethereal-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ethereal<1.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ethereal-lite<1.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tethereal<1.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tethereal-lite<1.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark<1.0.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite<1.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:03", "description": "Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through\n1.0.5 allows user-assisted remote attackers to cause a denial of\nservice (application crash) via a malformed NetScreen snoop file.\n(CVE-2009-0599)\n\nWireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers\nto cause a denial of service (application crash) via a crafted\nTektronix K12 text capture file, as demonstrated by a file with\nexactly one frame. (CVE-2009-0600)\n\nFormat string vulnerability in Wireshark 0.99.8 through 1.0.5 on\nnon-Windows platforms allows local users to cause a denial of service\n(application crash) via format string specifiers in the HOME\nenvironment variable. (CVE-2009-0601)\n\nThis update provides Wireshark 1.0.6, which is not vulnerable to these\nissues.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2009:058)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libwireshark-devel", "p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:libwireshark0", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:lib64wireshark0", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:wireshark-tools", "p-cpe:/a:mandriva:linux:wireshark"], "id": "MANDRIVA_MDVSA-2009-058.NASL", "href": "https://www.tenable.com/plugins/nessus/37419", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:058. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37419);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n script_xref(name:\"MDVSA\", value:\"2009:058\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2009:058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through\n1.0.5 allows user-assisted remote attackers to cause a denial of\nservice (application crash) via a malformed NetScreen snoop file.\n(CVE-2009-0599)\n\nWireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers\nto cause a denial of service (application crash) via a crafted\nTektronix K12 text capture file, as demonstrated by a file with\nexactly one frame. (CVE-2009-0600)\n\nFormat string vulnerability in Wireshark 0.99.8 through 1.0.5 on\nnon-Windows platforms allows local users to cause a denial of service\n(application crash) via format string specifiers in the HOME\nenvironment variable. (CVE-2009-0601)\n\nThis update provides Wireshark 1.0.6, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/security/wnpa-sec-2009-01.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwireshark0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"dumpcap-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libwireshark-devel-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libwireshark0-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"rawshark-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tshark-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"wireshark-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"wireshark-tools-1.0.6-0.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"dumpcap-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wireshark0-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwireshark-devel-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwireshark0-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rawshark-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tshark-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"wireshark-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"wireshark-tools-1.0.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:03:46", "description": "wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : wireshark (wireshark-539)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_WIRESHARK-090218.NASL", "href": "https://www.tenable.com/plugins/nessus/40153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-539.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40153);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n\n script_name(english:\"openSUSE Security Update : wireshark (wireshark-539)\");\n script_summary(english:\"Check for the wireshark-539 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473828\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"wireshark-1.0.0-17.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"wireshark-devel-1.0.0-17.