Wireshark 2.0.x < 2.0.8 / 2.2.x < 2.2.2 Multiple DoS

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple denial of service vulnerabilities.

Description :

The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.8 or 2.2.x prior to 2.2.2. It is, therefore, affected by
multiple denial of service vulnerabilities :

- A flaw exists in the dissect_PNIO_C_SDU_RTC1() function
in packet-pn-rtc-one.c that causes excessive looping. An
unauthenticated, remote attacker can exploit this, via
specially crafted network traffic or a specially crafted
capture file, to exhaust available resources. Note that
this vulnerability only affects 2.2.x versions.
(CVE-2016-9372)

- A use-after-free error exists in the DCEPRC dissector
due to improper handling of IA5 SMS decoding. An
unauthenticated, remote attacker can exploit this, via
specially crafted network traffic or a specially crafted
capture file, to cause the application to crash.
(CVE-2016-9373)

- A buffer over-read flaw exists in the AllJoyn dissector
due to improper handling of signature lengths. An
unauthenticated, remote attacker can exploit this, via
specially crafted network traffic or a specially crafted
capture file, to cause the application to crash.
(CVE-2016-9374)

- A flaw exists in the DTN dissector in the
display_metadata_block() function due to improper SDNV
evaluation. An unauthenticated, remote attacker can
exploit this, via specially crafted network traffic or a
specially crafted capture file, to cause an infinite
loop. (CVE-2016-9375)

- Multiple flaws exist in the OpenFlow dissector in
packet-openflow_v5.c due to improper handling of too
short data lengths. An unauthenticated, remote attacker
can exploit this, via specially crafted network traffic
or a specially crafted capture file, to cause the
application to crash. (CVE-2016-9376)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.wireshark.org/security/wnpa-sec-2016-58.html
https://www.wireshark.org/security/wnpa-sec-2016-59.html
https://www.wireshark.org/security/wnpa-sec-2016-60.html
https://www.wireshark.org/security/wnpa-sec-2016-61.html
https://www.wireshark.org/security/wnpa-sec-2016-62.html

Solution :

Upgrade to Wireshark version 2.0.8 / 2.2.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 95435 ()

Bugtraq ID: 94368
94369

CVE ID: CVE-2016-9372
CVE-2016-9373
CVE-2016-9374
CVE-2016-9375
CVE-2016-9376

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now