Bugtraq mailing list archives
[ GLSA 200906-05 ] Wireshark: Multiple vulnerabilities
From: Tobias Heinlein <keytoaster () gentoo org>
Date: Tue, 30 Jun 2009 15:14:34 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200906-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Wireshark: Multiple vulnerabilities Date: June 30, 2009 Bugs: #242996, #248425, #258013, #264571, #271062 ID: 200906-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Background ========== Wireshark is a versatile network protocol analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.0.8 >= 1.0.8 Description =========== Multiple vulnerabilities have been discovered in Wireshark: * David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680). * Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681). * A malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" triggers a failed assertion in wtap.c (CVE-2008-4682). * An unchecked packet length parameter in the dissect_btacl() function in packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous tvb_memcpy() call (CVE-2008-4683). * A vulnerability where packet-frame does not properly handle exceptions thrown by post dissectors caused by a certain series of packets (CVE-2008-4684). * Mike Davies reported a use-after-free vulnerability in the dissect_q931_cause_ie() function in packet-q931.c in the Q.931 dissector via certain packets that trigger an exception (CVE-2008-4685). * The Security Vulnerability Research Team of Bkis reported that the SMTP dissector could consume excessive amounts of CPU and memory (CVE-2008-5285). * The vendor reported that the WLCCP dissector could go into an infinite loop (CVE-2008-6472). * babi discovered a buffer overflow in wiretap/netscreen.c via a malformed NetScreen snoop file (CVE-2009-0599). * A specially crafted Tektronix K12 text capture file can cause an application crash (CVE-2009-0600). * A format string vulnerability via format string specifiers in the HOME environment variable (CVE-2009-0601). * THCX Labs reported a format string vulnerability in the PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string specifiers in the station name (CVE-2009-1210). * An unspecified vulnerability with unknown impact and attack vectors (CVE-2009-1266). * Marty Adkins and Chris Maynard discovered a parsing error in the dissector for the Check Point High-Availability Protocol (CPHAP) (CVE-2009-1268). * Magnus Homann discovered a parsing error when loading a Tektronix .rf5 file (CVE-2009-1269). * The vendor reported that the PCNFSD dissector could crash (CVE-2009-1829). Impact ====== A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8" References ========== [ 1 ] CVE-2008-4680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680 [ 2 ] CVE-2008-4681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 [ 3 ] CVE-2008-4682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 [ 4 ] CVE-2008-4683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 [ 5 ] CVE-2008-4684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 [ 6 ] CVE-2008-4685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 [ 7 ] CVE-2008-5285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285 [ 8 ] CVE-2008-6472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472 [ 9 ] CVE-2009-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599 [ 10 ] CVE-2009-0600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600 [ 11 ] CVE-2009-0601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601 [ 12 ] CVE-2009-1210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210 [ 13 ] CVE-2009-1266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266 [ 14 ] CVE-2009-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268 [ 15 ] CVE-2009-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269 [ 16 ] CVE-2009-1829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200906-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 200906-05 ] Wireshark: Multiple vulnerabilities Tobias Heinlein (Jun 30)