FreeBSD : Wireshark -- Multiple vulnerabilities (4cdfe875-e8d6-11e1-bea0-002354ed89bc)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Wireshark reports :

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.

It may be possible to make Wireshark consume excessive CPU resources
by injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file.

The PPP dissector could crash.

The NFS dissector could use excessive amounts of CPU.

The DCP ETSI dissector could trigger a zero division.

The MongoDB dissector could go into a large loop.

The XTP dissector could go into an infinite loop.

The ERF dissector could overflow a buffer.

The AFP dissector could go into a large loop.

The RTPS2 dissector could overflow a buffer.

The GSM RLC MAC dissector could overflow a buffer.

The CIP dissector could exhaust system memory.

The STUN dissector could crash.

The EtherCAT Mailbox dissector could abort.

The CTDB dissector could go into a large loop.

The pcap-ng file parser could trigger a zero division.

The Ixia IxVeriWave file parser could overflow a buffer.

See also :

http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-14.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-16.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/security/wnpa-sec-2012-24.html
http://www.wireshark.org/security/wnpa-sec-2012-25.html
http://www.nessus.org/u?fe860795

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now