Wireshark 2.0.x < 2.0.12 / 2.2.x < 2.2.6 Multiple DoS

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple denial of service vulnerabilities.

Description :

The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.12 or 2.2.x prior to 2.2.6. It is, therefore, affected by
multiple denial of service vulnerabilities :

- An infinite loop condition condition exists in the
NetScaler file parser within file wiretap/netscaler.c
when handling specially crafted capture files. An
unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. (CVE-2017-7700)

- An infinite loop condition condition exists in the BGP
dissector within file epan/dissectors/packet-bgp.c when
handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. (CVE-2017-7701)

- An infinite loop condition condition exists in the WBXML
dissector within file epan/dissectors/packet-wbxml.c
when handling specially crafted packets or trace files.
An unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. (CVE-2017-7702)

- An denial of service vulnerability exists in the IMAP
dissector within file epan/dissectors/packet-imap.c when
handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
crash the program. (CVE-2017-7703)

- An infinite loop condition condition exists in the DOF
dissector within file epan/dissectors/packet-dof.c when
handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. Note that this issue
only applies to the 2.2.x version. (CVE-2017-7704)

- An infinite loop condition condition exists in the RPC
over RDMA dissector within file
epan/dissectors/packet-rpcrdma.c when handling specially
crafted packets or trace files. An unauthenticated,
remote attacker can exploit this to cause excessive
consumption of CPU resources, resulting in a denial of
service condition. (CVE-2017-7705)

- An infinite loop condition condition exists in the
SIGCOMP dissector within file
epan/dissectors/packet-sigcomp.c when handling specially
crafted packets or trace files. An unauthenticated,
remote attacker can exploit this to cause excessive
consumption of CPU resources, resulting in a denial of
service condition. (CVE-2017-7745)

- An infinite loop condition condition exists in the
SLSK dissector in the dissect_slsk_pdu() function within
file epan/dissectors/packet-slsk.c, when handling
specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. (CVE-2017-7746)

- An out-of-bounds read error exists in the PacketBB
dissector in the dissect_pbb_addressblock() function
within file epan/dissectors/packet-packetbb.c when
handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
crash the program. (CVE-2017-7747)

- An infinite loop condition condition exists in the WSP
dissector within file epan/dissectors/packet-wsp.c when
handling specially crafted packets or trace files. An
unauthenticated, remote attacker can exploit this to
cause excessive consumption of CPU resources, resulting
in a denial of service condition. (CVE-2017-7748)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
https://www.wireshark.org/security/wnpa-sec-2017-12.html
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-14.html
https://www.wireshark.org/security/wnpa-sec-2017-15.html
https://www.wireshark.org/security/wnpa-sec-2017-16.html
https://www.wireshark.org/security/wnpa-sec-2017-17.html
https://www.wireshark.org/security/wnpa-sec-2017-18.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html
https://www.wireshark.org/security/wnpa-sec-2017-20.html
https://www.wireshark.org/security/wnpa-sec-2017-21.html

Solution :

Upgrade to Wireshark version 2.0.12 / 2.2.6 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now