{"debian": [{"lastseen": "2018-10-16T22:15:09", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2395-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 \n CVE-2012-0067 CVE-2012-0068 \n\nLaurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the \nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of \nWireshark. These are not treated as security issues, but are fixed \nnonetheless if security updates are scheduled: CVE-2011-3483, \nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-27T18:27:11", "published": "2012-01-27T18:27:11", "id": "DEBIAN:DSA-2395-1:01533", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00019.html", "title": "[SECURITY] [DSA 2395-1] wireshark security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2395-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJanuary 27, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : wireshark\r\nVulnerability : buffer underflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 \r\n CVE-2012-0067 CVE-2012-0068 \r\n\r\nLaurent Butti discovered a buffer underflow in the LANalyzer dissector\r\nof the Wireshark network traffic analyzer, which could lead to the \r\nexecution of arbitrary code (CVE-2012-0068)\r\n\r\nThis update also addresses several bugs, which can lead to crashes of \r\nWireshark. These are not treated as security issues, but are fixed \r\nnonetheless if security updates are scheduled: CVE-2011-3483, \r\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.2.11-6+squeeze6.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.6.5-1.\r\n\r\nWe recommend that you upgrade your wireshark packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk8i6FwACgkQXm3vHE4uylrDkQCg5khLjhIkYAbItri576Q4ufHt\r\nBFwAnjQINWnTLRDCg3CLlZOX6ke/Wn3T\r\n=o4sR\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "SECURITYVULNS:DOC:27668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27668", "title": "[SECURITY] [DSA 2395-1] wireshark security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "DoS on different protocols dissectors, unsafe dynamic library loading.", "modified": "2011-10-01T00:00:00", "published": "2011-10-01T00:00:00", "id": "SECURITYVULNS:VULN:11932", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11932", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:138\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : September 28, 2011\r\n Affected: 2011.\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n This advisory updates wireshark to the latest version (1.6.2), fixing\r\n several security issues:\r\n \r\n Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9\r\n and 1.6.x before 1.6.2 allows local users to gain privileges via a\r\n Trojan horse Lua script in an unspecified directory (CVE-2011-3360).\r\n \r\n The csnStreamDissector function in epan/dissectors/packet-csn1.c in the\r\n CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize\r\n a certain structure member, which allows remote attackers to cause\r\n a denial of service (application crash) via a malformed packet\r\n (CVE-2011-3482).\r\n \r\n Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a\r\n denial of service (application crash) via a malformed capture file\r\n that leads to an invalid root tvbuff, related to a buffer exception\r\n handling vulnerability. (CVE-2011-3483).\r\n \r\n The unxorFrame function in epan/dissectors/packet-opensafety.c in the\r\n OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly\r\n validate a certain frame size, which allows remote attackers to cause\r\n a denial of service (loop and application crash) via a malformed packet\r\n (CVE-2011-3484).\r\n \r\n The updated packages have been upgraded to the latest 1.6.x version\r\n (1.6.2) which is not vulnerable to these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3360\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3482\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3483\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3484\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 55aa0f5494417548c9b5d76369ec09b5 2011/i586/dumpcap-1.6.2-0.1-mdv2011.0.i586.rpm\r\n eb340d2c623987d48f6287b1b9362be9 2011/i586/libwireshark1-1.6.2-0.1-mdv2011.0.i586.rpm\r\n 6c328e45272e4819142f099bbef88ae5 2011/i586/libwireshark-devel-1.6.2-0.1-mdv2011.0.i586.rpm\r\n 86783d11f12d80557780e11d3fa340aa 2011/i586/rawshark-1.6.2-0.1-mdv2011.0.i586.rpm\r\n 2cc67ce95bcdae903e3b81d89f43b528 2011/i586/tshark-1.6.2-0.1-mdv2011.0.i586.rpm\r\n f98ea021b7acedb89387a4a14dc85883 2011/i586/wireshark-1.6.2-0.1-mdv2011.0.i586.rpm\r\n b68deda2c0d7f5601194dd90cb67223c 2011/i586/wireshark-tools-1.6.2-0.1-mdv2011.0.i586.rpm \r\n effc2d606f22211c1d886df087493f10 2011/SRPMS/wireshark-1.6.2-0.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n cd242e586f1595156c8d7b7f2ede1784 2011/x86_64/dumpcap-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n 2ee6685193f2743d34e3d828d06d4e27 2011/x86_64/lib64wireshark1-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n 983243fe7e43a6bdecf509a0582b46c4 2011/x86_64/lib64wireshark-devel-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n a49dc5932987a9f8e0a01618355f230d 2011/x86_64/rawshark-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n 85eece15ac6512c1d54d448003b55003 2011/x86_64/tshark-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n ef09a3b31017149c978cf5fef5852895 2011/x86_64/wireshark-1.6.2-0.1-mdv2011.0.x86_64.rpm\r\n 6970bdce130126c9041c17be46474705 2011/x86_64/wireshark-tools-1.6.2-0.1-mdv2011.0.x86_64.rpm \r\n effc2d606f22211c1d886df087493f10 2011/SRPMS/wireshark-1.6.2-0.