CVE-2011-3360

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

References

http://osvdb.org/75347

http://www.debian.org/security/2011/dsa-2324

http://www.mandriva.com/security/advisories?name=MDVSA-2011:138

http://www.openwall.com/lists/oss-security/2011/09/13/1

http://www.openwall.com/lists/oss-security/2011/09/14/5

http://www.wireshark.org/security/wnpa-sec-2011-15.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136

https://bugzilla.redhat.com/show_bug.cgi?id=737784

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059

Details

Source: MITRE

Published: 2011-09-20

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
80800Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in)NessusSolaris Local Security Checks
high
76045openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)NessusSuSE Local Security Checks
high
75774openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)NessusSuSE Local Security Checks
high
61928Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138)NessusMandriva Local Security Checks
high
57263SuSE 10 Security Update : wireshark (ZYPP Patch Number 7796)NessusSuSE Local Security Checks
high
57136SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281)NessusSuSE Local Security Checks
high
56617SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)NessusSuSE Local Security Checks
high
56571Debian DSA-2324-1 : wireshark - programming errorNessusDebian Local Security Checks
high
56426GLSA-201110-02 : Wireshark: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
56164Wireshark 1.6.x < 1.6.2 Multiple VulnerabilitiesNessusWindows
medium
56163Wireshark 1.4.x < 1.4.9 Multiple VulnerabilitiesNessusWindows
medium