The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

This update also fixes many older less important issues by updating the package to the version found in Debian 8 also known as Jessie.

For Debian 7 'Wheezy', these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u1.

We recommend that you upgrade your wireshark packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Solaris system is missing necessary patches to address security updates :

  - The Bluetooth HCI ACL dissector in Wireshark 1.10.x     before 1.10.2 does not properly maintain a certain free     list, which allows remote attackers to cause a denial of     service (application crash) via a crafted packet that is     not properly handled by the wmem_block_alloc function in     epan/wmem/wmem_allocator_block.c. (CVE-2013-5717)

  - The dissect_nbap_T_dCH_ID function in     epan/dissectors/packet-nbap.c in the NBAP dissector in     Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2     does not restrict the dch_id value, which allows remote     attackers to cause a denial of service (application     crash) via a crafted packet. (CVE-2013-5718)

  - epan/dissectors/packet-assa_r3.c in the ASSA R3     dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x     before 1.10.2 allows remote attackers to cause a denial     of service (infinite loop) via a crafted packet.
    (CVE-2013-5719)

  - Buffer overflow in the RTPS dissector in Wireshark 1.8.x     before 1.8.10 and 1.10.x before 1.10.2 allows remote     attackers to cause a denial of service (application     crash) via a crafted packet. (CVE-2013-5720)

  - The dissect_mq_rr function in     epan/dissectors/packet-mq.c in the MQ dissector in     Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2     does not properly determine when to enter a certain     loop, which allows remote attackers to cause a denial of     service (application crash) via a crafted packet.
    (CVE-2013-5721)

  - Unspecified vulnerability in the LDAP dissector in     Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2     allows remote attackers to cause a denial of service     (application crash) via a crafted packet.
    (CVE-2013-5722)

Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)

The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024)

This update also fixes the following bugs :

* Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712)

* Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021)

* The 'tshark -D' command returned output to STDERR instead of STDOUT, which could break scripts that are parsing the 'tshark -D' output.
This bug has been fixed, and the 'tshark -D' command now writes output data to a correct standard stream. (BZ#1004636)

* Due to an array overrun, Wireshark could experience undefined program behavior or could unexpectedly terminate. With this update, proper array handling ensures Wireshark no longer crashes in the described scenario. (BZ#715560)

* Previously, the dftest and randpkt command line utilities lacked manual pages. This update adds proper manual pages for both utilities.
(BZ#659661)

In addition, this update adds the following enhancements :

* With this update, Wireshark is able to properly dissect and handle InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976)

All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.

This wireshark update to 1.8.10 fixes several security and non security bugs. [bnc#839607]

  + vulnerabilities fixed :

  - The NBAP dissector could crash. wnpa-sec-2013-55     CVE-2013-5718

  - The ASSA R3 dissector could go into an infinite loop.
    wnpa-sec-2013-56 CVE-2013-5719

  - The RTPS dissector could overflow a buffer.
    wnpa-sec-2013-57 CVE-2013-5720

  - The MQ dissector could crash. wnpa-sec-2013-58     CVE-2013-5721

  - The LDAP dissector could crash. wnpa-sec-2013-59     CVE-2013-5722

  - The Netmon file parser could crash. wnpa-sec-2013-60

  + Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.8.10     .html

Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112)

All running instances of Wireshark must be restarted for the update to take effect.

Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112)

All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0341 advisory.

    [1.0.15-6.0.1.el5]
    - Added oracle-ocfs2-network.patch
    - increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]

    [1.0.15-6]
    - security patches
    - Resolves: CVE-2012-6056                 CVE-2012-6060                 CVE-2012-6061                 CVE-2012-6062                 CVE-2013-3557                 CVE-2013-3559                 CVE-2013-4081                 CVE-2013-4083                 CVE-2013-4927                 CVE-2013-4931                 CVE-2013-4932                 CVE-2013-4933                 CVE-2013-4934                 CVE-2013-4935                 CVE-2013-5721                 CVE-2013-7112                 CVE-2014-2281                 CVE-2014-2299

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201312-13 (Wireshark: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Wireshark. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721)

The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes.

This update also fixes the following bugs :

  - Previously, Wireshark did not parse the RECLAIM-COMPLETE     opcode when inspecting traffic generated by NFSv4.1. A     patch has been provided to enable the parsing of the     RECLAIM_COMPLETE opcode, and Wireshark is now able to     properly dissect and handle NFSv4.1 traffic.

  - Prior to this update, frame arrival times in a text file     were reported one hour ahead from the timestamps in the     packet capture file. This resulted in various failures     being reported by the dfilter-test.py test suite. To fix     this bug, frame arrival timestamps have been shifted by     one hour, thus fixing this bug.

