FreeBSD : wireshark -- multiple vulnerabilities (a13500d0-0570-11e5-aab1-d050996490d0)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Wireshark development team reports :

The following vulnerabilities have been fixed.

- wnpa-sec-2015-12

The LBMR dissector could go into an infinite loop. (Bug 11036)
CVE-2015-3808, CVE-2015-3809

- wnpa-sec-2015-13

The WebSocket dissector could recurse excessively. (Bug 10989)
CVE-2015-3810

- wnpa-sec-2015-14

The WCP dissector could crash while decompressing data. (Bug 10978)
CVE-2015-3811

- wnpa-sec-2015-15

The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812

- wnpa-sec-2015-16

The packet reassembly code could leak memory. (Bug 11129)
CVE-2015-3813

- wnpa-sec-2015-17

The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110)
CVE-2015-3814

- wnpa-sec-2015-18

The Android Logcat file parser could crash. Discovered by Hanno Bock.
(Bug 11188) CVE-2015-3815

See also :

https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html
https://www.wireshark.org/security/wnpa-sec-2015-12.html
https://www.wireshark.org/security/wnpa-sec-2015-13.html
https://www.wireshark.org/security/wnpa-sec-2015-14.html
https://www.wireshark.org/security/wnpa-sec-2015-15.html
https://www.wireshark.org/security/wnpa-sec-2015-16.html
https://www.wireshark.org/security/wnpa-sec-2015-17.html
https://www.wireshark.org/security/wnpa-sec-2015-18.html
http://www.nessus.org/u?3fef69df

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83902 ()

Bugtraq ID:

CVE ID: CVE-2015-3808
CVE-2015-3809
CVE-2015-3810
CVE-2015-3811
CVE-2015-3812
CVE-2015-3813
CVE-2015-3814
CVE-2015-3815

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now