From: | Tobias Heinlein <keytoaster@g.o> |
---|---|
To: | gentoo-announce@g.o |
Cc: | bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com |
Subject: | [gentoo-announce] [ GLSA 200906-05 ] Wireshark: Multiple vulnerabilities |
Date: | Tue, 30 Jun 2009 13:21:28 |
Message-Id: | 4A4A0FBA.5040709@gentoo.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory GLSA 200906-05 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | http://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: High |
8 | Title: Wireshark: Multiple vulnerabilities |
9 | Date: June 30, 2009 |
10 | Bugs: #242996, #248425, #258013, #264571, #271062 |
11 | ID: 200906-05 |
12 | |
13 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 | |
15 | Synopsis |
16 | ======== |
17 | |
18 | Multiple vulnerabilities have been discovered in Wireshark which allow |
19 | for Denial of Service (application crash) or remote code execution. |
20 | |
21 | Background |
22 | ========== |
23 | |
24 | Wireshark is a versatile network protocol analyzer. |
25 | |
26 | Affected packages |
27 | ================= |
28 | |
29 | ------------------------------------------------------------------- |
30 | Package / Vulnerable / Unaffected |
31 | ------------------------------------------------------------------- |
32 | 1 net-analyzer/wireshark < 1.0.8 >= 1.0.8 |
33 | |
34 | Description |
35 | =========== |
36 | |
37 | Multiple vulnerabilities have been discovered in Wireshark: |
38 | |
39 | * David Maciejak discovered a vulnerability in packet-usb.c in the |
40 | USB dissector via a malformed USB Request Block (URB) |
41 | (CVE-2008-4680). |
42 | |
43 | * Florent Drouin and David Maciejak reported an unspecified |
44 | vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681). |
45 | |
46 | * A malformed Tamos CommView capture file (aka .ncf file) with an |
47 | "unknown/unexpected packet type" triggers a failed assertion in |
48 | wtap.c (CVE-2008-4682). |
49 | |
50 | * An unchecked packet length parameter in the dissect_btacl() |
51 | function in packet-bthci_acl.c in the Bluetooth ACL dissector causes |
52 | an erroneous tvb_memcpy() call (CVE-2008-4683). |
53 | |
54 | * A vulnerability where packet-frame does not properly handle |
55 | exceptions thrown by post dissectors caused by a certain series of |
56 | packets (CVE-2008-4684). |
57 | |
58 | * Mike Davies reported a use-after-free vulnerability in the |
59 | dissect_q931_cause_ie() function in packet-q931.c in the Q.931 |
60 | dissector via certain packets that trigger an exception |
61 | (CVE-2008-4685). |
62 | |
63 | * The Security Vulnerability Research Team of Bkis reported that the |
64 | SMTP dissector could consume excessive amounts of CPU and memory |
65 | (CVE-2008-5285). |
66 | |
67 | * The vendor reported that the WLCCP dissector could go into an |
68 | infinite loop (CVE-2008-6472). |
69 | |
70 | * babi discovered a buffer overflow in wiretap/netscreen.c via a |
71 | malformed NetScreen snoop file (CVE-2009-0599). |
72 | |
73 | * A specially crafted Tektronix K12 text capture file can cause an |
74 | application crash (CVE-2009-0600). |
75 | |
76 | * A format string vulnerability via format string specifiers in the |
77 | HOME environment variable (CVE-2009-0601). |
78 | |
79 | * THCX Labs reported a format string vulnerability in the |
80 | PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format |
81 | string specifiers in the station name (CVE-2009-1210). |
82 | |
83 | * An unspecified vulnerability with unknown impact and attack vectors |
84 | (CVE-2009-1266). |
85 | |
86 | * Marty Adkins and Chris Maynard discovered a parsing error in the |
87 | dissector for the Check Point High-Availability Protocol (CPHAP) |
88 | (CVE-2009-1268). |
89 | |
90 | * Magnus Homann discovered a parsing error when loading a Tektronix |
91 | .rf5 file (CVE-2009-1269). |
92 | |
93 | * The vendor reported that the PCNFSD dissector could crash |
94 | (CVE-2009-1829). |
95 | |
96 | Impact |
97 | ====== |
98 | |
99 | A remote attacker could exploit these vulnerabilities by sending |
100 | specially crafted packets on a network being monitored by Wireshark or |
101 | by enticing a user to read a malformed packet trace file which can |
102 | trigger a Denial of Service (application crash or excessive CPU and |
103 | memory usage) and possibly allow for the execution of arbitrary code |
104 | with the privileges of the user running Wireshark. |
105 | |
106 | Workaround |
107 | ========== |
108 | |
109 | There is no known workaround at this time. |
110 | |
111 | Resolution |
112 | ========== |
113 | |
114 | All Wireshark users should upgrade to the latest version: |
115 | |
116 | # emerge --sync |
117 | # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8" |
118 | |
119 | References |
120 | ========== |
121 | |
122 | [ 1 ] CVE-2008-4680 |
123 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680 |
124 | [ 2 ] CVE-2008-4681 |
125 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 |
126 | [ 3 ] CVE-2008-4682 |
127 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 |
128 | [ 4 ] CVE-2008-4683 |
129 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 |
130 | [ 5 ] CVE-2008-4684 |
131 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 |
132 | [ 6 ] CVE-2008-4685 |
133 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 |
134 | [ 7 ] CVE-2008-5285 |
135 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285 |
136 | [ 8 ] CVE-2008-6472 |
137 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472 |
138 | [ 9 ] CVE-2009-0599 |
139 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599 |
140 | [ 10 ] CVE-2009-0600 |
141 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600 |
142 | [ 11 ] CVE-2009-0601 |
143 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601 |
144 | [ 12 ] CVE-2009-1210 |
145 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210 |
146 | [ 13 ] CVE-2009-1266 |
147 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266 |
148 | [ 14 ] CVE-2009-1268 |
149 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268 |
150 | [ 15 ] CVE-2009-1269 |
151 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269 |
152 | [ 16 ] CVE-2009-1829 |
153 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829 |
154 | |
155 | Availability |
156 | ============ |
157 | |
158 | This GLSA and any updates to it are available for viewing at |
159 | the Gentoo Security Website: |
160 | |
161 | http://security.gentoo.org/glsa/glsa-200906-05.xml |
162 | |
163 | Concerns? |
164 | ========= |
165 | |
166 | Security is a primary focus of Gentoo Linux and ensuring the |
167 | confidentiality and security of our users machines is of utmost |
168 | importance to us. Any security concerns should be addressed to |
169 | security@g.o or alternatively, you may file a bug at |
170 | http://bugs.gentoo.org. |
171 | |
172 | License |
173 | ======= |
174 | |
175 | Copyright 2009 Gentoo Foundation, Inc; referenced text |
176 | belongs to its owner(s). |
177 | |
178 | The contents of this document are licensed under the |
179 | Creative Commons - Attribution / Share Alike license. |
180 | |
181 | http://creativecommons.org/licenses/by-sa/2.5 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |