[gentoo-announce] [ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities - gentoo-announce

From:	Alex Legler <a3li@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities
Date:	Wed, 25 Nov 2009 16:25:23
Message-Id:	`20091125163904.17528625@mail.netloc.info`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200911-05

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Wireshark: Multiple vulnerabilities

9

      Date: November 25, 2009

10

      Bugs: #285280, #290710

11

        ID: 200911-05

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in Wireshark, allowing

19

for the remote execution of arbitrary code, or Denial of Service.

20

21

Background

22

==========

23

24

Wireshark is a versatile network protocol analyzer.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package                 /  Vulnerable  /               Unaffected

31

    -------------------------------------------------------------------

32

  1  net-analyzer/wireshark       < 1.2.3                     >= 1.2.3

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in Wireshark:

38

39

* Ryan Giobbi reported an integer overflow in wiretap/erf.c

40

  (CVE-2009-3829).

41

42

* The vendor reported multiple unspecified vulnerabilities in the

43

  Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the

44

  OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR

45

  dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in

46

  the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector

47

  (CVE-2009-3550), and in the dissect_negprot_response() function in

48

  packet-smb.c in the SMB dissector (CVE-2009-3551).

49

50

Impact

51

======

52

53

A remote attacker could entice a user to open a specially crafted "erf"

54

file using Wireshark, possibly resulting in the execution of arbitrary

55

code with the privileges of the user running the application. A remote

56

attacker could furthermore send specially crafted packets on a network

57

being monitored by Wireshark or entice a user to open a malformed

58

packet trace file using Wireshark, possibly resulting in a Denial of

59

Service.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

All Wireshark users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.3"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2009-2560

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560

79

  [ 2 ] CVE-2009-3241

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241

81

  [ 3 ] CVE-2009-3242

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242

83

  [ 4 ] CVE-2009-3243

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243

85

  [ 5 ] CVE-2009-3549

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549

87

  [ 6 ] CVE-2009-3550

88

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550

89

  [ 7 ] CVE-2009-3551

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551

91

  [ 8 ] CVE-2009-3829

92

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3829

93

94

Availability

95

============

96

97

This GLSA and any updates to it are available for viewing at

98

the Gentoo Security Website:

99

100

  http://security.gentoo.org/glsa/glsa-200911-05.xml

101

102

Concerns?

103

=========

104

105

Security is a primary focus of Gentoo Linux and ensuring the

106

confidentiality and security of our users machines is of utmost

107

importance to us. Any security concerns should be addressed to

108

security@g.o or alternatively, you may file a bug at

109

https://bugs.gentoo.org.

110

111

License

112

=======

113

114

Copyright 2009 Gentoo Foundation, Inc; referenced text

115

belongs to its owner(s).

116

117

The contents of this document are licensed under the

118

Creative Commons - Attribution / Share Alike license.

119

120

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200911-05
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Wireshark: Multiple vulnerabilities
9	Date: November 25, 2009
10	Bugs: #285280, #290710
11	ID: 200911-05
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in Wireshark, allowing
19	for the remote execution of arbitrary code, or Denial of Service.
20
21	Background
22	==========
23
24	Wireshark is a versatile network protocol analyzer.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 net-analyzer/wireshark < 1.2.3 >= 1.2.3
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in Wireshark:
38
39	* Ryan Giobbi reported an integer overflow in wiretap/erf.c
40	(CVE-2009-3829).
41
42	* The vendor reported multiple unspecified vulnerabilities in the
43	Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the
44	OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR
45	dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in
46	the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector
47	(CVE-2009-3550), and in the dissect_negprot_response() function in
48	packet-smb.c in the SMB dissector (CVE-2009-3551).
49
50	Impact
51	======
52
53	A remote attacker could entice a user to open a specially crafted "erf"
54	file using Wireshark, possibly resulting in the execution of arbitrary
55	code with the privileges of the user running the application. A remote
56	attacker could furthermore send specially crafted packets on a network
57	being monitored by Wireshark or entice a user to open a malformed
58	packet trace file using Wireshark, possibly resulting in a Denial of
59	Service.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	All Wireshark users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.3"
73
74	References
75	==========
76
77	[ 1 ] CVE-2009-2560
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560
79	[ 2 ] CVE-2009-3241
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241
81	[ 3 ] CVE-2009-3242
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242
83	[ 4 ] CVE-2009-3243
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3243
85	[ 5 ] CVE-2009-3549
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3549
87	[ 6 ] CVE-2009-3550
88	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550
89	[ 7 ] CVE-2009-3551
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3551
91	[ 8 ] CVE-2009-3829
92	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3829
93
94	Availability
95	============
96
97	This GLSA and any updates to it are available for viewing at
98	the Gentoo Security Website:
99
100	http://security.gentoo.org/glsa/glsa-200911-05.xml
101
102	Concerns?
103	=========
104
105	Security is a primary focus of Gentoo Linux and ensuring the
106	confidentiality and security of our users machines is of utmost
107	importance to us. Any security concerns should be addressed to
108	security@g.o or alternatively, you may file a bug at
109	https://bugs.gentoo.org.
110
111	License
112	=======
113
114	Copyright 2009 Gentoo Foundation, Inc; referenced text
115	belongs to its owner(s).
116
117	The contents of this document are licensed under the
118	Creative Commons - Attribution / Share Alike license.
119
120	http://creativecommons.org/licenses/by-sa/2.5