Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200808-04 ] Wireshark: Denial of Service
Date: Wed, 06 Aug 2008 00:52:42
Message-Id: 200808060246.03789.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200808-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Wireshark: Denial of Service
9 Date: August 06, 2008
10 Bugs: #230411, #231587
11 ID: 200808-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple Denial of Service vulnerabilities have been discovered in
19 Wireshark.
20
21 Background
22 ==========
23
24 Wireshark is a network protocol analyzer with a graphical front-end.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 1.0.2 >= 1.0.2
33
34 Description
35 ===========
36
37 Multiple vulnerabilities related to memory management were discovered
38 in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET
39 dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the
40 syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141)
41 and when reassembling fragmented packets (CVE-2008-3145).
42
43 Impact
44 ======
45
46 A remote attacker could exploit these vulnerabilities by sending a
47 specially crafted packet on a network being monitored by Wireshark or
48 enticing a user to read a malformed packet trace file, causing a Denial
49 of Service.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Wireshark users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.2"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2008-3137
68 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137
69 [ 2 ] CVE-2008-3138
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138
71 [ 3 ] CVE-2008-3139
72 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139
73 [ 4 ] CVE-2008-3140
74 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140
75 [ 5 ] CVE-2008-3141
76 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141
77 [ 6 ] CVE-2008-3145
78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145
79
80 Availability
81 ============
82
83 This GLSA and any updates to it are available for viewing at
84 the Gentoo Security Website:
85
86 http://security.gentoo.org/glsa/glsa-200808-04.xml
87
88 Concerns?
89 =========
90
91 Security is a primary focus of Gentoo Linux and ensuring the
92 confidentiality and security of our users machines is of utmost
93 importance to us. Any security concerns should be addressed to
94 security@g.o or alternatively, you may file a bug at
95 http://bugs.gentoo.org.
96
97 License
98 =======
99
100 Copyright 2008 Gentoo Foundation, Inc; referenced text
101 belongs to its owner(s).
102
103 The contents of this document are licensed under the
104 Creative Commons - Attribution / Share Alike license.
105
106 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups