Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_fixed_in_wireshark)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Wireshark 1.8.x before 1.8.4 allows remote attackers to
obtain sensitive hostname information by reading pcap-ng
files. (CVE-2012-6052)

- epan/dissectors/packet-usb.c in the USB dissector in
Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
relies on a length field to calculate an offset value,
which allows remote attackers to cause a denial of
service (infinite loop) via a zero value for this field.
(CVE-2012-6053)

- The dissect_sflow_245_address_type function in
epan/dissectors/packet-sflow.c in the sFlow dissector in
Wireshark 1.8.x before 1.8.4 does not properly handle
length calculations for an invalid IP address type,
which allows remote attackers to cause a denial of
service (infinite loop) via a packet that is neither
IPv4 nor IPv6. (CVE-2012-6054)

- epan/dissectors/packet-3g-a11.c in the 3GPP2 A11
dissector in Wireshark 1.8.x before 1.8.4 allows remote
attackers to cause a denial of service (infinite loop)
via a zero value in a sub-type length field.
(CVE-2012-6055)

- Integer overflow in the dissect_sack_chunk function in
epan/dissectors/ packet-sctp.c in the SCTP dissector in
Wireshark 1.8.x before 1.8.4 allows remote attackers to
cause a denial of service (infinite loop) via a crafted
Duplicate TSN count. (CVE-2012-6056)

- The dissect_eigrp_metric_comm function in
epan/dissectors/packet-eigrp.c in the EIGRP dissector in
Wireshark 1.8.x before 1.8.4 uses the wrong data type
for a certain offset value, which allows remote
attackers to cause a denial of service (integer overflow
and infinite loop) via a malformed packet.
(CVE-2012-6057)

- Integer overflow in the dissect_icmpv6 function in
epan/dissectors/ packet-icmpv6.c in the ICMPv6 dissector
in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
allows remote attackers to cause a denial of service
(infinite loop) via a crafted Number of Sources value.
(CVE-2012-6058)

- The dissect_isakmp function in
epan/dissectors/packet-isakmp.c in the ISAKMP dissector
in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
uses an incorrect data structure to determine IKEv2
decryption parameters, which allows remote attackers to
cause a denial of service (application crash) via a
malformed packet. (CVE-2012-6059)

- Integer overflow in the dissect_iscsi_pdu function in
epan/dissectors/ packet-iscsi.c in the iSCSI dissector
in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
allows remote attackers to cause a denial of service
(infinite loop) via a malformed packet. (CVE-2012-6060)

- The dissect_wtp_common function in
epan/dissectors/packet-wtp.c in the WTP dissector in
Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
uses an incorrect data type for a certain length field,
which allows remote attackers to cause a denial of
service (integer overflow and infinite loop) via a
crafted value in a packet. (CVE-2012-6061)

- The dissect_rtcp_app function in
epan/dissectors/packet-rtcp.c in the RTCP dissector in
Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4
allows remote attackers to cause a denial of service
(infinite loop) via a crafted packet. (CVE-2012-6062)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?c6244415

Solution :

Upgrade to Solaris 11.1.7.5.0.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now