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:47:16", "description": "wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).", "edition": 24, "published": "2009-02-23T00:00:00", "title": "openSUSE 10 Security Update : wireshark (wireshark-6007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "modified": "2009-02-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:wireshark-devel"], "id": "SUSE_WIRESHARK-6007.NASL", "href": "https://www.tenable.com/plugins/nessus/35729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-6007.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35729);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n\n script_name(english:\"openSUSE 10 Security Update : wireshark (wireshark-6007)\");\n script_summary(english:\"Check for the wireshark-6007 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"wireshark-0.99.6-31.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"wireshark-devel-0.99.6-31.15\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:05:11", "description": "wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : wireshark (wireshark-539)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_WIRESHARK-090218.NASL", "href": "https://www.tenable.com/plugins/nessus/40322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-539.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40322);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0599\", \"CVE-2009-0600\", \"CVE-2009-0601\");\n\n script_name(english:\"openSUSE Security Update : wireshark (wireshark-539)\");\n script_summary(english:\"Check for the wireshark-539 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wireshark: fixed crashes while reading capture files containing\nNetScreen data (CVE-2009-0599), Tektronix K12 capture files\n(CVE-2009-0600) and and a format string vulnerability (CVE-2009-0601).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=473828\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-1.0.4-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"wireshark-devel-1.0.4-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:44:08", "description": "Multiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network or opened a malformed dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-4680,\nCVE-2008-4681, CVE-2008-4682,CVE-2008-4684, CVE-2008-4685,\nCVE-2008-5285, CVE-2009-0600)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2008-5285", "CVE-2009-0599", "CVE-2009-0600", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-4682"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090304_WIRESHARK_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60541);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4680\", \"CVE-2008-4681\", \"CVE-2008-4682\", \"CVE-2008-4683\", \"CVE-2008-4684\", \"CVE-2008-4685\", \"CVE-2008-5285\", \"CVE-2009-0599\", \"CVE-2009-0600\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network or opened a malformed dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-4680,\nCVE-2008-4681, CVE-2008-4682,CVE-2008-4684, CVE-2008-4685,\nCVE-2008-5285, CVE-2009-0600)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0903&L=scientific-linux-errata&T=0&P=326\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcc831f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark and / or wireshark-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-1.0.6-EL3.3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"wireshark-gnome-1.0.6-EL3.3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"wireshark-1.0.6-2.el4_7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"wireshark-gnome-1.0.6-2.el4_7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"wireshark-1.0.6-2.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"wireshark-gnome-1.0.6-2.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:32", "description": "Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network or opened a malformed dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-4680,\nCVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685,\nCVE-2008-5285, CVE-2009-0600)\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.6, and resolve these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.", "edition": 27, "published": "2009-03-05T00:00:00", "title": "CentOS 3 / 4 : wireshark (CESA-2009:0313)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2008-6472", "CVE-2008-5285", "CVE-2009-0599", "CVE-2009-0600", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-4682"], "modified": "2009-03-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wireshark", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:wireshark-gnome", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-0313.NASL", "href": "https://www.tenable.com/plugins/nessus/35767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0313 and \n# CentOS Errata and Security Advisory 2009:0313 