Wireshark 2.0.x < 2.0.11 / 2.2.x < 2.2.5 Multiple DoS

high Nessus Plugin ID 97574

Synopsis

An application installed on the remote Windows host is affected by multiple denial of service vulnerabilities.

Description

The version of Wireshark installed on the remote Windows host is 2.0.x prior to 2.0.11 or 2.2.x prior to 2.2.5. It is, therefore, affected by multiple denial of service vulnerabilities :

- An infinite loop condition exists in the Netscaler file parser in the nstrace_read_v20() and nstrace_read_v30() functions within file wiretap/netscaler.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6467)

- An out-of-bounds read error exists within various functions in file wiretap/netscaler.c when handling record lengths. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the Netscaler file parser process. (CVE-2017-6468)

- A memory allocation issue exists in the dissect_ldss_transfer() function within file epan/dissectors/packet-ldss.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to crash the LDSS dissector process. (CVE-2017-6469)

- An infinite loop condition exists in IAX2 in the iax2_add_ts_fields() function within file epan/dissectors/packet-iax2.c when processing timestamps. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive CPU resources, resulting in a denial of service condition.
(CVE-2017-6470)

- An infinite loop condition exists in WSP in the dissect_wsp_common() function within file epan/dissectors/packet-wsp.c when handling capability lengths. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to cause a denial of service condition.
(CVE-2017-6471)

- An infinite loop condition exists in the RTMPT dissector in the dissect_rtmpt_common() function within file epan/dissectors/packet-rtmpt.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6472)

- A denial of service vulnerability exists in the process_packet_data() function within file wiretap/k12.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the K12 file parser process. (CVE-2017-6473)

- An infinite loop condition exists in the NetScaler file parser in the nstrace_read_v10(), nstrace_read_v20(), and nstrace_read_v30() functions within file wiretap/netscaler.c when handling record sizes. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6474)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Wireshark version 2.0.11 / 2.2.5 or later.

See Also

https://www.wireshark.org/security/wnpa-sec-2017-03.html

https://www.wireshark.org/security/wnpa-sec-2017-04.html

https://www.wireshark.org/security/wnpa-sec-2017-05.html

https://www.wireshark.org/security/wnpa-sec-2017-07.html

https://www.wireshark.org/security/wnpa-sec-2017-08.html

https://www.wireshark.org/security/wnpa-sec-2017-09.html

https://www.wireshark.org/security/wnpa-sec-2017-10.html

https://www.wireshark.org/security/wnpa-sec-2017-11.html

Plugin Details

Severity: High

ID: 97574

File Name: wireshark_2_2_5.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 3/7/2017

Updated: 3/9/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wireshark:wireshark

Required KB Items: installed_sw/Wireshark

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2017

Vulnerability Publication Date: 2/5/2016

Reference Information

CVE: CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474