Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The dissect_diagnosticrequest function in
epan/dissectors/packet-reload.c in the REsource LOcation
And Discovery (aka RELOAD) dissector in Wireshark 1.8.x
before 1.8.6 uses an incorrect integer data type, which
allows remote attackers to cause a denial of service
(infinite loop) via crafted integer values in a packet.
(CVE-2013-2486)

- epan/dissectors/packet-reload.c in the REsource LOcation
And Discovery (aka RELOAD) dissector in Wireshark 1.8.x
before 1.8.6 uses incorrect integer data types, which
allows remote attackers to cause a denial of service
(infinite loop) via crafted integer values in a packet,
related to the (1) dissect_icecandidates, (2)
dissect_kinddata, (3) dissect_nodeid_list, (4)
dissect_storeans, (5) dissect_storereq, (6)
dissect_storeddataspecifier, (7) dissect_fetchreq, (8)
dissect_findans, (9) dissect_diagnosticinfo, (10)
dissect_diagnosticresponse, (11)
dissect_reload_messagecontents, and (12)
dissect_reload_message functions, a different
vulnerability than CVE-2013-2486. (CVE-2013-2487)

- epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in
Wireshark 1.8.x before 1.8.7 calls incorrect functions
in certain contexts related to ciphers, which allows
remote attackers to cause a denial of service
(application crash) via a malformed packet.
(CVE-2013-3555)

- The fragment_add_seq_common function in
epan/reassemble.c in the ASN.1 BER dissector in
Wireshark before r48943 has an incorrect pointer
dereference during a comparison, which allows remote
attackers to cause a denial of service (application
crash) via a malformed packet. (CVE-2013-3556)

- The dissect_ber_choice function in
epan/dissectors/packet-ber.c in the ASN.1 BER dissector
in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7
does not properly initialize a certain variable, which
allows remote attackers to cause a denial of service
(application crash) via a malformed packet.
(CVE-2013-3557)

- The dissect_ccp_bsdcomp_opt function in
epan/dissectors/packet-ppp.c in the PPP CCP dissector in
Wireshark 1.8.x before 1.8.7 does not terminate a
bit-field list, which allows remote attackers to cause a
denial of service (application crash) via a malformed
packet. (CVE-2013-3558)

- epan/dissectors/packet-dcp-etsi.c in the DCP ETSI
dissector in Wireshark 1.8.x before 1.8.7 uses incorrect
integer data types, which allows remote attackers to
cause a denial of service (integer overflow, and heap
memory corruption or NULL pointer dereference, and
application crash) via a malformed packet.
(CVE-2013-3559)

- The dissect_dsmcc_un_download function in
epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC
dissector in Wireshark 1.8.x before 1.8.7 uses an
incorrect format string, which allows remote attackers
to cause a denial of service (application crash) via a
malformed packet. (CVE-2013-3560)

- Multiple integer overflows in Wireshark 1.8.x before
1.8.7 allow remote attackers to cause a denial of
service (loop or application crash) via a malformed
packet, related to a crash of the Websocket dissector,
an infinite loop in the MySQL dissector, and a large
loop in the ETCH dissector. (CVE-2013-3561)

- Multiple integer signedness errors in the tvb_unmasked
function in epan/ dissectors/packet-websocket.c in the
Websocket dissector in Wireshark 1.8.x before 1.8.7
allow remote attackers to cause a denial of service
(application crash) via a malformed packet.
(CVE-2013-3562)

- The dissect_pft function in
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI
dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before
1.8.8, and 1.10.0 does not validate a certain fragment
length value, which allows remote attackers to cause a
denial of service (application crash) via a crafted
packet. (CVE-2013-4083)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?2145bb15

Solution :

Upgrade to Solaris 11.1.10.5.0.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now