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35767);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4680\", \"CVE-2008-4681\", \"CVE-2008-4682\", \"CVE-2008-4683\", \"CVE-2008-4684\", \"CVE-2008-4685\", \"CVE-2008-5285\", \"CVE-2008-6472\", \"CVE-2009-0599\", \"CVE-2009-0600\");\n script_bugtraq_id(31838, 32422);\n script_xref(name:\"RHSA\", value:\"2009:0313\");\n\n script_name(english:\"CentOS 3 / 4 : wireshark (CESA-2009:0313)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark\nread a malformed packet off a network or opened a malformed dump file,\nit could crash or, possibly, execute arbitrary code as the user\nrunning Wireshark. (CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malformed dump file. (CVE-2008-4680,\nCVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685,\nCVE-2008-5285, CVE-2009-0600)\n\nUsers of wireshark should upgrade to these updated packages, which\ncontain Wireshark version 1.0.6, and resolve these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015800.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08f2711c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18722f83\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015651.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e0ec61c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?368d19bc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015656.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5878e1f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-March/015659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65ab81d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-1.0.6-EL3.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"wireshark-gnome-1.0.6-EL3.3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-1.0.6-2.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-1.0.6-2.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-1.0.6-2.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"wireshark-gnome-1.0.6-2.el4_7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"wireshark-gnome-1.0.6-2.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.0.6-2.el4_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-gnome\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:058\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : February 26, 2009\r\n Affected: 2008.1, 2009.0, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through\r\n 1.0.5 allows user-assisted remote attackers to cause a denial\r\n of service &#40;application crash&#41; via a malformed NetScreen snoop\r\n file. &#40;CVE-2009-0599&#41;\r\n \r\n Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to\r\n cause a denial of service &#40;application crash&#41; via a crafted Tektronix\r\n K12 text capture file, as demonstrated by a file with exactly one\r\n frame. &#40;CVE-2009-0600&#41;\r\n \r\n Format string vulnerability in Wireshark 0.99.8 through 1.0.5\r\n on non-Windows platforms allows local users to cause a denial of\r\n service &#40;application crash&#41; via format string specifiers in the HOME\r\n environment variable. &#40;CVE-2009-0601&#41;\r\n \r\n This update provides Wireshark 1.0.6, which is not vulnerable to\r\n these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601\r\n http://www.wireshark.org/security/wnpa-sec-2009-01.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 2d591a5772317d3587434424b8dc4a1d 2008.1/i586/dumpcap-1.0.6-0.1mdv2008.1.i586.rpm\r\n bf65e163112b4dc5db4041c552823bcb 2008.1/i586/libwireshark0-1.0.6-0.1mdv2008.1.i586.rpm\r\n 80056b13d9146428645d6e67cb2ed8ea 2008.1/i586/libwireshark-devel-1.0.6-0.1mdv2008.1.i586.rpm\r\n 7923294ad925674ef116b6273835d8ef 2008.1/i586/rawshark-1.0.6-0.1mdv2008.1.i586.rpm\r\n bd5a15d402a367058d61fd8dd6a2dcf9 2008.1/i586/tshark-1.0.6-0.1mdv2008.1.i586.rpm\r\n 5c7b0422b12d2eade1ce997de3766c6c 2008.1/i586/wireshark-1.0.6-0.1mdv2008.1.i586.rpm\r\n d116f95d212119516dbca4bf1d353cf5 2008.1/i586/wireshark-tools-1.0.6-0.1mdv2008.1.i586.rpm \r\n 2a31aab490fe670da93830f464154a48 2008.1/SRPMS/wireshark-1.0.6-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n b7213fd4bf53ad0cb41b5cc5ab1057df 2008.1/x86_64/dumpcap-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n 4e3f14a549d66f199171d6f91aa28c68 2008.1/x86_64/lib64wireshark0-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n aa39e29909ed34d5df2f0c85ac560c8f 2008.1/x86_64/lib64wireshark-devel-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n ef92c97f74a2811daf7d874755dd7777 2008.1/x86_64/rawshark-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n ea555917cd20aba1f0b4114730ad9924 2008.1/x86_64/tshark-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n c74402d6323f6a72188f214d2d002ef2 2008.1/x86_64/wireshark-1.0.6-0.1mdv2008.1.x86_64.rpm\r\n fa5e55f0a5934c2bae263e9151a40b16 2008.1/x86_64/wireshark-tools-1.0.6-0.1mdv2008.1.x86_64.rpm \r\n 2a31aab490fe670da93830f464154a48 