Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C61D82E1371C39F4874340BB0FDB31BD
HistoryNov 25, 2011 - 12:00 a.m.

Wireshark Lua Untrusted Search Path vulnerability

2011-11-2500:00:00
SAINT Corporation
my.saintcorporation.com
17

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 11/25/2011
CVE: CVE-2011-3360
BID: 49528
OSVDB: 75347

Background

Wireshark is a network packet analyzer.

Problem

A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark’s search path.

Resolution

Upgrade to Wireshark 1.4.9 or 1.6.2 or higher.

References

<http://www.wireshark.org/security/wnpa-sec-2011-15.html&gt;

Limitations

Exploit works on Wireshark 1.6.0 and requires a user to open the PCAP file on the specified network share.

The smbclient program must be available on the SAINTexploit host.

Platforms

Windows

Related

openvas 8
ubuntucve 1
saint 3
packetstorm 1
debian 1
cve 1
prion 1
checkpoint_advisories 1
nessus 11
msvr 1
debiancve 1
d2 1
securityvulns 2
gentoo 1
openvas
openvas
Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows)
2011-10-04 00:00:00
Wireshark Lua Script File Arbitrary Code Execution Vulnerability - Windows
2011-10-04 00:00:00
Debian Security Advisory DSA 2324-1 (wireshark)
2012-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2011-3360
2011-09-20 00:00:00
saint
saint
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
Wireshark Lua Untrusted Search Path vulnerability
2011-11-25 00:00:00
packetstorm
packetstorm
Wireshark 1.6 console.lua Pre-Load / Execution
2011-11-20 00:00:00
debian
debian
[SECURITY] [DSA 2324-1] wireshark security update
2011-10-20 19:45:59
cve
cve
CVE-2011-3360
2011-09-20 10:55:00
prion
prion
Design/Logic Flaw
2011-09-20 10:55:00
checkpoint_advisories
checkpoint_advisories
Wireshark Insecure Search Path Script Execution (CVE-2011-3360)
2012-03-26 00:00:00
nessus
nessus
Debian DSA-2324-1 : wireshark - programming error
2011-10-21 00:00:00
Wireshark 1.4.x < 1.4.9 Multiple Vulnerabilities
2011-09-12 00:00:00
Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in)
2015-01-19 00:00:00
msvr
msvr
Vulnerability in Wireshark Allows For Arbitrary Script Execution
2011-11-15 00:00:00
debiancve
debiancve
CVE-2011-3360
2011-09-20 10:55:00
d2
d2
DSquare Exploit Pack: D2SEC_WIRESHARK
2011-09-20 10:55:00
securityvulns
securityvulns
[ MDVSA-2011:138 ] wireshark
2011-10-01 00:00:00
Wireshark multiple security vulnerabilities
2011-10-01 00:00:00
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2011-10-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:C61D82E1371C39F4874340BB0FDB31BD
openvas8ubuntucve1saint3packetstorm1debian1cve1prion1checkpoint_advisories1nessus11msvr1debiancve1d21securityvulns2gentoo1