Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark3)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The dissect_pft function in
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI
dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before
1.6.10, and 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (divide-by-zero error and
application crash) via a zero-length message.
(CVE-2012-4285)

- The pcapng_read_packet_block function in
wiretap/pcapng.c in the pcap-ng file parser in Wireshark
1.8.x before 1.8.2 allows user-assisted remote attackers
to cause a denial of service (divide-by-zero error and
application crash) via a crafted pcap-ng file.
(CVE-2012-4286)

- epan/dissectors/packet-mongo.c in the MongoDB dissector
in Wireshark 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (loop and CPU consumption)
via a small value for a BSON document length.
(CVE-2012-4287)

- Integer overflow in the dissect_xtp_ecntl function in
epan/dissectors/ packet-xtp.c in the XTP dissector in
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a
denial of service (loop or application crash) via a
large value for a span length. (CVE-2012-4288)

- epan/dissectors/packet-afp.c in the AFP dissector in
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a
denial of service (loop and CPU consumption) via a large
number of ACL entries. (CVE-2012-4289)

- The CTDB dissector in Wireshark 1.4.x before 1.4.15,
1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows
remote attackers to cause a denial of service (loop and
CPU consumption) via a malformed packet. (CVE-2012-4290)

- The CIP dissector in Wireshark 1.4.x before 1.4.15,
1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows
remote attackers to cause a denial of service (memory
consumption) via a malformed packet. (CVE-2012-4291)

- The dissect_stun_message function in
epan/dissectors/packet-stun.c in the STUN dissector in
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 does not properly interact with
key-destruction behavior in a certain tree library,
which allows remote attackers to cause a denial of
service (application crash) via a malformed packet.
(CVE-2012-4292)

- plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox
dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before
1.6.10, and 1.8.x before 1.8.2 does not properly handle
certain integer fields, which allows remote attackers to
cause a denial of service (application exit) via a
malformed packet. (CVE-2012-4293)

- Buffer overflow in the channelised_fill_sdh_g707_format
function in epan/ dissectors/packet-erf.c in the ERF
dissector in Wireshark 1.8.x before 1.8.2 allows remote
attackers to execute arbitrary code via a large speed
(aka rate) value. (CVE-2012-4294)

- Array index error in the
channelised_fill_sdh_g707_format function in epan/
dissectors/packet-erf.c in the ERF dissector in
Wireshark 1.8.x before 1.8.2 might allow remote
attackers to cause a denial of service (application
crash) via a crafted speed (aka rate) value.
(CVE-2012-4295)

- Buffer overflow in epan/dissectors/packet-rtps2.c in the
RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x
before 1.6.10, and 1.8.x before 1.8.2 allows remote
attackers to cause a denial of service (CPU consumption)
via a malformed packet. (CVE-2012-4296)

- Buffer overflow in the dissect_gsm_rlcmac_downlink
function in epan/dissectors/ packet-gsm_rlcmac.c in the
GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10
and 1.8.x before 1.8.2 allows remote attackers to
execute arbitrary code via a malformed packet.
(CVE-2012-4297)

- Integer signedness error in the
vwr_read_rec_data_ethernet function in wiretap/ vwr.c in
the Ixia IxVeriWave file parser in Wireshark 1.8.x
before 1.8.2 allows user-assisted remote attackers to
execute arbitrary code via a crafted packet-trace file
that triggers a buffer overflow. (CVE-2012-4298)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?f688cd9b

Solution :

Upgrade to Solaris 11/11 SRU 13.4.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now