Mandriva Linux Security Advisory : wireshark (MDVSA-2011:044)

Medium Nessus Plugin ID 52593

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

This advisory updates wireshark to the latest version (1.2.15), fixing several security issues :

Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file (CVE-2011-0538).

Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file (CVE-2011-0713).

wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field (CVE-2011-1139).

Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet (CVE-2011-1140).

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements (CVE-2011-1141).

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values (CVE-2011-1142).

epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file (CVE-2011-1143).

The updated packages have been upgraded to the latest 1.2.x version (1.2.15) and patched to correct these issues.

Solution

Update the affected packages.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html

Plugin Details

Severity: Medium

ID: 52593

File Name: mandriva_MDVSA-2011-044.nasl

Version: 1.12

Type: local

Published: 2011/03/09

Updated: 2018/11/15

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:dumpcap, p-cpe:/a:mandriva:linux:lib64wireshark-devel, p-cpe:/a:mandriva:linux:lib64wireshark0, p-cpe:/a:mandriva:linux:libwireshark-devel, p-cpe:/a:mandriva:linux:libwireshark0, p-cpe:/a:mandriva:linux:rawshark, p-cpe:/a:mandriva:linux:tshark, p-cpe:/a:mandriva:linux:wireshark, p-cpe:/a:mandriva:linux:wireshark-tools, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/08

Reference Information

CVE: CVE-2011-0538, CVE-2011-0713, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1142, CVE-2011-1143

BID: 46167, 46416, 46626

MDVSA: 2011:044