Korean
<< Back
VID 50117
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Wireshark installed on the remote Windows host is 2.0.xprior to 2.0.11. It is, therefore, affected bymultiple denial of service vulnerabilities :

- An infinite loop condition exists in the Netscaler file parser in the nstrace_read_v20() and nstrace_read_v30() functions within file wiretap/netscaler.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a
specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6467)

- An out-of-bounds read error exists within various functions in file wiretap/netscaler.c when handling record lengths. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the Netscaler file parser process. (CVE-2017-6468)

- A memory allocation issue exists in the dissect_ldss_transfer() function within file epan/dissectors/packet-ldss.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially
crafted capture file, to crash the LDSS dissector process. (CVE-2017-6469)

- An infinite loop condition exists in IAX2 in the iax2_add_ts_fields() function within file epan/dissectors/packet-iax2.c when processing timestamps. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive CPU resources, resulting in a denial of service condition. (CVE-2017-6470)

- An infinite loop condition exists in WSP in the dissect_wsp_common() function within file epan/dissectors/packet-wsp.c when handling capability lengths. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted
capture file, to cause a denial of service condition. (CVE-2017-6471)

- An infinite loop condition exists in the RTMPT dissector in the dissect_rtmpt_common() function within file epan/dissectors/packet-rtmpt.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via packet injection or a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6472)

- A denial of service vulnerability exists in the process_packet_data() function within file wiretap/k12.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to crash the K12 file
parser process. (CVE-2017-6473)

- An infinite loop condition exists in the NetScaler file parser in the nstrace_read_v10(), nstrace_read_v20(), and nstrace_read_v30() functions within file wiretap/netscaler.c when handling record sizes. An unauthenticated, remote attacker can exploit this, via a specially crafted capture file, to consume excessive memory resources, resulting in a denial of service condition. (CVE-2017-6474)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://www.wireshark.org/security/wnpa-sec-2017-03.html
https://www.wireshark.org/security/wnpa-sec-2017-04.html
https://www.wireshark.org/security/wnpa-sec-2017-05.html
https://www.wireshark.org/security/wnpa-sec-2017-07.html
https://www.wireshark.org/security/wnpa-sec-2017-08.html
https://www.wireshark.org/security/wnpa-sec-2017-09.html
https://www.wireshark.org/security/wnpa-sec-2017-10.html
https://www.wireshark.org/security/wnpa-sec-2017-11.html

* Platforms Affected:
Wireshark versions 2.0.x prior to 2.0.11
Microsoft Windows Any version
Recommendation Upgrade to the latest version Wireshark (2.0.11 or later), available from the Wireshark.org Web site at http://www.wireshark.org/download/win32/all-versions/
Related URL CVE-2017-6467,CVE-2017-6468,CVE-2017-6469,CVE-2017-6470,CVE-2017-6471,CVE-2017-6472,CVE-2017-6473,CVE-2017-6474 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)