| VID |
50204 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Wireshark installed on the remote Windows host is 2.6.x prior to 2.6.5. It is, therefore, affected by multiple vulnerabilities.
- The MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. (CVE-2018-19622)
- The LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. (CVE-2018-19623)
- The PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. (CVE-2018-19624)
- The dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. (CVE-2018-19625)
- The DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. (CVE-2018-19626)
- The IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. (CVE-2018-19627)
- The ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. (CVE-2018-19628)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://www.wireshark.org/security/wnpa-sec-2018-57.html
* Platforms Affected:
Wireshark versions 2.6.x prior to 2.6.5
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Wireshark (2.6.5 or later), available from the Wireshark.org Web site at http://www.wireshark.org/download/win32/all-versions/ |
| Related URL |
CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628 (CVE) |
| Related URL |
106051 (SecurityFocus) |
| Related URL |
(ISS) |
|