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFOg09TmqjQ0CJFipgRAmAYAKDRSnbGrlIe/KQwXXTluvf/ypIibACgtnT7\r\nmCfyYoZw9stb46aVBsib12o=\r\n=zz4H\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-01T00:00:00", "published": "2011-10-01T00:00:00", "id": "SECURITYVULNS:DOC:27088", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27088", "title": "[ MDVSA-2011:138 ] wireshark", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70713", "id": "OPENVAS:70713", "title": "Debian Security Advisory DSA 2395-1 (wireshark)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2395_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2395-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202395-1\";\n\nif(description)\n{\n script_id(70713);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:37 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2395-1 (wireshark)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.", "modified": "2018-04-06T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070713", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070713", "title": "Debian Security Advisory DSA 2395-1 (wireshark)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2395_1.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from advisory DSA 2395-1 (wireshark)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068)\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"The remote host is missing an update to wireshark\nannounced via advisory DSA 2395-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202395-1\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70713\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:37 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2395-1 (wireshark)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.2.11-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:43:23", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-23T00:00:00", "id": "OPENVAS:1361412562310802761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802761", "title": "Wireshark Multiple Vulnerabilities - April 12 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win_apr12.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities - April 12 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802761\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-23 18:33:55 +0530 (Mon, 23 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities - April 12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47494/\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:53", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-04-14T00:00:00", "published": "2012-04-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802761", "id": "OPENVAS:802761", "title": "Wireshark Multiple Vulnerabilities - April 12 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_win_apr12.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Wireshark Multiple Vulnerabilities - April 12 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Windows\";\ntag_insight = \"The flaws are due to\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802761);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-23 18:33:55 +0530 (Mon, 23 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities - April 12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47494/\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_require_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check for vulnerable Wireshark versions\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:43:51", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-04-24T00:00:00", "id": "OPENVAS:1361412562310802764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802764", "title": "Wireshark Multiple Vulnerabilities (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_macosx.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Wireshark Multiple Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802764\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-24 15:23:18 +0530 (Tue, 24 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47494/\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:44", "bulletinFamily": "scanner", "description": "This host is installed with Wireshark and is prone to multiple\n vulnerabilities.", "modified": "2017-04-11T00:00:00", "published": "2012-04-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802764", "id": "OPENVAS:802764", "title": "Wireshark Multiple Vulnerabilities (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_vuln_macosx.nasl 5931 2017-04-11 09:02:04Z teissa $\n#\n# Wireshark Multiple Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Wireshark versions 1.4.x before 1.4.11 and 1.6.x before 1.6.5 on Mac OS X\";\ntag_insight = \"The flaws are due to\n - NULL pointer dereference errors when reading certain packet information\n can be exploited to cause a crash.\n - An error within the RLC dissector can be exploited to cause a buffer\n overflow via a specially crafted RLC packet capture file.