From: | "Tobias Heinlein (keytoaster)" <keytoaster@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200906-05.xml |
Date: | Tue, 30 Jun 2009 13:13:41 |
Message-Id: | E1MLd9X-0002xH-DS@stork.gentoo.org |
1 | keytoaster 09/06/30 13:13:39 |
2 | |
3 | Added: glsa-200906-05.xml |
4 | Log: |
5 | GLSA 200906-05 |
6 | |
7 | Revision Changes Path |
8 | 1.1 xml/htdocs/security/en/glsa/glsa-200906-05.xml |
9 | |
10 | file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200906-05.xml?rev=1.1&view=markup |
11 | plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200906-05.xml?rev=1.1&content-type=text/plain |
12 | |
13 | Index: glsa-200906-05.xml |
14 | =================================================================== |
15 | <?xml version="1.0" encoding="utf-8"?> |
16 | <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> |
17 | <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
18 | <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
19 | |
20 | <glsa id="200906-05"> |
21 | <title>Wireshark: Multiple vulnerabilities</title> |
22 | <synopsis> |
23 | Multiple vulnerabilities have been discovered in Wireshark which allow for |
24 | Denial of Service (application crash) or remote code execution. |
25 | </synopsis> |
26 | <product type="ebuild">wireshark</product> |
27 | <announced>June 30, 2009</announced> |
28 | <revised>June 30, 2009: 01</revised> |
29 | <bug>242996</bug> |
30 | <bug>248425</bug> |
31 | <bug>258013</bug> |
32 | <bug>264571</bug> |
33 | <bug>271062</bug> |
34 | <access>remote</access> |
35 | <affected> |
36 | <package name="net-analyzer/wireshark" auto="yes" arch="*"> |
37 | <unaffected range="ge">1.0.8</unaffected> |
38 | <vulnerable range="lt">1.0.8</vulnerable> |
39 | </package> |
40 | </affected> |
41 | <background> |
42 | <p> |
43 | Wireshark is a versatile network protocol analyzer. |
44 | </p> |
45 | </background> |
46 | <description> |
47 | <p> |
48 | Multiple vulnerabilities have been discovered in Wireshark: |
49 | </p> |
50 | <ul> |
51 | <li> |
52 | David Maciejak discovered a vulnerability in packet-usb.c in the USB |
53 | dissector via a malformed USB Request Block (URB) (CVE-2008-4680). |
54 | </li> |
55 | <li> |
56 | Florent Drouin and David Maciejak reported an unspecified vulnerability |
57 | in the Bluetooth RFCOMM dissector (CVE-2008-4681). |
58 | </li> |
59 | <li> |
60 | A malformed Tamos CommView capture file (aka .ncf file) with an |
61 | "unknown/unexpected packet type" triggers a failed assertion in wtap.c |
62 | (CVE-2008-4682). |
63 | </li> |
64 | <li> |
65 | An unchecked packet length parameter in the dissect_btacl() function in |
66 | packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous |
67 | tvb_memcpy() call (CVE-2008-4683). |
68 | </li> |
69 | <li> |
70 | A vulnerability where packet-frame does not properly handle exceptions |
71 | thrown by post dissectors caused by a certain series of packets |
72 | (CVE-2008-4684). |
73 | </li> |
74 | <li> |
75 | Mike Davies reported a use-after-free vulnerability in the |
76 | dissect_q931_cause_ie() function in packet-q931.c in the Q.931 |
77 | dissector via certain packets that trigger an exception |
78 | (CVE-2008-4685). |
79 | </li> |
80 | <li> |
81 | The Security Vulnerability Research Team of Bkis reported that the SMTP |
82 | dissector could consume excessive amounts of CPU and memory |
83 | (CVE-2008-5285). |
84 | </li> |
85 | <li> |
86 | The vendor reported that the WLCCP dissector could go into an infinite |
87 | loop (CVE-2008-6472). |
88 | </li> |
89 | <li> |
90 | babi discovered a buffer overflow in wiretap/netscreen.c via a |
91 | malformed NetScreen snoop file (CVE-2009-0599). |
92 | </li> |
93 | <li> |
94 | A specially crafted Tektronix K12 text capture file can cause an |
95 | application crash (CVE-2009-0600). |
96 | </li> |
97 | <li> |
98 | A format string vulnerability via format string specifiers in the HOME |
99 | environment variable (CVE-2009-0601). |
100 | </li> |
101 | <li>THCX Labs reported a format string vulnerability in the |
102 | PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string |
103 | specifiers in the station name (CVE-2009-1210). |
104 | </li> |
105 | <li>An unspecified vulnerability with unknown impact and attack |
106 | vectors (CVE-2009-1266). |
107 | </li> |
108 | <li> |
109 | Marty Adkins and Chris Maynard discovered a parsing error in the |
110 | dissector for the Check Point High-Availability Protocol (CPHAP) |
111 | (CVE-2009-1268). |
112 | </li> |
113 | <li> |
114 | Magnus Homann discovered a parsing error when loading a Tektronix .rf5 |
115 | file (CVE-2009-1269). |
116 | </li> |
117 | <li>The vendor reported that the PCNFSD dissector could crash |
118 | (CVE-2009-1829).</li> |
119 | </ul> |
120 | </description> |
121 | <impact type="high"> |
122 | <p> |
123 | A remote attacker could exploit these vulnerabilities by sending |
124 | specially crafted packets on a network being monitored by Wireshark or |
125 | by enticing a user to read a malformed packet trace file which can |
126 | trigger a Denial of Service (application crash or excessive CPU and |
127 | memory usage) and possibly allow for the execution of arbitrary code |
128 | with the privileges of the user running Wireshark. |
129 | </p> |
130 | </impact> |
131 | <workaround> |
132 | <p> |
133 | There is no known workaround at this time. |
134 | </p> |
135 | </workaround> |
136 | <resolution> |
137 | <p> |
138 | All Wireshark users should upgrade to the latest version: |
139 | </p> |
140 | <code> |
141 | # emerge --sync |
142 | # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"</code> |
143 | </resolution> |
144 | <references> |
145 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680">CVE-2008-4680</uri> |
146 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681">CVE-2008-4681</uri> |
147 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682">CVE-2008-4682</uri> |
148 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683">CVE-2008-4683</uri> |
149 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684">CVE-2008-4684</uri> |
150 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685">CVE-2008-4685</uri> |
151 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285">CVE-2008-5285</uri> |
152 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472">CVE-2008-6472</uri> |
153 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599">CVE-2009-0599</uri> |
154 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600">CVE-2009-0600</uri> |
155 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601">CVE-2009-0601</uri> |
156 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210">CVE-2009-1210</uri> |
157 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266">CVE-2009-1266</uri> |
158 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268">CVE-2009-1268</uri> |
159 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269">CVE-2009-1269</uri> |
160 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829">CVE-2009-1829</uri> |
161 | </references> |
162 | <metadata tag="submitter" timestamp="Fri, 22 May 2009 11:33:22 +0000"> |
163 | craig |
164 | </metadata> |
165 | <metadata tag="bugReady" timestamp="Mon, 29 Jun 2009 22:09:27 +0000"> |
166 | craig |
167 | </metadata> |
168 | </glsa> |