[gentoo-announce] [ GLSA 200805-05 ] Wireshark: Denial of Service - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200805-05 ] Wireshark: Denial of Service
Date:	Wed, 07 May 2008 22:18:19
Message-Id:	`48222A44.50107@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200805-05

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: Wireshark: Denial of Service

12

      Date: May 07, 2008

13

      Bugs: #215276

14

        ID: 200805-05

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple Denial of Service vulnerabilities have been discovered in

22

Wireshark.

23

24

Background

25

==========

26

27

Wireshark is a network protocol analyzer with a graphical front-end.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package                 /  Vulnerable  /               Unaffected

34

    -------------------------------------------------------------------

35

  1  net-analyzer/wireshark       < 1.0.0                     >= 1.0.0

36

37

Description

38

===========

39

40

Errors exist in:

41

42

* the X.509sat dissector because of an uninitialized variable and the

43

  Roofnet dissector because a NULL pointer may be passed to the

44

  g_vsnprintf() function (CVE-2008-1561).

45

46

* the LDAP dissector because a NULL pointer may be passed to the

47

  ep_strdup_printf() function (CVE-2008-1562).

48

49

* the SCCP dissector because it does not reset a pointer once the

50

  packet has been processed (CVE-2008-1563).

51

52

Impact

53

======

54

55

A remote attacker could exploit these vulnerabilities by sending a

56

malformed packet or enticing a user to read a malformed packet trace

57

file, causing a Denial of Service.

58

59

Workaround

60

==========

61

62

Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors.

63

64

Resolution

65

==========

66

67

All Wireshark users should upgrade to the latest version:

68

69

    # emerge --sync

70

    # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.0"

71

72

References

73

==========

74

75

  [ 1 ] CVE-2008-1561

76

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561

77

  [ 2 ] CVE-2008-1562

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562

79

  [ 3 ] CVE-2008-1563

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563

81

82

Availability

83

============

84

85

This GLSA and any updates to it are available for viewing at

86

the Gentoo Security Website:

87

88

  http://security.gentoo.org/glsa/glsa-200805-05.xml

89

90

Concerns?

91

=========

92

93

Security is a primary focus of Gentoo Linux and ensuring the

94

confidentiality and security of our users machines is of utmost

95

importance to us. Any security concerns should be addressed to

96

security@g.o or alternatively, you may file a bug at

97

http://bugs.gentoo.org.

98

99

License

100

=======

101

102

Copyright 2008 Gentoo Foundation, Inc; referenced text

103

belongs to its owner(s).

104

105

The contents of this document are licensed under the

106

Creative Commons - Attribution / Share Alike license.

107

108

http://creativecommons.org/licenses/by-sa/2.5

109

-----BEGIN PGP SIGNATURE-----

110

Version: GnuPG v2.0.7 (GNU/Linux)

111

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

112

113

iD8DBQFIIipEuhJ+ozIKI5gRAqx9AJ9b0CJEX/cI/kV468FuS5JbryVE0QCfbyFL

114

OhdaWfQPVJwXN+UH/HdKbXs=

115

=Tzko

116

-----END PGP SIGNATURE-----

117

--

118

gentoo-announce@l.g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200805-05
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: Wireshark: Denial of Service
12	Date: May 07, 2008
13	Bugs: #215276
14	ID: 200805-05
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple Denial of Service vulnerabilities have been discovered in
22	Wireshark.
23
24	Background
25	==========
26
27	Wireshark is a network protocol analyzer with a graphical front-end.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 net-analyzer/wireshark < 1.0.0 >= 1.0.0
36
37	Description
38	===========
39
40	Errors exist in:
41
42	* the X.509sat dissector because of an uninitialized variable and the
43	Roofnet dissector because a NULL pointer may be passed to the
44	g_vsnprintf() function (CVE-2008-1561).
45
46	* the LDAP dissector because a NULL pointer may be passed to the
47	ep_strdup_printf() function (CVE-2008-1562).
48
49	* the SCCP dissector because it does not reset a pointer once the
50	packet has been processed (CVE-2008-1563).
51
52	Impact
53	======
54
55	A remote attacker could exploit these vulnerabilities by sending a
56	malformed packet or enticing a user to read a malformed packet trace
57	file, causing a Denial of Service.
58
59	Workaround
60	==========
61
62	Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors.
63
64	Resolution
65	==========
66
67	All Wireshark users should upgrade to the latest version:
68
69	# emerge --sync
70	# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.0"
71
72	References
73	==========
74
75	[ 1 ] CVE-2008-1561
76	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561
77	[ 2 ] CVE-2008-1562
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562
79	[ 3 ] CVE-2008-1563
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563
81
82	Availability
83	============
84
85	This GLSA and any updates to it are available for viewing at
86	the Gentoo Security Website:
87
88	http://security.gentoo.org/glsa/glsa-200805-05.xml
89
90	Concerns?
91	=========
92
93	Security is a primary focus of Gentoo Linux and ensuring the
94	confidentiality and security of our users machines is of utmost
95	importance to us. Any security concerns should be addressed to
96	security@g.o or alternatively, you may file a bug at
97	http://bugs.gentoo.org.
98
99	License
100	=======
101
102	Copyright 2008 Gentoo Foundation, Inc; referenced text
103	belongs to its owner(s).
104
105	The contents of this document are licensed under the
106	Creative Commons - Attribution / Share Alike license.
107
108	http://creativecommons.org/licenses/by-sa/2.5
109	-----BEGIN PGP SIGNATURE-----
110	Version: GnuPG v2.0.7 (GNU/Linux)
111	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
112
113	iD8DBQFIIipEuhJ+ozIKI5gRAqx9AJ9b0CJEX/cI/kV468FuS5JbryVE0QCfbyFL
114	OhdaWfQPVJwXN+UH/HdKbXs=
115	=Tzko
116	-----END PGP SIGNATURE-----
117	--
118	gentoo-announce@l.g.o mailing list

Gentoo Archives: gentoo-announce