Mandriva Linux Security Advisory : wireshark (MDVSA-2011:105)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

This advisory updates wireshark to the latest version (1.2.17), fixing
several security issues :

- Large/infinite loop in the DICOM dissector. (Bug 5876)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

- Huzaifa Sidhpurwala of the Red Hat Security Response
Team discovered that a corrupted Diameter dictionary
file could crash Wireshark. Versions affected: 1.2.0 to
1.2.16 and 1.4.0 to 1.4.6.

- Huzaifa Sidhpurwala of the Red Hat Security Response
Team discovered that a corrupted snoop file could crash
Wireshark. (Bug 5912) Versions affected: 1.2.0 to 1.2.16
and 1.4.0 to 1.4.6.

- David Maciejak of Fortinet's FortiGuard Labs discovered
that malformed compressed capture data could crash
Wireshark. (Bug 5908) Versions affected: 1.2.0 to 1.2.16
and 1.4.0 to 1.4.6.

- Huzaifa Sidhpurwala of the Red Hat Security Response
Team discovered that a corrupted Visual Networks file
could crash Wireshark. (Bug 5934) Versions affected:
1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

See also :

http://www.wireshark.org/security/wnpa-sec-2011-07.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 54940 ()

Bugtraq ID: 48066

CVE ID: CVE-2011-1957
CVE-2011-1958
CVE-2011-1959
CVE-2011-2174
CVE-2011-2175

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now