\n - An error within the 'lanalyzer_read()' function (wiretap/lanalyzer.c) when\n parsing LANalyzer files can be exploited to cause a heap-based buffer\n underflow.\";\ntag_solution = \"Upgrade to the Wireshark version 1.4.11, 1.6.5 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802764);\n script_version(\"$Revision: 5931 $\");\n script_cve_id(\"CVE-2012-0068\", \"CVE-2012-0067\", \"CVE-2012-0066\", \"CVE-2012-0043\",\n \"CVE-2012-0042\", \"CVE-2012-0041\");\n script_bugtraq_id(51710, 51368);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-24 15:23:18 +0530 (Tue, 24 Apr 2012)\");\n script_name(\"Wireshark Multiple Vulnerabilities (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47494/\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_require_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(!sharkVer){\n exit(0);\n}\n\n## Check for vulnerable Wireshark versions\nif(version_in_range(version:sharkVer, test_version:\"1.4.0\", test_version2:\"1.4.10\") ||\n version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.4\")) {\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-08T12:45:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070748", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070748", "title": "FreeBSD Ports: wireshark", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_wireshark6.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70748\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n wireshark\n wireshark-lite\n tshark\n tshark-lite\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-21T00:00:00", "published": "2012-02-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70748", "id": "OPENVAS:70748", "title": "FreeBSD Ports: wireshark", "type": "openvas", "sourceData": "#\n#VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3ebb2dc8-4609-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n wireshark\n wireshark-lite\n tshark\n tshark-lite\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wireshark.org/security/wnpa-sec-2012-01.html\nhttp://www.wireshark.org/security/wnpa-sec-2012-02.html\nhttp://www.wireshark.org/security/wnpa-sec-2012-03.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\nhttp://www.vuxml.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70748);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_version(\"$Revision: 5999 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: wireshark\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"wireshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"wireshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package wireshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tshark\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tshark-lite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>=0 && revcomp(a:bver, b:\"1.4.11\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.0\")>=0 && revcomp(a:bver, b:\"1.6.5\")<0) {\n txt += 'Package tshark-lite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:46", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-04-06T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863898", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863898", "title": "Fedora Update for wireshark FEDORA-2012-0435", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2012-0435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072237.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863898\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:46 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_xref(name: \"FEDORA\", value: \"2012-0435\");\n script_name(\"Fedora Update for wireshark FEDORA-2012-0435\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.6.5~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:25", "bulletinFamily": "scanner", "description": "Check for the Version of wireshark", "modified": "2018-02-03T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:1361412562310863701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863701", "title": "Fedora Update for wireshark FEDORA-2012-0440", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2012-0440\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\n This package lays base for libpcap, a packet capture and filtering\n library, contains command-line utilities, contains plugins and\n documentation for wireshark. A graphical user interface is packaged\n separately to GTK+ package.\";\n\ntag_affected = \"wireshark on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072409.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863701\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8649 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:43 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:14 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_xref(name: \"FEDORA\", value: \"2012-0440\");\n script_name(\"Fedora Update for wireshark FEDORA-2012-0440\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.4.11~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:56", "bulletinFamily": "scanner", "description": "Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068 ).\n\nThis update also addresses several bugs, which can lead to crashes of Wireshark. These are not treated as security issues, but are fixed nonetheless if security updates are scheduled: CVE-2011-3483, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2395.