Detections
Analytics

FreeBSD : wireshark -- multiple vulnerabilities (313e9557-41e8-11e6-ab34-002590263bf5)

high Nessus Plugin ID 91928

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Wireshark development team reports :

The following vulnerabilities have been fixed :

- wnpa-sec-2016-29

The SPOOLS dissector could go into an infinite loop. Discovered by the CESG.

- wnpa-sec-2016-30

The IEEE 802.11 dissector could crash. (Bug 11585)

- wnpa-sec-2016-31

The IEEE 802.11 dissector could crash. Discovered by Mateusz Jurczyk.
(Bug 12175)

- wnpa-sec-2016-32

The UMTS FP dissector could crash. (Bug 12191)

- wnpa-sec-2016-33

Some USB dissectors could crash. Discovered by Mateusz Jurczyk. (Bug 12356)

- wnpa-sec-2016-34

The Toshiba file parser could crash. Discovered by iDefense Labs. (Bug 12394)

- wnpa-sec-2016-35

The CoSine file parser could crash. Discovered by iDefense Labs. (Bug 12395)

- wnpa-sec-2016-36

The NetScreen file parser could crash. Discovered by iDefense Labs.
(Bug 12396)

- wnpa-sec-2016-37

The Ethernet dissector could crash. (Bug 12440)

Solution

Update the affected packages.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html

https://www.openwall.com/lists/oss-security/2016/06/09/4

http://www.nessus.org/u?c9599f42

Plugin Details

Severity: High

ID: 91928

File Name: freebsd_pkg_313e955741e811e6ab34002590263bf5.nasl

Version: 2.6

Type: local

Published: 7/5/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:tshark, p-cpe:/a:freebsd:freebsd:tshark-lite, p-cpe:/a:freebsd:freebsd:wireshark, p-cpe:/a:freebsd:freebsd:wireshark-lite, p-cpe:/a:freebsd:freebsd:wireshark-qt5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/4/2016

Vulnerability Publication Date: 6/7/2016

Reference Information

CVE: CVE-2016-5350, CVE-2016-5351, CVE-2016-5352, CVE-2016-5353, CVE-2016-5354, CVE-2016-5355, CVE-2016-5356, CVE-2016-5357, CVE-2016-5358