FreeBSD : wireshark -- multiple vulnerabilities (a13500d0-0570-11e5-aab1-d050996490d0)

high Nessus Plugin ID 83902

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Wireshark development team reports :

The following vulnerabilities have been fixed.

- wnpa-sec-2015-12

The LBMR dissector could go into an infinite loop. (Bug 11036) CVE-2015-3808, CVE-2015-3809

- wnpa-sec-2015-13

The WebSocket dissector could recurse excessively. (Bug 10989) CVE-2015-3810

- wnpa-sec-2015-14

The WCP dissector could crash while decompressing data. (Bug 10978) CVE-2015-3811

- wnpa-sec-2015-15

The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812

- wnpa-sec-2015-16

The packet reassembly code could leak memory. (Bug 11129) CVE-2015-3813

- wnpa-sec-2015-17

The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110) CVE-2015-3814

- wnpa-sec-2015-18

The Android Logcat file parser could crash. Discovered by Hanno Bock.
(Bug 11188) CVE-2015-3815

Solution

Update the affected packages.

See Also

https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html

https://www.wireshark.org/security/wnpa-sec-2015-12.html

https://www.wireshark.org/security/wnpa-sec-2015-13.html

https://www.wireshark.org/security/wnpa-sec-2015-14.html

https://www.wireshark.org/security/wnpa-sec-2015-15.html

https://www.wireshark.org/security/wnpa-sec-2015-16.html

https://www.wireshark.org/security/wnpa-sec-2015-17.html

https://www.wireshark.org/security/wnpa-sec-2015-18.html

http://www.nessus.org/u?6c18f432

Plugin Details

Severity: High

ID: 83902

File Name: freebsd_pkg_a13500d0057011e5aab1d050996490d0.nasl

Version: 2.8

Type: local

Published: 5/29/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:tshark, p-cpe:/a:freebsd:freebsd:tshark-lite, p-cpe:/a:freebsd:freebsd:wireshark, p-cpe:/a:freebsd:freebsd:wireshark-lite, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/28/2015

Vulnerability Publication Date: 5/12/2015

Reference Information

CVE: CVE-2015-3808, CVE-2015-3809, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2015-3814, CVE-2015-3815