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57735", "published": "2012-01-31T00:00:00", "title": "Debian DSA-2395-1 : wireshark - buffer underflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2395. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57735);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-3483\", \"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n script_xref(name:\"DSA\", value:\"2395\");\n\n script_name(english:\"Debian DSA-2395-1 : wireshark - buffer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068 ).\n\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2395\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tshark\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-common\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dbg\", reference:\"1.2.11-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wireshark-dev\", reference:\"1.2.11-6+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:57", "bulletinFamily": "scanner", "description": "Wireshark version 1.4.11 fixes several security issues", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-123.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74551", "title": "openSUSE Security Update : wireshark (openSUSE-2012-123)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-123.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74551);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-2012-123)\");\n script_summary(english:\"Check for the openSUSE-2012-123 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Wireshark version 1.4.11 fixes several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-debuginfo-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-debugsource-1.4.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"wireshark-devel-1.4.11-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:54", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - 741187: multiple file parser vulnerabilities (CVE-2012-0041)\n\n - 741188: RLC dissector buffer overflow (CVE-2012-0043)\n\n - 741190: NULL pointer vulnerabilities (CVE-2012-0042)\n\n - CVE-2012-0066: DoS due to too large buffer alloc request\n\n - CVE-2012-0067: DoS due to integer underflow and too large buffer alloc. request\n\n - CVE-2012-0068: memory corruption due to buffer underflow", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_4_WIRESHARK-120201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76047", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update wireshark-5742.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76047);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)\");\n script_summary(english:\"Check for the wireshark-5742 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - 741187: multiple file parser vulnerabilities\n (CVE-2012-0041)\n\n - 741188: RLC dissector buffer overflow (CVE-2012-0043)\n\n - 741190: NULL pointer vulnerabilities (CVE-2012-0042)\n\n - CVE-2012-0066: DoS due to too large buffer alloc request\n\n - CVE-2012-0067: DoS due to integer underflow and too\n large buffer alloc. request\n\n - CVE-2012-0068: memory corruption due to buffer underflow\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00058.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debuginfo-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-debugsource-1.4.11-0.2.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"wireshark-devel-1.4.11-0.2.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:08", "bulletinFamily": "scanner", "description": "This version upgrade of wireshark to 1.4.11 fixes the following security issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally, various other non-security issues were resolved.\n (CVE-2012-0068)", "modified": "2012-05-17T00:00:00", "id": "SUSE_WIRESHARK-7943.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58117", "published": "2012-02-24T00:00:00", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58117);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:27:19 $\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0068.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7943.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.4.11-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.4.11-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.4.11-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:52", "bulletinFamily": "scanner", "description": "The installed version of Wireshark is 1.4.x before 1.4.11. This version is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', 'iptrace', 'netmon2' and 'novell' packets that can lead to application crashes. (Issues #6663, 6666, 6667, 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing of certain packets that can lead to a NULL pointer dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)", "modified": "2018-11-15T00:00:00", "id": "WIRESHARK_1_4_11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57538", "published": "2012-01-13T00:00:00", "title": "Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57538);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2012-0041\",\n \"CVE-2012-0042\",\n \"CVE-2012-0043\",\n \"CVE-2012-0066\",\n \"CVE-2012-0067\",\n \"CVE-2012-0068\"\n );\n script_bugtraq_id(51368, 51710);\n\n script_name(english:\"Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.4.x before 1.4.11. