Fedora 11 : wireshark-1.2.2-1.fc11 (2009-9837)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Update to Wireshark 1.2.2 fixing multiple security issues:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
http://www.wireshark.org/security/wnpa-sec-2009-06.html * The OpcUa
dissector could use excessive CPU and memory. (Bug 3986) Versions
affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 * The GSM A RR dissector
could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1 * The TLS
dissector could crash on some platforms. (Bug 4008) Versions affected:
1.2.0 to 1.2.1
http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html
http://www.wireshark.org/security/wnpa-sec-2009-04.html * The AFS
dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0

- The Infiniband dissector could crash on some platforms.
Versions affected: 1.0.6 to 1.2.0 * The IPMI dissector
could overrun a buffer. (Bug 3559) Versions affected:
1.2.0 * The Bluetooth L2CAP dissector could crash. (Bug
3572) Versions affected: 1.2.0 * The RADIUS dissector
could crash. (Bug 3578) Versions affected: 1.2.0 * The
MIOP dissector could crash. (Bug 3652) Versions
affected: 1.2.0 * The sFlow dissector could use
excessive CPU and memory. (Bug 3570) Versions affected:
1.2.0 (Issues from wnpa-sec-2009-04 does not affect
users of Wireshark 1.2.1 packages from updates-testing.)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html
http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
http://www.wireshark.org/security/wnpa-sec-2009-04.html
http://www.wireshark.org/security/wnpa-sec-2009-06.html
https://bugzilla.redhat.com/show_bug.cgi?id=512953
https://bugzilla.redhat.com/show_bug.cgi?id=512987
https://bugzilla.redhat.com/show_bug.cgi?id=512992
https://bugzilla.redhat.com/show_bug.cgi?id=513008
https://bugzilla.redhat.com/show_bug.cgi?id=513033
https://bugzilla.redhat.com/show_bug.cgi?id=523987
https://bugzilla.redhat.com/show_bug.cgi?id=524001
http://www.nessus.org/u?0f608355

Solution :

Update the affected wireshark package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 42387 (fedora_2009-9837.nasl)

Bugtraq ID: 35748
36408
36846

CVE ID: CVE-2009-2559
CVE-2009-2560
CVE-2009-2561
CVE-2009-2562
CVE-2009-2563
CVE-2009-3241
CVE-2009-3242

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now