GLSA-200911-05 : Wireshark: Multiple vulnerabilities

high Nessus Plugin ID 42915

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Wireshark:
Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829).
The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551).
Impact :

A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service.
Workaround :

There is no known workaround at this time.

Solution

All Wireshark users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3'

See Also

https://security.gentoo.org/glsa/200911-05

Plugin Details

Severity: High

ID: 42915

File Name: gentoo_GLSA-200911-05.nasl

Version: 1.16

Type: local

Published: 11/30/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:wireshark, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2009

Reference Information

CVE: CVE-2009-2560, CVE-2009-3241, CVE-2009-3242, CVE-2009-3243, CVE-2009-3549, CVE-2009-3550, CVE-2009-3551, CVE-2009-3829

BID: 35748, 36408, 36591, 36846

CWE: 189, 20

GLSA: 200911-05