Amazon Linux AMI update for wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2011-1143 CVE-2011-1590 |
| CWE-ID | CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU45259
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2011-1143
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
wireshark-devel-1.2.15-2.10.amzn1.i686
wireshark-1.2.15-2.10.amzn1.i686
wireshark-debuginfo-1.2.15-2.10.amzn1.i686
src:
wireshark-1.2.15-2.10.amzn1.src
x86_64:
wireshark-debuginfo-1.2.15-2.10.amzn1.x86_64
wireshark-devel-1.2.15-2.10.amzn1.x86_64
wireshark-1.2.15-2.10.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-71.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Resource management error
EUVDB-ID: #VU45101
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
wireshark-devel-1.2.15-2.10.amzn1.i686
wireshark-1.2.15-2.10.amzn1.i686
wireshark-debuginfo-1.2.15-2.10.amzn1.i686
src:
wireshark-1.2.15-2.10.amzn1.src
x86_64:
wireshark-debuginfo-1.2.15-2.10.amzn1.x86_64
wireshark-devel-1.2.15-2.10.amzn1.x86_64
wireshark-1.2.15-2.10.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-71.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
