The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

This update also fixes many older less important issues by updating the package to the version found in Debian 8 also known as Jessie.

For Debian 7 'Wheezy', these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u1.

We recommend that you upgrade your wireshark packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Solaris system is missing necessary patches to address security updates :

  - The dissect_sip_common function in     epan/dissectors/packet-sip.c in the SIP dissector in     Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4     does not check for empty lines, which allows remote     attackers to cause a denial of service (infinite loop)     via a crafted packet. (CVE-2013-7112)

  - Multiple buffer overflows in the create_ntlmssp_v2_key     function in epan/ dissectors/packet-ntlmssp.c in the     NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12     and 1.10.x before 1.10.4 allow remote attackers to cause     a denial of service (application crash) via a long     domain name in a packet. (CVE-2013-7114)

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-2281 , CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2013-6336 , CVE-2013-6337 , CVE-2013-6338 , CVE-2013-6339 , CVE-2013-6340 , CVE-2014-2283 , CVE-2013-7112 , CVE-2013-7114)

- update to 1.10.5

  + bugs fixed :

  - Wireshark stops showing new packets but dumpcap keeps     writing them to the temp file.

  - Wireshark 1.10.4 shuts down when promiscuous mode is     unchecked.

  - Homeplug dissector bug: STATUS_ACCESS_VIOLATION:
    dissector accessed an invalid memory address.

  - update to 1.10.4 [bnc#855980]

  + vulnerabilities fixed :

  - The SIP dissector could go into an infinite loop.
    wnpa-sec-2013-66 CVE-2013-7112

  - The BSSGP dissector could crash. wnpa-sec-2013-67     CVE-2013-7113

  - The NTLMSSP v2 dissector could crash. Discovered by     Garming Sam. wnpa-sec-2013-68 CVE-2013-7114

  + Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.10.4     .html

- openSUSE 12.2 and 12.3: update to 1.8.12 [bnc#855980]

  + vulnerabilities fixed :

  - The SIP dissector could go into an infinite loop.
    wnpa-sec-2013-66 CVE-2013-7112

  - The NTLMSSP v2 dissector could crash. Discovered by     Garming Sam. wnpa-sec-2013-68 CVE-2013-7114

  + Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.8.12     .html

  - openSUSE 13.1: update to 1.10.4 [bnc#855980]

  + vulnerabilities fixed :

  - The SIP dissector could go into an infinite loop.
    wnpa-sec-2013-66 CVE-2013-7112

  - The BSSGP dissector could crash. wnpa-sec-2013-67     CVE-2013-7113

  - The NTLMSSP v2 dissector could crash. Discovered by     Garming Sam. wnpa-sec-2013-68 CVE-2013-7114

  + Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.10.4     .html

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)

All running instances of Wireshark must be restarted for the update to take effect.

Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112)

All running instances of Wireshark must be restarted for the update to take effect.

Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.

Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114)

All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.

Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112)

All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0342 advisory.

    - Resolves: CVE-2013-6337
    - Resolves: CVE-2014-2281                 CVE-2014-2283                 CVE-2014-2299

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0341 advisory.

    [1.0.15-6.0.1.el5]
    - Added oracle-ocfs2-network.patch
    - increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]

    [1.0.15-6]
    - security patches
    - Resolves: CVE-2012-6056                 CVE-2012-6060                 CVE-2012-6061                 CVE-2012-6062                 CVE-2013-3557                 CVE-2013-3559                 CVE-2013-4081                 CVE-2013-4083                 CVE-2013-4927                 CVE-2013-4931                 CVE-2013-4932                 CVE-2013-4933                 CVE-2013-4934                 CVE-2013-4935                 CVE-2013-5721                 CVE-2013-7112                 CVE-2014-2281                 CVE-2014-2299

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

wireshark was updated to security update version 1.8.12, fixing bugs and security issues.

  - The SIP dissector could go into an infinite loop.
    wnpa-sec-2013-66. (CVE-2013-7112)

  - The NTLMSSP v2 dissector could crash. Discovered by     Garming Sam. wnpa-sec-2013-68 (CVE-2013-7114) Further     bug fixes and updated protocol support as listed in :

https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html

Multiple vulnerabilities was found and corrected in Wireshark :

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-7112).

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet (CVE-2013-7114).

This advisory provides the latest version of Wireshark (1.8.12) which is not vulnerable to these issues.

The installed version of Wireshark 1.10.x is prior to 1.10.4. It is, therefore, affected by denial of service vulnerabilities in the following dissectors and file parsers :

  - BSSGP (Bug #9488)
  - NTLMSSP v2
  - SIP (Bug #9388)
  - libpcap (Bug #9753)

The installed version of Wireshark 1.8.x is a version prior to 1.8.12. It is, therefore, affected by denial of service vulnerabilities in the following dissectors :

  - NTLMSSP v2
  - SIP (Bug #9388)

ID	Name	Product	Family	Severity
91395	Debian DLA-497-1 : wireshark security update	Nessus	Debian Local Security Checks	medium
80811	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark9)	Nessus	Solaris Local Security Checks	medium
78273	Amazon Linux AMI : wireshark (ALAS-2014-330)	Nessus	Amazon Linux Local Security Checks	high
75415	openSUSE Security Update : wireshark (openSUSE-SU-2014:0017-1)	Nessus	SuSE Local Security Checks	medium
75377	openSUSE Security Update : wireshark (openSUSE-SU-2014:0013-1)	Nessus	SuSE Local Security Checks	medium
73286	Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20140331)	Nessus	Scientific Linux Local Security Checks	high
73285	Scientific Linux Security Update : wireshark on SL5.x i386/x86_64 (20140331)	Nessus	Scientific Linux Local Security Checks	high
73282	RHEL 6 : wireshark (RHSA-2014:0342)	Nessus	Red Hat Local Security Checks	high
73281	RHEL 5 : wireshark (RHSA-2014:0341)	Nessus	Red Hat Local Security Checks	high
73280	Oracle Linux 6 : wireshark (ELSA-2014-0342)	Nessus	Oracle Linux Local Security Checks	high
73279	Oracle Linux 5 : wireshark (ELSA-2014-0341)	Nessus	Oracle Linux Local Security Checks	high
73277	CentOS 6 : wireshark (CESA-2014:0342)	Nessus	CentOS Local Security Checks	high
73276	CentOS 5 : wireshark (CESA-2014:0341)	Nessus	CentOS Local Security Checks	high
72086	SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8708 / 8709)	Nessus	SuSE Local Security Checks	medium
71604	Mandriva Linux Security Advisory : wireshark (MDVSA-2013:296)	Nessus	Mandriva Local Security Checks	medium
71521	Wireshark 1.10.x < 1.10.4 Multiple DoS	Nessus	Windows	high
71520	Wireshark 1.8.x < 1.8.12 Multiple DoS	Nessus	Windows	medium

Detections

Analytics

CVE-2013-7112

high

Tenable Plugins

medium

medium

high

medium

medium

high

high

high

high

high

high

high

high

medium

medium

high

medium