The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ethereal

vulnerability alert CVE-2011-0024

Wireshark: buffer overflow via pcap-ng

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious pcap-ng file with Wireshark, in order to create an overflow, which leads to a denial of service and possibly to code execution.
Impacted products: Ethereal, RHEL, Wireshark.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Creation date: 22/03/2011.
Identifiers: 671331, BID-46945, CVE-2011-0024, RHSA-2011:0370-01, VIGILANCE-VUL-10471.

Description of the vulnerability

The pcap-ng file format stores captured packets.

When Wireshark opens a pcap-ng file, it does not check the size of captured data (packet.cap_len). If this size is larger than the packet size (packet.packet_len) or larger than WTAP_MAX_PACKET_SIZE, a buffer overflow occurs.

An attacker can therefore invite the victim to open a malicious pcap-ng file with Wireshark, in order to create an overflow, which leads to a denial of service and possibly to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-2284 CVE-2010-2287 CVE-2010-2994

Wireshark 1.0: two vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Impacted products: Debian, Ethereal, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/07/2010.
Identifiers: BID-42618, CVE-2010-2284, CVE-2010-2287, CVE-2010-2994, CVE-2010-2995, DSA-2101-1, FEDORA-2010-13416, FEDORA-2010-13427, MDVSA-2010:144, openSUSE-SU-2011:0010-1, openSUSE-SU-2011:0010-2, RHSA-2010:0625-01, SUSE-SR:2011:001, SUSE-SR:2011:002, SUSE-SR:2011:007, VIGILANCE-VUL-9799.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can generate a buffer overflow in SigComp Universal Decompressor Virtual Machine. [severity:2/4; CVE-2010-2287, CVE-2010-2995]

An attacker can generate a buffer overflow in the ASN.1 BER dissector. [severity:2/4; CVE-2010-2284, CVE-2010-2994]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2010-2283 CVE-2010-2284 CVE-2010-2285

Wireshark: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Impacted products: Debian, Ethereal, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 10/06/2010.
Identifiers: 4734, 4826, 4837, BID-40728, CERTA-2002-AVI-268, CERTA-2010-AVI-260, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, DSA-2066-1, FEDORA-2010-13416, FEDORA-2010-13427, MDVSA-2010:113, openSUSE-SU-2011:0010-1, openSUSE-SU-2011:0010-2, RHSA-2010:0625-01, SUSE-SR:2011:001, SUSE-SR:2011:002, SUSE-SR:2011:007, VIGILANCE-VUL-9700.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can force the SMB dissector to dereference a NULL pointer, which stops it. [severity:1/4; 4734, CERTA-2010-AVI-260, CVE-2010-2283]

An attacker can generate a buffer overflow in the ASN.1 BER dissector. [severity:2/4; CVE-2010-2284]

An attacker can force the SMB PIPE dissector to dereference a NULL pointer, which stops it. [severity:1/4; CVE-2010-2285]

An attacker can generate an infinite loop in the SigComp Universal Decompressor Virtual Machine dissector. [severity:1/4; 4826, CVE-2010-2286]

An attacker can generate a buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector. [severity:2/4; 4837, CVE-2010-2287]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2010-1455

Wireshark: denial of service via DOCSIS

Synthesis of the vulnerability

An attacker can send a DOCSIS packet to a network captured by Wireshark, or invite the victim to open a capture containing a DOCSIS packet, in order to stop Wireshark.
Impacted products: Ethereal, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: intranet client.
Creation date: 06/05/2010.
Identifiers: BID-39950, CERTA-2010-AVI-200, CVE-2010-1455, FEDORA-2010-13416, FEDORA-2010-13427, MDVSA-2010:099, openSUSE-SU-2011:0010-1, openSUSE-SU-2011:0010-2, RHSA-2010:0625-01, SUSE-SR:2011:001, SUSE-SR:2011:002, SUSE-SR:2011:007, VIGILANCE-VUL-9630, wnpa-sec-2010-03, wnpa-sec-2010-04.

Description of the vulnerability

The DOCSIS (Data Over Cable Service Interface Specification) protocol is used to transmit data over a cable TV network.

