Debian DSA-1785-1 : wireshark - several vulnerabilities

critical Nessus Plugin ID 38666

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector.

- CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash.

- CVE-2009-1269 Malformed Tektronix files could lead to a crash.

The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release.

Solution

Upgrade the wireshark packages.

For the stable distribution (lenny), these problems have been fixed in version 1.0.2-3+lenny5.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-1210

https://security-tracker.debian.org/tracker/CVE-2009-1268

https://security-tracker.debian.org/tracker/CVE-2009-1269

https://www.debian.org/security/2009/dsa-1785

Plugin Details

Severity: Critical

ID: 38666

File Name: debian_DSA-1785.nasl

Version: 1.15

Type: local

Agent: unix

Published: 5/4/2009

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wireshark, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/1/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-1210, CVE-2009-1268, CVE-2009-1269

BID: 34291, 34457

CWE: 134, 20

DSA: 1785