Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark1)

Low Nessus Plugin ID 80803

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. (CVE-2012-2392)

- epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
(CVE-2012-2393)

- Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. (CVE-2012-2394)

- The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. (CVE-2012-4048)

- epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. (CVE-2012-4049)

Solution

Upgrade to Solaris 11/11 SRU 11.4.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?6ccbc2d4

http://www.nessus.org/u?6ccbc2d4

Plugin Details

Severity: Low

ID: 80803

File Name: solaris11_wireshark_20120918.nasl

Version: 1.2

Type: local

Published: 2015/01/19

Updated: 2018/11/15

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.0, p-cpe:/a:oracle:solaris:wireshark

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 2012/09/18

Reference Information

CVE: CVE-2012-2392, CVE-2012-2393, CVE-2012-2394, CVE-2012-4048, CVE-2012-4049