Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:B5E20E3B9EF32958EB2696B6A9976866
HistoryNov 25, 2011 - 12:00 a.m.

Wireshark Lua Untrusted Search Path vulnerability

2011-11-2500:00:00
SAINT Corporation
www.saintcorporation.com
19

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 11/25/2011
CVE: CVE-2011-3360
BID: 49528
OSVDB: 75347

Background

Wireshark is a network packet analyzer.

Problem

A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark’s search path.

Resolution

Upgrade to Wireshark 1.4.9 or 1.6.2 or higher.

References

<http://www.wireshark.org/security/wnpa-sec-2011-15.html&gt;

Limitations

Exploit works on Wireshark 1.6.0 and requires a user to open the PCAP file on the specified network share.

The smbclient program must be available on the SAINTexploit host.

Platforms

Windows

Related

openvas 8
ubuntucve 1
saint 3
packetstorm 1
debian 1
cve 1
checkpoint_advisories 1
nessus 11
d2 1
msvr 1
debiancve 1
prion 1
securityvulns 2
gentoo 1
openvas
openvas
Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows)
2011-10-04 00:00:00
Wireshark Lua Script File Arbitrary Code Execution Vulnerability - Windows
2011-10-04 00:00:00
Debian Security Advisory DSA 2324-1 (wireshark)
2012-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2011-3360
2011-09-20 00:00:00
saint
saint
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
packetstorm
packetstorm
Wireshark 1.6 console.lua Pre-Load / Execution
2011-11-20 00:00:00
debian
debian
[SECURITY] [DSA 2324-1] wireshark security update
2011-10-20 19:45:59
cve
cve
CVE-2011-3360
2011-09-20 10:55:00
checkpoint_advisories
checkpoint_advisories
Wireshark Insecure Search Path Script Execution (CVE-2011-3360)
2012-03-26 00:00:00
nessus
nessus
Debian DSA-2324-1 : wireshark - programming error
2011-10-21 00:00:00
Wireshark 1.4.x < 1.4.9 Multiple Vulnerabilities
2011-09-12 00:00:00
Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in)
2015-01-19 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_WIRESHARK
2011-09-20 10:55:00
msvr
msvr
Vulnerability in Wireshark Allows For Arbitrary Script Execution
2011-11-15 00:00:00
debiancve
debiancve
CVE-2011-3360
2011-09-20 10:55:00
prion
prion
Design/Logic Flaw
2011-09-20 10:55:00
securityvulns
securityvulns
Wireshark multiple security vulnerabilities
2011-10-01 00:00:00
[ MDVSA-2011:138 ] wireshark
2011-10-01 00:00:00
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2011-10-09 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:B5E20E3B9EF32958EB2696B6A9976866
openvas8ubuntucve1saint3packetstorm1debian1cve1checkpoint_advisories1nessus11d21msvr1debiancve1prion1securityvulns2gentoo1