2008.1/SRPMS/wireshark-1.0.6-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n c661639631224e605d41a2985af43c93 2009.0/i586/dumpcap-1.0.6-0.1mdv2009.0.i586.rpm\r\n bb633c409ddb95d2e6f6826b6fd2be3d 2009.0/i586/libwireshark0-1.0.6-0.1mdv2009.0.i586.rpm\r\n 5d2f7434a1dd322259907d14caf90e11 2009.0/i586/libwireshark-devel-1.0.6-0.1mdv2009.0.i586.rpm\r\n d32a3de9e13b83d991a2d6c8577f50c2 2009.0/i586/rawshark-1.0.6-0.1mdv2009.0.i586.rpm\r\n bcdf64d0e05d0bb964c946c83bdd5353 2009.0/i586/tshark-1.0.6-0.1mdv2009.0.i586.rpm\r\n 3537cea11294e8d1dff87c15b933c622 2009.0/i586/wireshark-1.0.6-0.1mdv2009.0.i586.rpm\r\n c5ef95f5eb5255e10ccc12bcb0c6d77a 2009.0/i586/wireshark-tools-1.0.6-0.1mdv2009.0.i586.rpm \r\n 3efca295d42d9e1686b46ca1c020f8a2 2009.0/SRPMS/wireshark-1.0.6-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 90cffab44fe29d55f527ab4b76b0a0d6 2009.0/x86_64/dumpcap-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n 838159ecdc95655df014d17d04434297 2009.0/x86_64/lib64wireshark0-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n d3dba0b501696a634627540517693b62 2009.0/x86_64/lib64wireshark-devel-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n bf51f59064d3ce3dd2dafd6aaaa889df 2009.0/x86_64/rawshark-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n 3e33480b37b90293e1fd77c33934b9d2 2009.0/x86_64/tshark-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n 6a22be605ea9e2357c8c5f38a1d6cc78 2009.0/x86_64/wireshark-1.0.6-0.1mdv2009.0.x86_64.rpm\r\n a73dd1ee57fee0b886beb0542bdd3baa 2009.0/x86_64/wireshark-tools-1.0.6-0.1mdv2009.0.x86_64.rpm \r\n 3efca295d42d9e1686b46ca1c020f8a2 2009.0/SRPMS/wireshark-1.0.6-0.1mdv2009.0.src.rpm\r\n\r\n Corporate 4.0:\r\n cd40c4762bd0c4b5ffafc5023809ac04 corporate/4.0/i586/dumpcap-1.0.6-0.1.20060mlcs4.i586.rpm\r\n 629aa56a60730449858656e1ea062b84 corporate/4.0/i586/libwireshark0-1.0.6-0.1.20060mlcs4.i586.rpm\r\n e7674da06cff0db774a65d40c8407ce1 corporate/4.0/i586/libwireshark-devel-1.0.6-0.1.20060mlcs4.i586.rpm\r\n 76530bd71bb120b5325f9a09c39a2929 corporate/4.0/i586/rawshark-1.0.6-0.1.20060mlcs4.i586.rpm\r\n baa49a07548d639f2cb19a73c5e0df2f corporate/4.0/i586/tshark-1.0.6-0.1.20060mlcs4.i586.rpm\r\n c08beac1b46a39cbc0a46f0d360ccc40 corporate/4.0/i586/wireshark-1.0.6-0.1.20060mlcs4.i586.rpm\r\n 9e1170ca14c27d0a9b9279eb317743ad corporate/4.0/i586/wireshark-tools-1.0.6-0.1.20060mlcs4.i586.rpm \r\n dccd63a7f0c24d1ccbf5adac0374a460 corporate/4.0/SRPMS/wireshark-1.0.6-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 7d416c1d4b061a7af12eb8ddff174685 corporate/4.0/x86_64/dumpcap-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n 2c08582bff18197181d7021f471235cc corporate/4.0/x86_64/lib64wireshark0-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n 7128168a02a6dd0065d051a23992cdbe corporate/4.0/x86_64/lib64wireshark-devel-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n fee1072986b3bbbcacbe84a5def3513d corporate/4.0/x86_64/rawshark-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n c5a1394098d7c20613c51948b613ea2c corporate/4.0/x86_64/tshark-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n 279ada1e7a929b5df0a2e0813ee37d38 corporate/4.0/x86_64/wireshark-1.0.6-0.1.20060mlcs4.x86_64.rpm\r\n f28beac01c20e5d108d3390c07583918 corporate/4.0/x86_64/wireshark-tools-1.0.6-0.1.20060mlcs4.x86_64.rpm \r\n dccd63a7f0c24d1ccbf5adac0374a460 corporate/4.0/SRPMS/wireshark-1.0.6-0.1.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFJpxmTmqjQ0CJFipgRAvn+AKDefbliY7WKwLriDdVzrbgoh3FkFQCfUqov\r\n/+8NwA5cFnOJqNNg+MVuADw=\r\n=fAWE\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-03-02T00:00:00", "published": "2009-03-02T00:00:00", "id": "SECURITYVULNS:DOC:21402", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21402", "title": "bugtraq@securityfocus.com", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0561", "CVE-2009-0560", "CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "Vulnerabilities on different capture files format parsing.", "edition": 1, "modified": "2009-03-02T00:00:00", "published": "2009-03-02T00:00:00", "id": "SECURITYVULNS:VULN:9702", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9702", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:16", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"], "description": "\nVendor reports:\n\nOn non-Windows systems Wireshark could crash if the HOME\n\t environment variable contained sprintf-style string formatting\n\t characters. Wireshark could crash while reading a malformed\n\t NetScreen snoop file. Wireshark could crash while reading a\n\t Tektronix K12 text capture file.