Detections
Analytics
GLSA-200906-05 : Wireshark: Multiple vulnerabilities
critical Nessus Plugin ID 39580
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-200906-05 (Wireshark: Multiple vulnerabilities)Multiple vulnerabilities have been discovered in Wireshark:
David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681).
A malformed Tamos CommView capture file (aka .ncf file) with an 'unknown/unexpected packet type' triggers a failed assertion in wtap.c (CVE-2008-4682).
An unchecked packet length parameter in the dissect_btacl() function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683).
A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684).
Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931 dissector via certain packets that trigger an exception (CVE-2008-4685).
The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285).
The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472).
babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599).
A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600).
A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601).
THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210).
An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266).
Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP) (CVE-2009-1268).
Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269).
The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829).
Impact :
A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark.
Workaround :
There is no known workaround at this time.
Solution
All Wireshark users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.0.8'
See Also
Plugin Details
Severity: Critical
ID: 39580
File Name: gentoo_GLSA-200906-05.nasl
Version: 1.15
Type: local
Family: Gentoo Local Security Checks
Published: 7/1/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:wireshark, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/30/2009
Exploitable With
Core Impact
Reference Information
CVE: CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600, CVE-2009-0601, CVE-2009-1210, CVE-2009-1266, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829