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.4.11.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.securityfocus.com/vulnerabilities/exploits/51710.zip\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.4.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.4($|\\.([0-9]|10))($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.4.11\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:18", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. (CVE-2012-0041)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.\n (CVE-2012-0042)\n\n - Buffer overflow in the reassemble_message function in epan/dissectors/ packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. (CVE-2012-0043)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. (CVE-2012-0066)\n\n - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. (CVE-2012-0067)\n\n - The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small. (CVE-2012-0068)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_WIRESHARK_20120404.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80801", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80801);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The dissect_packet function in epan/packet.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a capture file,\n as demonstrated by an airopeek file. (CVE-2012-0041)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n does not properly perform certain string conversions,\n which allows remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a crafted packet, related to epan/to_str.c.\n (CVE-2012-0042)\n\n - Buffer overflow in the reassemble_message function in\n epan/dissectors/ packet-rlc.c in the RLC dissector in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a series of fragmented RLC packets. (CVE-2012-0043)\n\n - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a long packet in a (1) Accellent\n 5Views (aka .5vw) file, (2) I4B trace file, or (3)\n NETMON 2 capture file. (CVE-2012-0066)\n\n - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and\n 1.6.x before 1.6.5 allows remote attackers to cause a\n denial of service (application crash) via a long packet\n in an AIX iptrace file. (CVE-2012-0067)\n\n - The lanalyzer_read function in wiretap/lanalyzer.c in\n Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5\n allows remote attackers to cause a denial of service\n (application crash) via a Novell catpure file containing\n a record that is too small. (CVE-2012-0068)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-vulnerabilities-in-wireshark\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e9c113c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 04.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wireshark\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wireshark$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.5.0\", sru:\"SRU 4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wireshark\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wireshark\");\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:52", "bulletinFamily": "scanner", "description": "The installed version of Wireshark is 1.6.x before 1.6.5. This version is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', 'iptrace', 'netmon2' and 'novell' packets that can lead to application crashes. (Issues #6663, 6666, 6667, 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing of certain packets that can lead to a NULL pointer dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)", "modified": "2018-11-15T00:00:00", "id": "WIRESHARK_1_6_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57539", "published": "2012-01-13T00:00:00", "title": "Wireshark 1.6.x < 1.6.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57539);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2012-0041\",\n \"CVE-2012-0042\",\n \"CVE-2012-0043\",\n \"CVE-2012-0066\",\n \"CVE-2012-0067\",\n \"CVE-2012-0068\"\n );\n script_bugtraq_id(51368, 51710);\n\n script_name(english:\"Wireshark 1.6.x < 1.6.5 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark is 1.6.x before 1.6.5. This\nversion is affected by the following vulnerabilities :\n\n - Errors exist in the parsers for '5views', 'i4b', \n 'iptrace', 'netmon2' and 'novell' packets that can lead\n to application crashes. (Issues #6663, 6666, 6667,\n 6668, 6669, 6670)\n\n - An unspecified error exists in the display processing \n of certain packets that can lead to a NULL pointer \n dereference. (Issue #6634)\n\n - A buffer overflow exists in the 'RLC' dissector.\n (Issue #6391)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/security/wnpa-sec-2012-03.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.securityfocus.com/vulnerabilities/exploits/51710.zip\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.6($|\\.[0-4])($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.6.5\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance' + s + ' installed :\\n' +\n '\\n' + info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:08", "bulletinFamily": "scanner", "description": "This version upgrade of wireshark to 1.4.11 fixes the following security issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally, various other non-security issues were resolved.