FreeBSD : wireshark -- multiple vulnerabilities (8a835235-ae84-11dc-a5f9-001a4d49522b)

critical Nessus Plugin ID 29772

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Wireshark team reports of multiple vulnerabilities :

- Wireshark could crash when reading an MP3 file.

- Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.

- Stefan Esser discovered a buffer overflow in the SSL dissector.

- The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.

- The Firebird/Interbase dissector could go into an infinite loop or crash.

- The NCP dissector could cause a crash.

- The HTTP dissector could crash on some systems while decoding chunked messages.

- The MEGACO dissector could enter a large loop and consume system resources.

- The DCP ETSI dissector could enter a large loop and consume system resources.

- Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.

- The PPP dissector could overflow a buffer.

- The Bluetooth SDP dissector could go into an infinite loop.

- A malformed RPC Portmap packet could cause a crash.

- The IPv6 dissector could loop excessively.

- The USB dissector could loop excessively or crash.

- The SMB dissector could crash.

- The RPL dissector could go into an infinite loop.

- The WiMAX dissector could crash due to unaligned access on some platforms.

- The CIP dissector could attempt to allocate a huge amount of memory and crash. Impact It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Solution

Update the affected packages.

See Also

https://www.wireshark.org/security/wnpa-sec-2007-03.html

http://www.nessus.org/u?2f7fcebf

Plugin Details

Severity: Critical

ID: 29772

File Name: freebsd_pkg_8a835235ae8411dca5f9001a4d49522b.nasl

Version: 1.16

Type: local

Published: 12/24/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ethereal, p-cpe:/a:freebsd:freebsd:ethereal-lite, p-cpe:/a:freebsd:freebsd:tethereal, p-cpe:/a:freebsd:freebsd:tethereal-lite, p-cpe:/a:freebsd:freebsd:wireshark, p-cpe:/a:freebsd:freebsd:wireshark-lite, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/19/2007

Vulnerability Publication Date: 12/19/2007

Reference Information

CVE: CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451

CWE: 119, 189, 20, 264, 399