Mandriva Linux Security Advisory : wireshark (MDVSA-2011:044)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

This advisory updates wireshark to the latest version (1.2.15), fixing
several security issues :

Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer
during processing of a .pcap file in the pcap-ng format, which allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via a malformed file
(CVE-2011-0538).

Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0
through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to
cause a denial of service (application crash) or possibly have
unspecified other impact via a long record in a Nokia DCT3 trace file
(CVE-2011-0713).

wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through
1.4.3 allows remote attackers to cause a denial of service
(application crash) via a pcap-ng file that contains a large
packet-length field (CVE-2011-1139).

Multiple stack consumption vulnerabilities in the
dissect_ms_compressed_string and dissect_mscldap_string functions in
Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow
remote attackers to cause a denial of service (infinite recursion) via
a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet
(CVE-2011-1140).

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through
1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a
denial of service (memory consumption) via (1) a long LDAP filter
string or (2) an LDAP filter string containing many elements
(CVE-2011-1141).

Stack consumption vulnerability in the dissect_ber_choice function in
the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through
1.4.4 might allow remote attackers to cause a denial of service
(infinite loop) via vectors involving self-referential ASN.1 CHOICE
values (CVE-2011-1142).

epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark
before 1.4.4 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted .pcap
file (CVE-2011-1143).

The updated packages have been upgraded to the latest 1.2.x version
(1.2.15) and patched to correct these issues.

See also :

http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 52593 ()

Bugtraq ID: 46167
46416
46626

CVE ID: CVE-2011-0538
CVE-2011-0713
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
CVE-2011-1142
CVE-2011-1143

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now