Wireshark 1.8.x < 1.8.5 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple vulnerabilities.

Description :

The installed version of Wireshark 1.8 is earlier than 1.8.5. It is,
therefore, affected by the following vulnerabilities :

- Errors exist related to the Bluetooth HCI, CSN.1,
DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols,
MPLS, R3, RTPS, SDP, and SIP dissectors that could
allow the application to enter infinite or large loops,
thereby consuming excessive CPU resources. (Bugs 8036,
8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)

- Errors exist related to the DCP-ETSI, ROHC, DTLS,
MS-MMC, DTN, CLNP dissectors that could allow them to
crash. (Bugs 7679, 7871, 7945, 8111, 8112, 8213)

- An unspecified error could allow the dissection engine
to crash. (Bug 8197)

- An unspecified buffer overflow exists in the NTLMSSP
dissector that has an unspecified impact.

See also :

http://www.wireshark.org/security/wnpa-sec-2013-01.html
http://www.wireshark.org/security/wnpa-sec-2013-02.html
http://www.wireshark.org/security/wnpa-sec-2013-03.html
http://www.wireshark.org/security/wnpa-sec-2013-04.html
http://www.wireshark.org/security/wnpa-sec-2013-05.html
http://www.wireshark.org/security/wnpa-sec-2013-06.html
http://www.wireshark.org/security/wnpa-sec-2013-07.html
http://www.wireshark.org/security/wnpa-sec-2013-08.html
http://www.wireshark.org/security/wnpa-sec-2013-09.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html

Solution :

Upgrade to Wireshark version 1.8.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false