\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2009-02-06T00:00:00", "id": "F6F19735-9245-4918-8A60-87948EBB4907", "href": "https://vuxml.freebsd.org/freebsd/f6f19735-9245-4918-8a60-87948ebb4907.html", "title": "wireshark -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2008-6472", "CVE-2008-5285", "CVE-2009-0599", "CVE-2009-0600", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-4682"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0313\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark read\na malformed packet off a network or opened a malformed dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682,\nCVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600)\n\nUsers of wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.6, and resolve these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027838.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027839.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027689.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027690.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027694.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027697.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027699.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-March/027702.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0313.html", "edition": 6, "modified": "2009-04-20T16:01:27", "published": "2009-03-04T23:33:43", "href": "http://lists.centos.org/pipermail/centos-announce/2009-March/027689.html", "id": "CESA-2009:0313", "title": "wireshark security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:32:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2008-4682", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-5285", "CVE-2008-6472", "CVE-2009-0599", "CVE-2009-0600"], "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nMultiple buffer overflow flaws were found in Wireshark. If Wireshark read\na malformed packet off a network or opened a malformed dump file, it could\ncrash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2008-4683, CVE-2009-0599)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682,\nCVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600)\n\nUsers of wireshark should upgrade to these updated packages, which contain\nWireshark version 1.0.6, and resolve these issues. All running instances of\nWireshark must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-03-04T05:00:00", "id": "RHSA-2009:0313", "href": "https://access.redhat.com/errata/RHSA-2009:0313", "type": "redhat", "title": "(RHSA-2009:0313) Moderate: wireshark security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2008-6472", "CVE-2008-5285", "CVE-2009-0599", "CVE-2009-0600", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-4682"], "description": "[1.0.6-2.0.1.el5_3]\n- Add oracle-ocfs2-network.patch\n[1.0.6-2]\n- bring back pie\n- Resolves: #486551\n[1.0.6-1]\n- various security flaws fixed\n- upgrade to 1.0.6\n- Resolves: #486551", "edition": 4, "modified": "2009-03-04T00:00:00", "published": "2009-03-04T00:00:00", "id": "ELSA-2009-0313", "href": "http://linux.oracle.com/errata/ELSA-2009-0313.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4680", "CVE-2008-4681", "CVE-2009-1268", "CVE-2009-1266", "CVE-2009-1210", "CVE-2008-6472", "CVE-2008-5285", "CVE-2009-1829", "CVE-2009-1269", "CVE-2009-0599", "CVE-2009-0600", "CVE-2008-4683", "CVE-2009-0601", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-4682"], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark: \n\n * David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680). \n * Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681). \n * A malformed Tamos CommView capture file (aka .ncf file) with an \"unknown/unexpected packet type\" triggers a failed assertion in wtap.c (CVE-2008-4682). \n * An unchecked packet length parameter in the dissect_btacl() function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683). \n * A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684). \n * Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931 dissector via certain packets that trigger an exception (CVE-2008-4685). \n * The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285). \n * The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472). \n * babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599). \n * A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600). \n * A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601). \n * THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210). \n * An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266). \n * Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP) (CVE-2009-1268). \n * Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269). \n * The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829).\n\n### Impact\n\nA remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.0.8\"", "modified": "2009-06-30T00:00:00", "published": "2009-06-30T00:00:00", "id": "GLSA-200906-05", "href": "https://security.gentoo.org/glsa/200906-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}