\n (CVE-2012-0068)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_WIRESHARK-120131.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58115", "published": "2012-02-24T00:00:00", "title": "SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58115);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:05 $\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of wireshark to 1.4.11 fixes the following\nsecurity issues :\n\n - RLC dissector buffer overflow. (CVE-2012-0043)\n\n - multiple file parser vulnerabilities. (CVE-2012-0041)\n\n - NULL pointer vulnerabilities. (CVE-2012-0042)\n\n - DoS due to too large buffer alloc request.\n (CVE-2012-0066)\n\n - DoS due to integer underflow and too large buffer alloc.\n request. (CVE-2012-0067)\n\n - memory corruption due to buffer underflow Additionally,\n various other non-security issues were resolved.\n (CVE-2012-0068)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0068.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"wireshark-1.4.11-0.2.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:54", "bulletinFamily": "scanner", "description": "Wireshark reports :\n\nLaurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats\n\nWireshark could dereference a NULL pointer and crash.\n\nThe RLC dissector could overflow a buffer.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_3EBB2DC8460911E19F4700E0815B8DA8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57646", "published": "2012-01-24T00:00:00", "title": "FreeBSD : Wireshark -- Multiple vulnerabilities (3ebb2dc8-4609-11e1-9f47-00e0815b8da8)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57646);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0066\", \"CVE-2012-0067\", \"CVE-2012-0068\");\n\n script_name(english:\"FreeBSD : Wireshark -- Multiple vulnerabilities (3ebb2dc8-4609-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark reports :\n\nLaurent Butti discovered that Wireshark failed to properly check\nrecord sizes for many packet capture file formats\n\nWireshark could dereference a NULL pointer and crash.\n\nThe RLC dissector could overflow a buffer.\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-01.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-02.html\"\n );\n # http://www.wireshark.org/security/wnpa-sec-2012-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.wireshark.org/security/wnpa-sec-2012-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391\"\n );\n # https://vuxml.freebsd.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0ceafae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wireshark-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wireshark>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wireshark-lite>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark>=1.6.0<1.6.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark-lite>=1.4<1.4.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tshark-lite>=1.6.0<1.6.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:53", "bulletinFamily": "scanner", "description": "The following vulnerabilities have been fixed.\n\nwnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to properly record sizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2012-0435.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57624", "published": "2012-01-23T00:00:00", "title": "Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0435.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57624);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2012-0041\", \"CVE-2012-0042\", \"CVE-2012-0043\");\n script_bugtraq_id(51368);\n script_xref(name:\"FEDORA\", value:\"2012-0435\");\n\n script_name(english:\"Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been fixed.\n\nwnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to\nproperly record sizes for many packet capture file formats.\n\nwnpa-sec-2012-02 Wireshark could dereference a NULL pointer and crash\n\nwnpa-sec-2012-03 The RLC dissector could overflow a buffer\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773729\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0173046\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"wireshark-1.6.5-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-09-19T13:37:54", "bulletinFamily": "NVD", "description": "Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a \"buffer exception handling vulnerability.\"", "modified": "2017-09-18T21:33:58", "published": "2011-09-20T06:55:05", "id": "CVE-2011-3483", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3483", "title": "CVE-2011-3483", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:07", "bulletinFamily": "NVD", "description": "The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.", "modified": "2017-09-18T21:34:28", "published": "2012-04-11T06:39:25", "id": "CVE-2012-0041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0041", "title": "CVE-2012-0041", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:07", "bulletinFamily": "NVD", "description": "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.", "modified": "2017-09-18T21:34:28", "published": "2012-04-11T06:39:25", "id": "CVE-2012-0042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0042", "title": "CVE-2012-0042", "type": "cve", "cvss": {"score": 2.