Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote macOS or Mac OS X host is
affected by multiple denial of service vulnerabilities.

Description :

The version of Wireshark installed on the remote macOS or Mac OS X
host is 2.0.x prior to 2.0.13 or 2.2.x prior to 2.2.7. It is,
therefore, affected by multiple denial of service vulnerabilities :

- A NULL pointer dereference flaw exists in the
dissect_msnip() function within file
epan/dissectors/packet-msnip.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9343)

- A divide-by-zero error exists in the
dissect_connparamrequest() function within file
epan/dissectors/packet-btl2cap.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9344)

- An infinite loop condition exists in the
expand_dns_name() function within file
epan/dissectors/packet-dns.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9345)

- An infinite loop condition exists in the
dissect_slsk_pdu() function within file
epan/dissectors/packet-slsk.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9346)

- A NULL pointer dereference flaw exists in the
ros_try_string() function within file
epan/dissectors/asn1/ros/packet-ros-template.c due to
improper validation of user-supplied input passed as an
OID string. An unauthenticated, remote attacker can
exploit this, via a specially crafted packet or packet
trace file, to cause a denial of service condition. This
issue only affects version 2.2.x. (CVE-2017-9347)

- An out-of-bounds read error exists in the
OALMarshal_UncompressValue() function within file
epan/dissectors/packet-dof.c when handling Distributed
Object Framework (DOF) packets. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. This issue only affects version
2.2.x. (CVE-2017-9348)

- An infinite loop condition exists in the
dissect_dcm_pdu_data() function within file
epan/dissectors/packet-dcm.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9349)

- A memory allocation issue exists in the
dissect_opensafety_ssdo_message() function within file
epan/dissectors/packet-opensafety.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9350)

- An out-of-bounds read error exists in the bootp_option()
function within file epan/dissectors/packet-bootp.c when
handling vendor class identifier strings in bootp
packets due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via a specially crafted packet or packet trace
file, to cause a denial of service condition.
(CVE-2017-9351)

- An infinite loop condition exists in the
get_bzr_pdu_len() function within file
epan/dissectors/packet-bzr.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9352)

- A NULL pointer dereference flaw exists in the
dissect_routing6_rpl() function within file
epan/dissectors/packet-ipv6.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. This issue only affects version
2.2.x. (CVE-2017-9353)

- A NULL pointer dereference flaw exists in the
dissect_rgmp() function within file
epan/dissectors/packet-rgmp.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. (CVE-2017-9354)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html
https://www.wireshark.org/security/wnpa-sec-2017-33.html
https://www.wireshark.org/security/wnpa-sec-2017-32.html
https://www.wireshark.org/security/wnpa-sec-2017-31.html
https://www.wireshark.org/security/wnpa-sec-2017-30.html
https://www.wireshark.org/security/wnpa-sec-2017-29.html
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://www.wireshark.org/security/wnpa-sec-2017-27.html
https://www.wireshark.org/security/wnpa-sec-2017-26.html
https://www.wireshark.org/security/wnpa-sec-2017-25.html
https://www.wireshark.org/security/wnpa-sec-2017-24.html
https://www.wireshark.org/security/wnpa-sec-2017-23.html
https://www.wireshark.org/security/wnpa-sec-2017-22.html

Solution :

Upgrade to Wireshark version 2.0.13 / 2.2.7 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now