Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark6)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The P1 dissector in Wireshark 1.10.x before 1.10.1 does
not properly initialize a global variable, which allows
remote attackers to cause a denial of service
(application crash) via a crafted packet.
(CVE-2013-4920)

- Off-by-one error in the dissect_radiotap function in
epan/dissectors/ packet-ieee80211-radiotap.c in the
Radiotap dissector in Wireshark 1.10.x before 1.10.1
allows remote attackers to cause a denial of service
(application crash) via a crafted packet.
(CVE-2013-4921)

- Double free vulnerability in the
dissect_dcom_ActivationProperties function in
epan/dissectors/packet-dcom-sysact.c in the DCOM
ISystemActivator dissector in Wireshark 1.10.x before
1.10.1 allows remote attackers to cause a denial of
service (application crash) via a crafted packet.
(CVE-2013-4922)

- Memory leak in the dissect_dcom_ActivationProperties
function in epan/ dissectors/packet-dcom-sysact.c in the
DCOM ISystemActivator dissector in Wireshark 1.10.x
before 1.10.1 allows remote attackers to cause a denial
of service (memory consumption) via crafted packets.
(CVE-2013-4923)

- epan/dissectors/packet-dcom-sysact.c in the DCOM
ISystemActivator dissector in Wireshark 1.10.x before
1.10.1 does not properly validate certain index values,
which allows remote attackers to cause a denial of
service (assertion failure and application exit) via a
crafted packet. (CVE-2013-4924)

- Integer signedness error in
epan/dissectors/packet-dcom-sysact.c in the DCOM
ISystemActivator dissector in Wireshark 1.10.x before
1.10.1 allows remote attackers to cause a denial of
service (assertion failure and daemon exit) via a
crafted packet. (CVE-2013-4925)

- epan/dissectors/packet-dcom-sysact.c in the DCOM
ISystemActivator dissector in Wireshark 1.10.x before
1.10.1 does not properly determine whether there is
remaining packet data to process, which allows remote
attackers to cause a denial of service (application
crash) via a crafted packet. (CVE-2013-4926)

- Integer signedness error in the get_type_length function
in epan/dissectors/ packet-btsdp.c in the Bluetooth SDP
dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x
before 1.10.1 allows remote attackers to cause a denial
of service (loop and CPU consumption) via a crafted
packet. (CVE-2013-4927)

- Integer signedness error in the dissect_headers function
in epan/dissectors/ packet-btobex.c in the Bluetooth
OBEX dissector in Wireshark 1.10.x before 1.10.1 allows
remote attackers to cause a denial of service (infinite
loop) via a crafted packet. (CVE-2013-4928)

- The parseFields function in
epan/dissectors/packet-dis-pdus.c in the DIS dissector
in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1
does not terminate packet-data processing after finding
zero remaining bytes, which allows remote attackers to
cause a denial of service (loop) via a crafted packet.
(CVE-2013-4929)

- The dissect_dvbci_tpdu_hdr function in
epan/dissectors/packet-dvbci.c in the DVB-CI dissector
in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1
does not validate a certain length value before
decrementing it, which allows remote attackers to cause
a denial of service (assertion failure and application
exit) via a crafted packet. (CVE-2013-4930)

- epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x
before 1.10.1 allows remote attackers to cause a denial
of service (loop) via a crafted packet that is not
properly handled by the GSM RR dissector.
(CVE-2013-4931)

- Multiple array index errors in
epan/dissectors/packet-gsm_a_common.c in the GSM A
Common dissector in Wireshark 1.8.x before 1.8.9 and
1.10.x before 1.10.1 allow remote attackers to cause a
denial of service (application crash) via a crafted
packet. (CVE-2013-4932)

- The netmon_open function in wiretap/netmon.c in the
Netmon file parser in Wireshark 1.8.x before 1.8.9 and
1.10.x before 1.10.1 does not properly allocate memory,
which allows remote attackers to cause a denial of
service (application crash) via a crafted packet-trace
file. (CVE-2013-4933)

- The netmon_open function in wiretap/netmon.c in the
Netmon file parser in Wireshark 1.8.x before 1.8.9 and
1.10.x before 1.10.1 does not initialize certain
structure members, which allows remote attackers to
cause a denial of service (application crash) via a
crafted packet-trace file. (CVE-2013-4934)

- The dissect_per_length_determinant function in
epan/dissectors/packet-per.c in the ASN.1 PER dissector
in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1
does not initialize a length field in certain abnormal
situations, which allows remote attackers to cause a
denial of service (application crash) via a crafted
packet. (CVE-2013-4935)

- The IsDFP_Frame function in
plugins/profinet/packet-pn-rt.c in the PROFINET
Real-Time dissector in Wireshark 1.10.x before 1.10.1
does not validate MAC addresses, which allows remote
attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted packet.
(CVE-2013-4936)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?b5a8556d

Solution :

Upgrade to Solaris 11.1.11.4.0.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now