Kaspersky Threats

Detect date

?

08/06/2016

Severity

?

Warning

Description

Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file.

Technical details

WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets;

Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type;

NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing;

CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer;

Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing;

USB subsystem mishandles class types;

UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value;

IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY;

SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets;

WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth;

MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type;

NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure;

CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options;

These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;

Affected products

Wireshark 1.12 versions earlier than 1.12.13
Wireshark 2 versions earlier than 2.0.5

Solution

Update to the latest version
Wireshark download page

Original advisories

Wireshark security advisories

Impacts

?

DoS

[?]

Related products

Wireshark

CVE-IDS

?

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/40195

https://www.exploit-db.com/exploits/40197

https://www.exploit-db.com/exploits/40194

https://www.exploit-db.com/exploits/40196

Detect date ?	08/06/2016
Severity ?	Warning
Description	Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file. Technical details WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets; Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type; NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing; CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer; Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing; USB subsystem mishandles class types; UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value; IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY; SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets; WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth; MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type; NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure; CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options; These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;
Affected products	Wireshark 1.12 versions earlier than 1.12.13 Wireshark 2 versions earlier than 2.0.5
Solution	Update to the latest version Wireshark download page
Original advisories	Wireshark security advisories
Impacts ?	DoS [?]
Related products	Wireshark
CVE-IDS ?	CVE-2016-53594.3Warning CVE-2016-53584.3Warning CVE-2016-53574.3Warning CVE-2016-53564.3Warning CVE-2016-53554.3Warning CVE-2016-53544.3Warning CVE-2016-53534.3Warning CVE-2016-53524.3Warning CVE-2016-53514.3Warning CVE-2016-53504.3Warning CVE-2016-65134.3Warning CVE-2016-65124.3Warning CVE-2016-65114.3Warning CVE-2016-65104.3Warning CVE-2016-65094.3Warning CVE-2016-65084.3Warning CVE-2016-65074.3Warning CVE-2016-65064.3Warning CVE-2016-65054.3Warning CVE-2016-65044.3Warning CVE-2016-65034.3Warning
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40195 https://www.exploit-db.com/exploits/40197 https://www.exploit-db.com/exploits/40194 https://www.exploit-db.com/exploits/40196