Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.1174.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:1174-1)
Summary:The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2017:1174-1 advisory.
Description:Summary:
The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2017:1174-1 advisory.

Vulnerability Insight:
Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes.
These security issues were fixed:
- CVE-2017-7700: In Wireshark the NetScaler file parser could go into an
infinite loop, triggered by a malformed capture file. This was addressed
in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936).
- CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-bgp.c by using a different
integer data type (bsc#1033937).
- CVE-2017-7702: In Wireshark the WBXML dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-wbxml.c by adding
length validation (bsc#1033938).
- CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by
packet injection or a malformed capture file. This was addressed in
epan/dissectors/packet-imap.c by calculating a line's end correctly
(bsc#1033939).
- CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-dof.c by using a different
integer data type and adjusting a return value (bsc#1033940).
- CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-rpcrdma.c by
correctly checking for going beyond the maximum offset (bsc#1033941).
- CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-sigcomp.c by
correcting a memory-size check (bsc#1033942).
- CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-slsk.c by adding checks for the
remaining length (bsc#1033943).
- CVE-2017-7747: In Wireshark the PacketBB dissector could crash,
triggered by packet injection or a malformed capture file. This was
addressed in epan/dissectors/packet-packetbb.c by restricting additions
to the protocol tree (bsc#1033944).
- CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-wsp.c by adding a length check
(bsc#1033945).
- CVE-2016-7179: Stack-based buffer overflow in
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000
dissector in Wireshark allowed remote attackers to cause a denial of
service (application crash) via a crafted packet (bsc#998963).
- CVE-2016-9376: In Wireshark the OpenFlow dissector could crash w... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'wireshark' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7175
http://www.securitytracker.com/id/1036760
Common Vulnerability Exposure (CVE) ID: CVE-2016-7176
Debian Security Information: DSA-3671 (Google Search)
http://www.debian.org/security/2016/dsa-3671
Common Vulnerability Exposure (CVE) ID: CVE-2016-7177
Common Vulnerability Exposure (CVE) ID: CVE-2016-7178
Common Vulnerability Exposure (CVE) ID: CVE-2016-7179
Common Vulnerability Exposure (CVE) ID: CVE-2016-7180
Common Vulnerability Exposure (CVE) ID: CVE-2016-9373
BugTraq ID: 94369
http://www.securityfocus.com/bid/94369
Debian Security Information: DSA-3719 (Google Search)
http://www.debian.org/security/2016/dsa-3719
http://www.securitytracker.com/id/1037313
Common Vulnerability Exposure (CVE) ID: CVE-2016-9374
Common Vulnerability Exposure (CVE) ID: CVE-2016-9375
Common Vulnerability Exposure (CVE) ID: CVE-2016-9376
Common Vulnerability Exposure (CVE) ID: CVE-2017-5596
BugTraq ID: 95795
http://www.securityfocus.com/bid/95795
Debian Security Information: DSA-3811 (Google Search)
http://www.debian.org/security/2017/dsa-3811
http://www.securitytracker.com/id/1037694
Common Vulnerability Exposure (CVE) ID: CVE-2017-5597
BugTraq ID: 95798
http://www.securityfocus.com/bid/95798
Common Vulnerability Exposure (CVE) ID: CVE-2017-6014
BugTraq ID: 96284
http://www.securityfocus.com/bid/96284
https://security.gentoo.org/glsa/201706-12
Common Vulnerability Exposure (CVE) ID: CVE-2017-7700
BugTraq ID: 97631
http://www.securityfocus.com/bid/97631
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
http://www.securitytracker.com/id/1038262
Common Vulnerability Exposure (CVE) ID: CVE-2017-7701
BugTraq ID: 97632
http://www.securityfocus.com/bid/97632
Common Vulnerability Exposure (CVE) ID: CVE-2017-7702
BugTraq ID: 97633
http://www.securityfocus.com/bid/97633
Common Vulnerability Exposure (CVE) ID: CVE-2017-7703
BugTraq ID: 97636
http://www.securityfocus.com/bid/97636
Common Vulnerability Exposure (CVE) ID: CVE-2017-7704
BugTraq ID: 97634
http://www.securityfocus.com/bid/97634
Common Vulnerability Exposure (CVE) ID: CVE-2017-7705
BugTraq ID: 97630
http://www.securityfocus.com/bid/97630
Common Vulnerability Exposure (CVE) ID: CVE-2017-7745
BugTraq ID: 97627
http://www.securityfocus.com/bid/97627
Common Vulnerability Exposure (CVE) ID: CVE-2017-7746
BugTraq ID: 97635
http://www.securityfocus.com/bid/97635
Common Vulnerability Exposure (CVE) ID: CVE-2017-7747
BugTraq ID: 97638
http://www.securityfocus.com/bid/97638
Common Vulnerability Exposure (CVE) ID: CVE-2017-7748
BugTraq ID: 97628
http://www.securityfocus.com/bid/97628
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.