The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.

Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code

(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)

From Red Hat Security Advisory 2010:0625 :

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.

Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)

Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.

Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)

NOTE: This errata updates Wireshark to version 1.0.15 to resolve these issues.

All running instances of Wireshark must be restarted for the update to take effect.

Wireshark was updated to version 1.4.4 to fix several security issues.

Wireshark was updated to version 1.4.4 to fix several security issues

Update to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-04.html * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.

Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286)

Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.

This advisory updates wireshark to the latest version(s), fixing several bugs and one security issue :

The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file (CVE-2010-1455).

The remote host is affected by the vulnerability described in GLSA-201006-05 (Wireshark: Multiple vulnerabilities)

    Multiple vulnerabilities were found in the Daintree SNA file parser,     the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information     please consult the CVE entries referenced below.
  Impact :

    A remote attacker could cause a Denial of Service and possibly execute     arbitrary code via crafted packets or malformed packet trace files.
  Workaround :

    There is no known workaround at this time.

A vulnerability found in the DOCSIS dissector can cause Wireshark to crash when a malformed packet trace file is opened. This means that an attacker will have to trick a victim into opening such a trace file before being able to crash the application

ID	Name	Product	Family	Severity
75771	openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)	Nessus	SuSE Local Security Checks	critical
68084	Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)	Nessus	Oracle Linux Local Security Checks	critical
60836	Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
57261	SuSE 10 Security Update : wireshark (ZYPP Patch Number 7438)	Nessus	SuSE Local Security Checks	critical
53808	openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)	Nessus	SuSE Local Security Checks	critical
53689	openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)	Nessus	SuSE Local Security Checks	critical
53319	SuSE 10 Security Update : wireshark (ZYPP Patch Number 7439)	Nessus	SuSE Local Security Checks	critical
53315	SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)	Nessus	SuSE Local Security Checks	critical
49093	Fedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)	Nessus	Fedora Local Security Checks	critical
48409	CentOS 4 / 5 : wireshark (CESA-2010:0625)	Nessus	CentOS Local Security Checks	critical
48314	RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)	Nessus	Red Hat Local Security Checks	critical
48183	Mandriva Linux Security Advisory : wireshark (MDVSA-2010:099)	Nessus	Mandriva Local Security Checks	medium
46772	GLSA-201006-05 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
46259	FreeBSD : wireshark -- DOCSIS dissector denial of service (28022228-5a0e-11df-942d-0015587e2cc1)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2010-1455

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

medium

high

medium