Wireshark 2.0.x < 2.0.6 Multiple DoS

medium Nessus Plugin ID 93518

Synopsis

The remote Windows host has an application installed that is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.6. It is, therefore, affected by multiple denial of service vulnerabilities :

- A flaw exists in the QNX6 QNET dissector in the dissect_qnet6_lr() function in packet-qnet6.c due to improper handling of MAC address data. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7175)

- Multiple flaws exist in the H.225 dissector in packet-h225.c due to improper handling of strings in malformed packets. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7176)

- An out-of-bounds read error exists in the Catapult DCT2000 dissector in the attach_fp_info() function in packet-catapult-dct2000.c due to a failure to restrict the number of channels. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7177)

- A NULL pointer dereference flaw exists in the UMTS FP dissector in packet-umts_fp.c due to a failure to ensure that memory is allocated for certain data structures. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7178)

- A stack-based buffer overflow condition exists in the Catapult DCT2000 dissector in the parse_outhdr_string() function in packet-catapult-dct2000.c due to improper validation of specially crafted packets. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service. (CVE-2016-7179)

- A flaw exists in the IPMI Trace dissector in the dissect_ipmi_trace() function in packet-ipmi-trace.c due to a failure to properly consider whether a string is constant. An unauthenticated, remote attacker can exploit this, via a crafted packet, to crash the program, resulting in a denial of service.
(CVE-2016-7180)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Wireshark version 2.0.6 or later.

See Also

https://www.wireshark.org/security/wnpa-sec-2016-50.html

https://www.wireshark.org/security/wnpa-sec-2016-51.html

https://www.wireshark.org/security/wnpa-sec-2016-52.html

https://www.wireshark.org/security/wnpa-sec-2016-53.html

https://www.wireshark.org/security/wnpa-sec-2016-54.html

https://www.wireshark.org/security/wnpa-sec-2016-55.html

https://www.wireshark.org/docs/relnotes/wireshark-2.0.6.html

Plugin Details

Severity: Medium

ID: 93518

File Name: wireshark_2_0_6.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 9/15/2016

Updated: 3/9/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wireshark:wireshark

Required KB Items: installed_sw/Wireshark

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2016

Vulnerability Publication Date: 12/4/2015

Reference Information

CVE: CVE-2016-7175, CVE-2016-7176, CVE-2016-7177, CVE-2016-7178, CVE-2016-7179, CVE-2016-7180

BID: 92889