  - The 'tshark -D' command returned output to STDERR     instead of STDOUT, which could break scripts that are     parsing the 'tshark -D' output. This bug has been fixed,     and the 'tshark -D' command now writes output data to a     correct standard stream.

  - Due to an array overrun, Wireshark could experience     undefined program behavior or could unexpectedly     terminate. With this update, proper array handling     ensures Wireshark no longer crashes in the described     scenario.

  - Previously, the dftest and randpkt command line     utilities lacked manual pages. This update adds proper     manual pages for both utilities.

In addition, this update adds the following enhancements :

  - With this update, Wireshark is able to properly dissect     and handle InfiniBand and GlusterFS traffic.

All running instances of Wireshark must be restarted for the update to take effect.

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559 , CVE-2013-4083)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392 , CVE-2012-3825 , CVE-2012-4285 , CVE-2012-4288 , CVE-2012-4289 , CVE-2012-4290 , CVE-2012-4291 , CVE-2012-4292 , CVE-2012-5595 , CVE-2012-5597 , CVE-2012-5598 , CVE-2012-5599 , CVE-2012-5600 , CVE-2012-6056 , CVE-2012-6059 , CVE-2012-6060 , CVE-2012-6061 , CVE-2012-6062 , CVE-2013-3557 , CVE-2013-3561 , CVE-2013-4081 , CVE-2013-4927 , CVE-2013-4931 , CVE-2013-4932 , CVE-2013-4933 , CVE-2013-4934 , CVE-2013-4935 , CVE-2013-4936 , CVE-2013-5721)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1569 advisory.

    - Resolves: CVE-2013-4927                 CVE-2013-4931                 CVE-2013-4932                 CVE-2013-4933                 CVE-2013-4934                 CVE-2013-4935                 CVE-2013-3557

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Multiple vulnerabilities was found and corrected in Wireshark :

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5718).

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-5719).

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5720).

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5721).

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5722).

This advisory provides the latest supported version of Wireshark (1.8.10) which is not vulnerable to these issues.

The installed version of Wireshark 1.10 is earlier than 1.10.2.  It is, therefore, affected by denial of service vulnerabilities in the following dissectors :

  - Bluetooth HCI ACL (Bug #8722)
  - NBAP (Bug #9005)
  - NBAP (Bug #9005)
  - ASSA R3 (Bug #9020)
  - RTPS (Bug #9019)
  - MQ (Bug #9079)
  - LDAP (No bug ID)
  - Netmon file parser (Bug #8742)

The installed version of Wireshark 1.8 is earlier than 1.8.10.  It is, therefore, affected by denial of service vulnerabilities in the following dissectors :

  - NBAP (Bug #9005)
  - ASSA R3 (Bug #9020)
  - RTPS (Bug #9019)
  - MQ (Bug #9079)
  - LDAP (No bug ID)
  - Netmon file parser (Bug #8742)

ID	Name	Product	Family	Severity
91395	Debian DLA-497-1 : wireshark security update	Nessus	Debian Local Security Checks	medium
80809	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)	Nessus	Solaris Local Security Checks	medium
79162	CentOS 6 : wireshark (CESA-2013:1569)	Nessus	CentOS Local Security Checks	high
75145	openSUSE Security Update : wireshark (openSUSE-SU-2013:1481-1)	Nessus	SuSE Local Security Checks	medium
73285	Scientific Linux Security Update : wireshark on SL5.x i386/x86_64 (20140331)	Nessus	Scientific Linux Local Security Checks	high
73281	RHEL 5 : wireshark (RHSA-2014:0341)	Nessus	Red Hat Local Security Checks	high
73279	Oracle Linux 5 : wireshark (ELSA-2014-0341)	Nessus	Oracle Linux Local Security Checks	high
73276	CentOS 5 : wireshark (CESA-2014:0341)	Nessus	CentOS Local Security Checks	high
71488	GLSA-201312-13 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
71301	Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20131121)	Nessus	Scientific Linux Local Security Checks	high
71268	Amazon Linux AMI : wireshark (ALAS-2013-251)	Nessus	Amazon Linux Local Security Checks	high
71105	Oracle Linux 6 : wireshark (ELSA-2013-1569)	Nessus	Oracle Linux Local Security Checks	high
71005	RHEL 6 : wireshark (RHSA-2013:1569)	Nessus	Red Hat Local Security Checks	high
70004	Mandriva Linux Security Advisory : wireshark (MDVSA-2013:238)	Nessus	Mandriva Local Security Checks	medium
69881	Wireshark 1.10.x < 1.10.2 Multiple DoS	Nessus	Windows	medium
69880	Wireshark 1.8.x < 1.8.10 Multiple DoS	Nessus	Windows	medium

Detections

Analytics

CVE-2013-5721

high

Tenable Plugins

medium

medium

high

medium

high

high

high

high

medium

high

high

high

high

medium

medium

medium