GLSA-200906-05 : Wireshark: Multiple vulnerabilities

critical Nessus Plugin ID 39580


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200906-05 (Wireshark: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Wireshark:
David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681).
A malformed Tamos CommView capture file (aka .ncf file) with an 'unknown/unexpected packet type' triggers a failed assertion in wtap.c (CVE-2008-4682).
An unchecked packet length parameter in the dissect_btacl() function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683).
A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684).
Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931 dissector via certain packets that trigger an exception (CVE-2008-4685).
The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285).
The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472).
babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599).
A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600).
A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601).
THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210).
An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266).
Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP) (CVE-2009-1268).
Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269).
The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829).
Impact :

A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark.
Workaround :

There is no known workaround at this time.


All Wireshark users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.0.8'

See Also

Plugin Details

Severity: Critical

ID: 39580

File Name: gentoo_GLSA-200906-05.nasl

Version: 1.15

Type: local

Published: 7/1/2009

Updated: 1/6/2021

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:wireshark, cpe:/o:gentoo:linux

Required KB Items: Host/Gentoo/release, Host/local_checks_enabled, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/30/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600, CVE-2009-0601, CVE-2009-1210, CVE-2009-1266, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829

BID: 31838, 32422, 34291, 34457, 35081

CWE: 134, 399, 20, 119

GLSA: 200906-05