Gentoo Archives: gentoo-announce

From: Raphael Marichez <falco@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200608-26 ] Wireshark: Multiple vulnerabilities
Date: Thu, 07 Sep 2006 19:19:50
Message-Id: 200608291702.22826@msgid.falco.bz
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200608-26
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Wireshark: Multiple vulnerabilities
9 Date: August 29, 2006
10 Bugs: #144946
11 ID: 200608-26
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Wireshark is vulnerable to several security issues that may lead to a
19 Denial of Service and/or the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Wireshark is a feature-rich network protocol analyzer.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 0.99.3 >= 0.99.3
33
34 Description
35 ===========
36
37 The following vulnerabilities have been discovered in Wireshark.
38 Firstly, if the IPsec ESP parser is used it is susceptible to
39 off-by-one errors, this parser is disabled by default; secondly, the
40 SCSI dissector is vulnerable to an unspecified crash; and finally, the
41 Q.2931 dissector of the SSCOP payload may use all the available memory
42 if a port range is configured. By default, no port ranges are
43 configured.
44
45 Impact
46 ======
47
48 An attacker might be able to exploit these vulnerabilities, resulting
49 in a crash or the execution of arbitrary code with the permissions of
50 the user running Wireshark, possibly the root user.
51
52 Workaround
53 ==========
54
55 Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled
56 protocols" menus. Make sure the ESP decryption is disabled, with the
57 "Edit -> Preferences -> Protocols -> ESP" menu.
58
59 Resolution
60 ==========
61
62 All Wireshark users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.3"
66
67 References
68 ==========
69
70 [ 1 ] CVE-2006-4330
71 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4330
72 [ 2 ] CVE-2006-4331
73 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4331
74 [ 3 ] CVE-2006-4332
75 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4332
76 [ 4 ] CVE-2006-4333
77 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4333
78 [ 5 ] Wireshark official advisory
79 http://www.wireshark.org/security/wnpa-sec-2006-02.html
80
81 Availability
82 ============
83
84 This GLSA and any updates to it are available for viewing at
85 the Gentoo Security Website:
86
87 http://security.gentoo.org/glsa/glsa-200608-26.xml
88
89 Concerns?
90 =========
91
92 Security is a primary focus of Gentoo Linux and ensuring the
93 confidentiality and security of our users machines is of utmost
94 importance to us. Any security concerns should be addressed to
95 security@g.o or alternatively, you may file a bug at
96 http://bugs.gentoo.org.
97
98 License
99 =======
100
101 Copyright 2006 Gentoo Foundation, Inc; referenced text
102 belongs to its owner(s).
103
104 The contents of this document are licensed under the
105 Creative Commons - Attribution / Share Alike license.
106
107 http://creativecommons.org/licenses/by-sa/2.5