Debian DSA-2700-1 : wireshark - several vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

Multiple vulnerabilities were discovered in the dissectors for GTPv2,
ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could
result in denial of service or the execution of arbitrary code.

The oldstable distribution (squeeze) is not affected.

See also :

http://www.debian.org/security/2013/dsa-2700

Solution :

Upgrade the wireshark packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.8.2-5wheezy3.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 66767 ()

Bugtraq ID: 59992
59994
59995
59998
59999
60021

CVE ID: CVE-2013-3555
CVE-2013-3557
CVE-2013-3558
CVE-2013-3559
CVE-2013-3560
CVE-2013-3562