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:27:40", "bulletinFamily": "NVD", "description": "The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.", "modified": "2017-09-26T21:29:00", "published": "2012-04-11T06:39:25", "id": "CVE-2012-0068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0068", "title": "CVE-2012-0068", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:07", "bulletinFamily": "NVD", "description": "wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.", "modified": "2017-09-18T21:34:29", "published": "2012-04-11T06:39:25", "id": "CVE-2012-0067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0067", "title": "CVE-2012-0067", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:07", "bulletinFamily": "NVD", "description": "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.", "modified": "2017-09-18T21:34:28", "published": "2012-04-11T06:39:25", "id": "CVE-2012-0066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0066", "title": "CVE-2012-0066", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:10", "bulletinFamily": "unix", "description": "\nWireshark reports:\n\nLaurent Butti discovered that Wireshark failed to properly check\n\t record sizes for many packet capture file formats\nWireshark could dereference a NULL pointer and crash.\nThe RLC dissector could overflow a buffer.\n\n", "modified": "2010-01-10T00:00:00", "published": "2010-01-10T00:00:00", "id": "3EBB2DC8-4609-11E1-9F47-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html", "title": "Wireshark -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:07", "bulletinFamily": "unix", "description": "Wireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n", "modified": "2017-09-08T12:15:55", "published": "2013-01-08T05:00:00", "id": "RHSA-2013:0125", "href": "https://access.redhat.com/errata/RHSA-2013:0125", "type": "redhat", "title": "(RHSA-2013:0125) Moderate: wireshark security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:40:59", "bulletinFamily": "unix", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:26", "published": "2012-04-23T04:00:00", "id": "RHSA-2012:0509", "href": "https://access.redhat.com/errata/RHSA-2012:0509", "type": "redhat", "title": "(RHSA-2012:0509) Moderate: wireshark security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:32", "bulletinFamily": "unix", "description": "[1.0.15-5.0.1.el5]\r\n- Added oracle-ocfs2-network.patch\r\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\r\n \n[1.0.15-5]\r\n- fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290\r\n (#849521)\r\n \n[1.0.15-4]\r\n- fixed NetDump dissector (#484999)\r\n \n[1.0.15-3]\r\n- fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066\r\n CVE-2012-0067\r\n \n[1.0.15-2]\r\n- fixed tshark -s option (#580513)\r\n- fixed tshark exit code when dumpcap fails (#580510)\r\n- fixed editing of columns in Wireshark preferences (#493693)\r\n- added netdump protocol dissector (#484999)\r\n- fixed tshark / Wireshark automatic filter when started in ssh connection\r\n over IPv6 (#438473)", "modified": "2013-01-11T00:00:00", "published": "2013-01-11T00:00:00", "id": "ELSA-2013-0125", "href": "http://linux.oracle.com/errata/ELSA-2013-0125.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:36", "bulletinFamily": "unix", "description": "[1.2.15-2.0.1.el6_2.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.2.15-2.1]\n- security patches\n- Resolves: CVE-2011-1143\n CVE-2011-1590\n CVE-2011-1957\n CVE-2011-1959\n CVE-2011-2174\n CVE-2011-2175 CVE-2011-1958\n CVE-2011-2597 CVE-2011-2698\n CVE-2011-4102\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\n CVE-2012-0042\n CVE-2012-1595", "modified": "2012-04-23T00:00:00", "published": "2012-04-23T00:00:00", "id": "ELSA-2012-0509", "href": "http://linux.oracle.com/errata/ELSA-2012-0509.html", "title": "wireshark security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:08", "bulletinFamily": "unix", "description": "[1.8.10-4.0.1.el6]\r\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\r\n \n[1.8.10-4]\r\n- fix memory leak when reassemblying a packet\r\n- Related: #711024\r\n \n[1.8.10-3]\r\n- fix config.h conflict\r\n- Related: #711024\r\n \n[1.8.10-2]\r\n- do not configure with setcap-install\r\n- Related: #711024\r\n \n[1.8.10-1]\r\n- upgrade to 1.8.10\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html\r\n- Related: #711024\r\n \n[1.8.8-10]\r\n- fix consolehelper path for dumpcap\r\n- Related: #711024\r\n \n[1.8.8-9]\r\n- fix dumpcap group\r\n- Related: #711024\r\n \n[1.8.8-8]\r\n- fix tshark output streams and formatting for -L, -D\r\n- Resolves: #1004636\r\n \n[1.8.8-7]\r\n- fix double free in wiretap/netmon.c\r\n- Related: #711024\r\n \n[1.8.8-6]\r\n- security patches\r\n- Resolves: CVE-2013-4927\r\n CVE-2013-4931\r\n CVE-2013-4932\r\n CVE-2013-4933\r\n CVE-2013-4934\r\n CVE-2013-4935\r\n CVE-2013-3557\r\n \n[1.8.8-5]\r\n- fix desktop file\r\n- Related: #711024\r\n \n[1.8.8-4]\r\n- fix tap-iostat buffer overflow\r\n- fix dcom string overrun\r\n- fix sctp bytes graph crash\r\n- fix airpcap dialog crash\r\n- Related: #711024\r\n \n[1.8.8-3]\r\n- fix dumpcap privileges to 755\r\n- Related: #711024\r\n \n[1.8.8-2]\r\n- new sources\r\n- Related: #711024\r\n \n[1.8.8-1]\r\n- upgrade to 1.8.8\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\r\n- Resolves: #711024\r\n- Resolves: #858976\r\n- Resolves: #699636\r\n- Resolves: #750712\r\n- Resolves: #832021\r\n- Resolves: #889346\r\n- Resolves: #659661\r\n- Resolves: #715560\r\n \n[1.2.15-3]\r\n- security patches\r\n- Resolves: CVE-2011-1143\r\n CVE-2011-1590\r\n CVE-2011-1957\r\n CVE-2011-1959\r\n CVE-2011-2174\r\n CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2597 CVE-2011-2698\r\n CVE-2011-4102\r\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\r\n CVE-2012-0042\r\n CVE-2012-1595", "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "ELSA-2013-1569", "href": "http://linux.oracle.com/errata/ELSA-2013-1569.html", "title": "wireshark security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2018-03-09T11:46:07", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0125\n\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019123.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000457.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0125.html", "modified": "2013-01-11T13:19:17", "published": "2013-01-09T19:42:29", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019123.html", "id": "CESA-2013:0125", "title": "wireshark security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0509\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0509.html", "modified": "2012-04-24T10:27:48", "published": "2012-04-24T10:27:48", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018591.html", "id": "CESA-2012:0509", "title": "wireshark security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "msvr": [{"lastseen": "2016-09-04T11:12:54", "bulletinFamily": "software", "description": "#### Executive Summary\n\nMicrosoft is providing notification of the discovery and remediation of a vulnerability affecting Wireshark version 1.6.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Wireshark. Wireshark has remediated the vulnerability in their software.\n\nA vulnerability exists in the way that Wireshark handles specially crafted packets which may allow for remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nMicrosoft Vulnerability Research reported this issue to and coordinated with Wireshark to ensure remediation of this issue. The vulnerability has been assigned the entry, CVE-2011-3483, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Wireshark, see the [Wireshark download page](<http://www.wireshark.org/download.html>).\n\n#### Mitigating Factors\n\n * The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.\n * In a Web-based attack scenario, an attacker could host a Web site that contains a specially crafted file that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker\u2019s Web site, and then convince them to open the specially crafted file.\n * An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "MSVR11-013", "href": "https://technet.microsoft.com/en-us/library/security/msvr11-013", "title": "Vulnerability in Wireshark Could Allow Remote Code Execution", "type": "msvr", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T02:48:22", "bulletinFamily": "exploit", "description": "Wireshark 1.6.1 Malformed Packet Trace File Remote Denial of Service Vulnerability. CVE-2011-3483. Dos exploit for windows platform", "modified": "2011-09-08T00:00:00", "published": "2011-09-08T00:00:00", "id": "EDB-ID:36128", "href": "https://www.exploit-db.com/exploits/36128/", "type": "exploitdb", "title": "Wireshark <= 1.6.1 - Malformed Packet Trace File Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/49521/info\r\n\r\nWireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain files.\r\n\r\nSuccessful exploits may allow attackers to crash the affected application, denying service to legitimate users.\r\n\r\nWireshark 1.4.0 to 1.4.8 and 1.6.0 to 1.6.1 are vulnerable. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36128.pcap", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36128/"}, {"lastseen": "2016-02-04T03:57:01", "bulletinFamily": "exploit", "description": "Wireshark Buffer Underflow and Denial of Service Vulnerabilities. CVE-2012-0067. Dos exploit for linux platform", "modified": "2012-01-10T00:00:00", "published": "2012-01-10T00:00:00", "id": "EDB-ID:36633", "href": "https://www.exploit-db.com/exploits/36633/", "type": "exploitdb", "title": "Wireshark - Buffer Underflow and Denial of Service Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/51710/info\r\n\r\nWireshark is prone to a buffer-underflow vulnerability and multiple denial-of-service vulnerabilities.\r\n\r\nRemote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.\r\n\r\nWireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36633.zip", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36633/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:49", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.10.1\"\n \n\nAll Wireshark 1.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.8.9\"", "modified": "2013-08-30T00:00:00", "published": "2013-08-28T00:00:00", "id": "GLSA-201308-05", "href": "https://security.gentoo.org/glsa/201308-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "modified": "2011-10-09T00:00:00", "published": "2011-10-09T00:00:00", "id": "GLSA-201110-02", "href": "https://security.gentoo.org/glsa/201110-02", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}