Synopsis
The remote Windows host has an application installed that is affected by multiple denial of service vulnerabilities.
Description
The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.6. It is, therefore, affected by multiple denial of service vulnerabilities :
- A flaw exists in the QNX6 QNET dissector in the dissect_qnet6_lr() function in packet-qnet6.c due to improper handling of MAC address data. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7175)
- Multiple flaws exist in the H.225 dissector in packet-h225.c due to improper handling of strings in malformed packets. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7176)
- An out-of-bounds read error exists in the Catapult DCT2000 dissector in the attach_fp_info() function in packet-catapult-dct2000.c due to a failure to restrict the number of channels. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7177)
- A NULL pointer dereference flaw exists in the UMTS FP dissector in packet-umts_fp.c due to a failure to ensure that memory is allocated for certain data structures. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7178)
- A stack-based buffer overflow condition exists in the Catapult DCT2000 dissector in the parse_outhdr_string() function in packet-catapult-dct2000.c due to improper validation of specially crafted packets. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7179)
- A flaw exists in the IPMI Trace dissector in the dissect_ipmi_trace() function in packet-ipmi-trace.c due to a failure to properly consider whether a string is constant. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7180)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Wireshark version 2.0.6 or later.
Plugin Details
File Name: wireshark_2_0_6.nasl
Agent: windows
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:wireshark:wireshark
Required KB Items: installed_sw/Wireshark
Exploit Ease: No known exploits are available
Patch Publication Date: 9/8/2016
Vulnerability Publication Date: 12/4/2015