The dissect_bpkmrsp() function of the file plugins/docsis/packet-bpkmrsp.c displays the BPKM response. However, this function uses the format "%s" (string) instead of "%u" (integer). The display of the BPKM response thus stops Wireshark.

An attacker can therefore send a DOCSIS packet to a network captured by Wireshark, or invite the victim to open a capture containing a DOCSIS packet, in order to stop Wireshark.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-3549 CVE-2009-3550 CVE-2009-3551

Wireshark 1.2: denials of service

Synthesis of the vulnerability

Several vulnerabilities of Wireshark 1.2 can be used by a remote attacker to create a denial of service.
Impacted products: Ethereal, Mandriva Linux, NLD, OES, openSUSE, SLES, Wireshark.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/10/2009.
Identifiers: BID-36846, CVE-2009-3549, CVE-2009-3550, CVE-2009-3551, MDVSA-2009:292, SUSE-SR:2009:020, VIGILANCE-VUL-9135.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can generate a denial of service in the Paltalk dissector. [severity:1/4; CVE-2009-3549]

An attacker can generate a denial of service in the DCERPC/NT dissector. [severity:1/4; CVE-2009-3550]

An attacker can generate a denial of service in the SMB dissector. [severity:1/4; CVE-2009-3551]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-2562 CVE-2009-2563 CVE-2009-3241

Wireshark: denials of service

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.
Impacted products: Debian, Ethereal, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 16/09/2009.
Revision date: 06/10/2009.
Identifiers: BID-36408, BID-36591, CERTA-2009-AVI-388, CERTA-2009-AVI-394, CERTA-2010-AVI-035, CVE-2009-2562, CVE-2009-2563, CVE-2009-3241, CVE-2009-3243, CVE-2009-3829, DSA-1942-1, FEDORA-2009-7998, FEDORA-2009-9837, MDVSA-2009:270, MDVSA-2009:292, MDVSA-2009:292-1, RHSA-2010:0360-01, SUSE-SR:2009:016, SUSE-SR:2009:020, SUSE-SR:2010:007, VIGILANCE-VUL-9026, VU#676492, wnpa-sec-2009-05, wnpa-sec-2009-06.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can stop the AFS dissector. [severity:2/4; CERTA-2009-AVI-388, CERTA-2009-AVI-394, CVE-2009-2562, wnpa-sec-2009-05]

An attacker can stop the Infiniband dissector. [severity:2/4; CERTA-2010-AVI-035, CVE-2009-2563, wnpa-sec-2009-05]

An attacker can force the OpcUa dissector to consume an excessive amount of CPU and memory resource. [severity:2/4; BID-36408, CVE-2009-3241, MDVSA-2009:270, wnpa-sec-2009-05, wnpa-sec-2009-06]

An attacker can stop the GSM A RR dissector. [severity:2/4; wnpa-sec-2009-06]

An attacker can stop the TLS dissector. [severity:2/4; CVE-2009-3243, wnpa-sec-2009-06]

An attacker can invite the victim to open a malicious ERF file, in order to generate an integer overflow. [severity:2/4; BID-36591, CVE-2009-3829, VU#676492]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-2559 CVE-2009-2560 CVE-2009-2561

Wireshark: denials of service

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service, or to execute code.
Impacted products: Debian, Ethereal, Fedora, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 21/07/2009.
Identifiers: BID-35748, CERTA-2009-AVI-286, CERTA-2009-AVI-388, CERTA-2009-AVI-394, CERTA-2009-AVI-463, CERTA-2010-AVI-035, CVE-2009-2559, CVE-2009-2560, CVE-2009-2561, CVE-2009-2562, CVE-2009-2563, DSA-1942-1, FEDORA-2009-7998, FEDORA-2009-9837, RHSA-2010:0360-01, SUSE-SR:2009:014, SUSE-SR:2009:020, SUSE-SR:2010:007, VIGILANCE-VUL-8875, wnpa-sec-2009-04.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can generate a buffer overflow in the IPMI dissector, which leads to code execution. [severity:2/4; CERTA-2009-AVI-286, CVE-2009-2559]

