[oss-security] 20110531 CVE request for Wireshark 1.4.5 TCP DoS issue

[oss-security] 20110601 Re: CVE request for Wireshark 1.4.5 TCP DoS issue

44449

http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html

http://www.wireshark.org/news/20110418.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5837

wireshark-desegmenttcp-dos(67789)

oval:org.mitre.oval:def:14943

The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Wireshark. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could send specially crafted packets on a network       being monitored by Wireshark, entice a user to open a malformed packet       trace file using Wireshark, or deploy a specially crafted Lua script for       use by Wireshark, possibly resulting in the execution of arbitrary code,       or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The installed version of Wireshark, version 1.4.5, is affected by a denial of service vulnerability.  An attacker can exploit this vulnerability by crafting a malicious TCP packet and sending it on a network segment that Wireshark is monitoring, causing the application to crash.

The installed version of Wireshark is 1.2.x less than 1.2.17 or 1.4.x less than 1.4.7.  As such, it is affected by the following vulnerabilities :
  - An error exists in DICOM dissector that can allow denial     of service attacks when processing certain malformed     packets. (Issue #5876)

  - An error exists in the handling of corrupted snoop     files that can cause application crashes. (Issue #5912)

  - An error exists in the handling of compressed capture     data that can cause application crashes. (Issue #5908)

  - An error exists in the handling of 'Visual Networks'     files that can cause application crashes. (Issue #5934)

  - An error exists in the 'desegment_tcp()' function in the     file 'epan/dissectors/packet-tcp.c' that can allow a NULL     pointer to be dereferenced when handling certain TCP     segments. (Issue #5837)

  - An error exists in the handling of corrupted 'Diameter'     dictionary files that can cause application crashes.     (CVE-2011-1958)

ID	Name	Product	Family	Severity
56426	GLSA-201110-02 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
55411	Wireshark 1.4.5 Denial of Service	Nessus	Windows	medium
54942	Wireshark < 1.2.17 / 1.4.7 Multiple DoS Vulnerabilities	Nessus	Windows	medium

CVE-2011-1956

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

medium

medium