Gentoo Archives: gentoo-commits

From: "Tobias Heinlein (keytoaster)" <keytoaster@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200906-05.xml
Date: Tue, 30 Jun 2009 13:13:41
Message-Id: E1MLd9X-0002xH-DS@stork.gentoo.org
1 keytoaster 09/06/30 13:13:39
2
3 Added: glsa-200906-05.xml
4 Log:
5 GLSA 200906-05
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-200906-05.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200906-05.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200906-05.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-200906-05.xml
14 ===================================================================
15 <?xml version="1.0" encoding="utf-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20 <glsa id="200906-05">
21 <title>Wireshark: Multiple vulnerabilities</title>
22 <synopsis>
23 Multiple vulnerabilities have been discovered in Wireshark which allow for
24 Denial of Service (application crash) or remote code execution.
25 </synopsis>
26 <product type="ebuild">wireshark</product>
27 <announced>June 30, 2009</announced>
28 <revised>June 30, 2009: 01</revised>
29 <bug>242996</bug>
30 <bug>248425</bug>
31 <bug>258013</bug>
32 <bug>264571</bug>
33 <bug>271062</bug>
34 <access>remote</access>
35 <affected>
36 <package name="net-analyzer/wireshark" auto="yes" arch="*">
37 <unaffected range="ge">1.0.8</unaffected>
38 <vulnerable range="lt">1.0.8</vulnerable>
39 </package>
40 </affected>
41 <background>
42 <p>
43 Wireshark is a versatile network protocol analyzer.
44 </p>
45 </background>
46 <description>
47 <p>
48 Multiple vulnerabilities have been discovered in Wireshark:
49 </p>
50 <ul>
51 <li>
52 David Maciejak discovered a vulnerability in packet-usb.c in the USB
53 dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
54 </li>
55 <li>
56 Florent Drouin and David Maciejak reported an unspecified vulnerability
57 in the Bluetooth RFCOMM dissector (CVE-2008-4681).
58 </li>
59 <li>
60 A malformed Tamos CommView capture file (aka .ncf file) with an
61 "unknown/unexpected packet type" triggers a failed assertion in wtap.c
62 (CVE-2008-4682).
63 </li>
64 <li>
65 An unchecked packet length parameter in the dissect_btacl() function in
66 packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous
67 tvb_memcpy() call (CVE-2008-4683).
68 </li>
69 <li>
70 A vulnerability where packet-frame does not properly handle exceptions
71 thrown by post dissectors caused by a certain series of packets
72 (CVE-2008-4684).
73 </li>
74 <li>
75 Mike Davies reported a use-after-free vulnerability in the
76 dissect_q931_cause_ie() function in packet-q931.c in the Q.931
77 dissector via certain packets that trigger an exception
78 (CVE-2008-4685).
79 </li>
80 <li>
81 The Security Vulnerability Research Team of Bkis reported that the SMTP
82 dissector could consume excessive amounts of CPU and memory
83 (CVE-2008-5285).
84 </li>
85 <li>
86 The vendor reported that the WLCCP dissector could go into an infinite
87 loop (CVE-2008-6472).
88 </li>
89 <li>
90 babi discovered a buffer overflow in wiretap/netscreen.c via a
91 malformed NetScreen snoop file (CVE-2009-0599).
92 </li>
93 <li>
94 A specially crafted Tektronix K12 text capture file can cause an
95 application crash (CVE-2009-0600).
96 </li>
97 <li>
98 A format string vulnerability via format string specifiers in the HOME
99 environment variable (CVE-2009-0601).
100 </li>
101 <li>THCX Labs reported a format string vulnerability in the
102 PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string
103 specifiers in the station name (CVE-2009-1210).
104 </li>
105 <li>An unspecified vulnerability with unknown impact and attack
106 vectors (CVE-2009-1266).
107 </li>
108 <li>
109 Marty Adkins and Chris Maynard discovered a parsing error in the
110 dissector for the Check Point High-Availability Protocol (CPHAP)
111 (CVE-2009-1268).
112 </li>
113 <li>
114 Magnus Homann discovered a parsing error when loading a Tektronix .rf5
115 file (CVE-2009-1269).
116 </li>
117 <li>The vendor reported that the PCNFSD dissector could crash
118 (CVE-2009-1829).</li>
119 </ul>
120 </description>
121 <impact type="high">
122 <p>
123 A remote attacker could exploit these vulnerabilities by sending
124 specially crafted packets on a network being monitored by Wireshark or
125 by enticing a user to read a malformed packet trace file which can
126 trigger a Denial of Service (application crash or excessive CPU and
127 memory usage) and possibly allow for the execution of arbitrary code
128 with the privileges of the user running Wireshark.
129 </p>
130 </impact>
131 <workaround>
132 <p>
133 There is no known workaround at this time.
134 </p>
135 </workaround>
136 <resolution>
137 <p>
138 All Wireshark users should upgrade to the latest version:
139 </p>
140 <code>
141 # emerge --sync
142 # emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/wireshark-1.0.8&quot;</code>
143 </resolution>
144 <references>
145 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680">CVE-2008-4680</uri>
146 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681">CVE-2008-4681</uri>
147 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682">CVE-2008-4682</uri>
148 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683">CVE-2008-4683</uri>
149 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684">CVE-2008-4684</uri>
150 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685">CVE-2008-4685</uri>
151 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285">CVE-2008-5285</uri>
152 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472">CVE-2008-6472</uri>
153 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599">CVE-2009-0599</uri>
154 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600">CVE-2009-0600</uri>
155 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601">CVE-2009-0601</uri>
156 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210">CVE-2009-1210</uri>
157 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266">CVE-2009-1266</uri>
158 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268">CVE-2009-1268</uri>
159 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269">CVE-2009-1269</uri>
160 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829">CVE-2009-1829</uri>
161 </references>
162 <metadata tag="submitter" timestamp="Fri, 22 May 2009 11:33:22 +0000">
163 craig
164 </metadata>
165 <metadata tag="bugReady" timestamp="Mon, 29 Jun 2009 22:09:27 +0000">
166 craig
167 </metadata>
168 </glsa>