FreeBSD : wireshark -- multiple security issues (4684a426-774d-4390-aa19-b8dd481c4c94)

high Nessus Plugin ID 104265

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

wireshark developers reports :

In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.

In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

Solution

Update the affected packages.

See Also

https://www.securityfocus.com/bid/101227

https://www.securityfocus.com/bid/101228

https://www.securityfocus.com/bid/101229

https://www.securityfocus.com/bid/101235

https://www.securityfocus.com/bid/101240

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080

https://code.wireshark.org/review/#/c/23470/

https://code.wireshark.org/review/#/c/23537/

https://code.wireshark.org/review/#/c/23591/

https://code.wireshark.org/review/#/c/23635/

https://code.wireshark.org/review/#/c/23663/

http://www.nessus.org/u?ab47b25f

http://www.nessus.org/u?9f7612e1

http://www.nessus.org/u?bc000309

http://www.nessus.org/u?6740cc16

http://www.nessus.org/u?64a8a1a0

https://www.wireshark.org/security/wnpa-sec-2017-42.html

https://www.wireshark.org/security/wnpa-sec-2017-43.html

https://www.wireshark.org/security/wnpa-sec-2017-44.html

https://www.wireshark.org/security/wnpa-sec-2017-45.html

https://www.wireshark.org/security/wnpa-sec-2017-46.html

http://www.nessus.org/u?e77837ed

Plugin Details

Severity: High

ID: 104265

File Name: freebsd_pkg_4684a426774d4390aa19b8dd481c4c94.nasl

Version: 3.8

Type: local

Published: 10/31/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:wireshark, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/30/2017

Vulnerability Publication Date: 10/10/2017

Reference Information

CVE: CVE-2017-15189, CVE-2017-15190, CVE-2017-15191, CVE-2017-15192, CVE-2017-15193