Wireshark 1.0.0 Multiple Vulnerabilities
BID:30020
Info
Wireshark 1.0.0 Multiple Vulnerabilities
| Bugtraq ID: | 30020 |
| Class: | Unknown |
| CVE: |
CVE-2008-3140 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3139 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 30 2008 12:00AM |
| Updated: | Apr 13 2015 09:12PM |
| Credit: | Wireshark, Noam Rathus, Luke Kenneth Casson Leighton, Abhik Sarkar |
| Vulnerable: |
Wireshark Wireshark 1.0 Wireshark Wireshark 0.99.8 Wireshark Wireshark 0.99.7 Wireshark Wireshark 0.99.6 Wireshark Wireshark 0.99.5 Wireshark Wireshark 0.99.4 Wireshark Wireshark 0.99.3 Wireshark Wireshark 0.99.2 Wireshark Wireshark 0.9.5 SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SP2 SuSE SUSE Linux Enterprise SDK 10 SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE Linux Enterprise Server RT Solution 10 0 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Communication Manager 4.0.3 SP1 Avaya Communication Manager 3.1.4 SP2 Avaya Communication Manager 2.0.1 Avaya Communication Manager 2.0 Avaya Communication Manager 1.3.1 Avaya Communication Manager 1.1 Avaya Communication Manager 5.1 Avaya Communication Manager 5.0 SP3 Avaya Communication Manager 5.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya Communication Manager 2.2 Avaya Communication Manager 2.1 Avaya Aura SIP Enablement Services 5.0 |
| Not Vulnerable: |
Wireshark Wireshark 1.0.2 Wireshark Wireshark 1.0.1 |
Discussion
Wireshark 1.0.0 Multiple Vulnerabilities
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.
Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.9.5 up to and including 1.0.0.
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.
Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.9.5 up to and including 1.0.0.
Exploit / POC
Wireshark 1.0.0 Multiple Vulnerabilities
The following proof-of-concept capture files are available:
Please note that Symantec has not verified these files.
The following proof-of-concept capture files are available:
Please note that Symantec has not verified these files.
Solution / Fix
Wireshark 1.0.0 Multiple Vulnerabilities
Solution:
The vendor has released an update. Please see the references for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
Debian Linux 4.0 arm
Debian Linux 4.0 powerpc
Wireshark Wireshark 0.99.3
Wireshark Wireshark 0.99.5
Wireshark Wireshark 0.99.6
Wireshark Wireshark 0.99.7
Wireshark Wireshark 0.99.8
Wireshark Wireshark 1.0
Solution:
The vendor has released an update. Please see the references for more information.
Debian Linux 4.0 amd64
-
Debian ethereal-common_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_amd64.deb -
Debian ethereal-dev_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_amd64.deb -
Debian ethereal_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_amd64.deb -
Debian tethereal_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_amd64.deb -
Debian tshark_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_amd64.deb -
Debian wireshark-common_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_amd64.deb -
Debian wireshark-dev_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_amd64.deb -
Debian wireshark_0.99.4-5.etch.3_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_amd64.deb
Debian Linux 4.0 ia-32
-
Debian ethereal-common_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_i386.deb -
Debian ethereal-dev_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_i386.deb -
Debian ethereal_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_i386.deb -
Debian tethereal_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_i386.deb -
Debian tshark_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_i386.deb -
Debian wireshark-common_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_i386.deb -
Debian wireshark-dev_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_i386.deb -
Debian wireshark_0.99.4-5.etch.3_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_i386.deb
Debian Linux 4.0 hppa
-
Debian ethereal-common_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_hppa.deb -
Debian ethereal-dev_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_hppa.deb -
Debian ethereal_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_hppa.deb -
Debian tethereal_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_hppa.deb -
Debian tshark_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_hppa.deb -
Debian wireshark-common_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_hppa.deb -
Debian wireshark-dev_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_hppa.deb -
Debian wireshark_0.99.4-5.etch.3_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_hppa.deb
Debian Linux 4.0 mipsel
-
Debian ethereal-common_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_mipsel.deb -
Debian ethereal-dev_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_mipsel.deb -
Debian ethereal_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_mipsel.deb -
Debian tethereal_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_mipsel.deb -
Debian tshark_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_mipsel.deb -
Debian wireshark-common_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_mipsel.deb -
Debian wireshark-dev_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_mipsel.deb -
Debian wireshark_0.99.4-5.etch.3_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_mipsel.deb
Debian Linux 4.0 ia-64
-
Debian ethereal-common_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_ia64.deb -
Debian ethereal-dev_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_ia64.deb -
Debian ethereal_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_ia64.deb -
Debian tethereal_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_ia64.deb -
Debian tshark_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_ia64.deb -
Debian wireshark-common_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_ia64.deb -
Debian wireshark-dev_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_ia64.deb -
Debian wireshark_0.99.4-5.etch.3_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_ia64.deb
Debian Linux 4.0 mips
-
Debian ethereal-common_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_mips.deb -
Debian ethereal-dev_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_mips.deb -
Debian ethereal_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_mips.deb -
Debian tethereal_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_mips.deb -
Debian tshark_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_mips.deb -
Debian wireshark-common_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_mips.deb -
Debian wireshark-dev_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_mips.deb -
Debian wireshark_0.99.4-5.etch.3_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_mips.deb
Debian Linux 4.0 arm
-
Debian ethereal-common_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_arm.deb -
Debian ethereal-dev_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_arm.deb -
Debian ethereal_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_arm.deb -
Debian tethereal_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_arm.deb -
Debian tshark_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_arm.deb -
Debian wireshark-common_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_arm.deb -
Debian wireshark-dev_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_arm.deb -
Debian wireshark_0.99.4-5.etch.3_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_arm.deb
Debian Linux 4.0 powerpc
-
Debian ethereal-common_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-comm on_0.99.4-5.etch.3_powerpc.deb -
Debian ethereal-dev_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_ 0.99.4-5.etch.3_powerpc.deb -
Debian ethereal_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99 .4-5.etch.3_powerpc.deb -
Debian tethereal_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.9 9.4-5.etch.3_powerpc.deb -
Debian tshark_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4 -5.etch.3_powerpc.deb -
Debian wireshark-common_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-com mon_0.99.4-5.etch.3_powerpc.deb -
Debian wireshark-dev_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev _0.99.4-5.etch.3_powerpc.deb -
Debian wireshark_0.99.4-5.etch.3_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.9 9.4-5.etch.3_powerpc.deb
Wireshark Wireshark 0.99.3
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
Wireshark Wireshark 0.99.5
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
Wireshark Wireshark 0.99.6
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
Wireshark Wireshark 0.99.7
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
Wireshark Wireshark 0.99.8
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
Wireshark Wireshark 1.0
-
Wireshark wireshark-1.0.1.tar.gz
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
References
Wireshark 1.0.0 Multiple Vulnerabilities
References:
References:
- Wireshark Homepage (Wireshark)
- rPSA-2008-0212-1 tshark wireshark (rPath Update Announcements
) - ASA-2008-392 - wireshark security update (RHSA-2008-0890) (Avaya)
- RHSA-2008:0890-2 wireshark security update (Red Hat)
- wnpa-sec-2008-03: Multiple problems in Wireshark® versions 0.9.5 to 1.0.0 (Wireshark)