An attacker can generate a denial of service in the AFS dissector. [severity:1/4; CERTA-2009-AVI-388, CERTA-2009-AVI-394, CVE-2009-2562]

An attacker can generate a denial of service in the Infiniband dissector. [severity:1/4; CERTA-2010-AVI-035, CVE-2009-2563]

An attacker can generate a denial of service in the Bluetooth L2CAP dissector. [severity:1/4; CERTA-2009-AVI-463, CVE-2009-2560]

An attacker can generate a denial of service in the RADIUS dissector. [severity:1/4; CERTA-2009-AVI-463, CVE-2009-2560]

An attacker can generate a denial of service in the MIOP dissector. [severity:1/4; CERTA-2009-AVI-463, CVE-2009-2560]

An attacker can generate an infinite loop in the sFlow dissector. [severity:1/4; CVE-2009-2561]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-1829

Wireshark: denial of service via PCNFSD

Synthesis of the vulnerability

An attacker can send a malicious PCNFSD packet in order to stop Wireshark.
Impacted products: Ethereal, Fedora, Mandriva Linux, RHEL, Wireshark.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 22/05/2009.
Identifiers: BID-35081, CVE-2009-1829, FEDORA-2009-5339, FEDORA-2009-5382, MDVSA-2009:125, RHSA-2009:1100-01, VIGILANCE-VUL-8730, wnpa-sec-2009-03.

Description of the vulnerability

The Wireshark program captures and displays network packets.

The PCNFSD protocol is used to share files and printers. It is based on the ONC/RPC protocol (Open Network Computing Remote Procedure Call, RFC 1832).

The dissect_rpc_opaque_data() function of packet-rpc.c uses the "<EMPTY>" static string to indicate that a field is empty.

The login and the password contained in a PCNFSD packet are encoded with an XOR. The pcnfsd_decode_obscure() function decodes them by modifying the character array.

However, if the login or the password is empty, the pcnfsd_decode_obscure() function tries to alter the static "<EMPTY>" string (which is "read only"), which generates an error.

An attacker can therefore send a PCNFSD packet with an empty login/password in order to stop Wireshark.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-1267 CVE-2009-1268 CVE-2009-1269

Wireshark: denials of service

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.
Impacted products: Debian, Ethereal, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/04/2009.
Identifiers: BID-34457, CVE-2009-1267, CVE-2009-1268, CVE-2009-1269, DSA-1785-1, DSA-1942-1, FEDORA-2009-3599, MDVSA-2009:088, RHSA-2009:1100-01, SUSE-SR:2009:011, VIGILANCE-VUL-8616, wnpa-sec-2009-02.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They have several vulnerabilities.

An attacker can use a LDAP packet in order to stop Wireshark under Windows. [severity:1/4; CVE-2009-1267]

An attacker can use a CPHAP (Check Point High-Availability Protocol) packet in order to stop Wireshark. [severity:1/4; CVE-2009-1268]

An attacker can create a malicious Tektronix .rf5 file in order to stop Wireshark. [severity:1/4; CVE-2009-1269]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-1210

Wireshark: denial of service via PN-DCP

Synthesis of the vulnerability

An attacker can send malicious PN-DCP data in order to create a denial of service or to execute code on Wireshark.
Impacted products: Debian, Ethereal, Fedora, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 31/03/2009.
Identifiers: BID-34291, CERTA-2009-AVI-139, CVE-2009-1210, DSA-1785-1, FEDORA-2009-3599, RHSA-2009:1100-01, SUSE-SR:2009:011, VIGILANCE-VUL-8577, wnpa-sec-2009-02.

Description of the vulnerability

The Wireshark program captures and displays network packets.

The PROFINET protocol is used in industrial networks (over Ethernet or tunnelled inside DCE/RPC). The PN-DCP (PROFINET Discovery and basic Configuration Protocol) protocol is supported by Wireshark.

The PN-DCP protocol uses several fields:
 - Device ID : identifier of the device
 - Device Role : type of device
 - Manufacturer
 - Name Of Station

However, if the Name Of Station contains format characters, a format string attack occurs in the Wireshark dissector.

An attacker can therefore send malicious PN-DCP data in order to create a denial of service or to execute code on Wireshark.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.