Gentoo Linux Security Advisory 200906-5

Gentoo Linux Security Advisory 200906-5: Posted Jun 30, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200906-05 - Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Versions less than 1.0.8 are affected.; tags | advisory, remote, denial of service, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600, CVE-2009-0601, CVE-2009-1210, CVE-2009-1266, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829; SHA-256 | 9abde179ffa8459df73612ef3e6e15cda0281f1ff048ad416110dc49dcd432bf; Download | Favorite | View

Gentoo Linux Security Advisory 200906-5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200906-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Wireshark: Multiple vulnerabilities
      Date: June 30, 2009
      Bugs: #242996, #248425, #258013, #264571, #271062
        ID: 200906-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Wireshark which allow
for Denial of Service (application crash) or remote code execution.

Background
==========

Wireshark is a versatile network protocol analyzer.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /  Vulnerable  /               Unaffected
    -------------------------------------------------------------------
  1  net-analyzer/wireshark       < 1.0.8                     >= 1.0.8

Description
===========

Multiple vulnerabilities have been discovered in Wireshark:

* David Maciejak discovered a vulnerability in packet-usb.c in the
  USB dissector via a malformed USB Request Block (URB)
  (CVE-2008-4680).

* Florent Drouin and David Maciejak reported an unspecified
  vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681).

* A malformed Tamos CommView capture file (aka .ncf file) with an
  "unknown/unexpected packet type" triggers a failed assertion in
  wtap.c (CVE-2008-4682).

* An unchecked packet length parameter in the dissect_btacl()
  function in packet-bthci_acl.c in the Bluetooth ACL dissector causes
  an erroneous tvb_memcpy() call (CVE-2008-4683).

* A vulnerability where packet-frame does not properly handle
  exceptions thrown by post dissectors caused by a certain series of
  packets (CVE-2008-4684).

* Mike Davies reported a use-after-free vulnerability in the
  dissect_q931_cause_ie() function in packet-q931.c in the Q.931
  dissector via certain packets that trigger an exception
  (CVE-2008-4685).

* The Security Vulnerability Research Team of Bkis reported that the
  SMTP dissector could consume excessive amounts of CPU and memory
  (CVE-2008-5285).

* The vendor reported that the WLCCP dissector could go into an
  infinite loop (CVE-2008-6472).

* babi discovered a buffer overflow in wiretap/netscreen.c via a
  malformed NetScreen snoop file (CVE-2009-0599).

* A specially crafted Tektronix K12 text capture file can cause an
  application crash (CVE-2009-0600).

* A format string vulnerability via format string specifiers in the
  HOME environment variable (CVE-2009-0601).

* THCX Labs reported a format string vulnerability in the
  PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format
  string specifiers in the station name (CVE-2009-1210).

* An unspecified vulnerability with unknown impact and attack vectors
  (CVE-2009-1266).

* Marty Adkins and Chris Maynard discovered a parsing error in the
  dissector for the Check Point High-Availability Protocol (CPHAP)
  (CVE-2009-1268).

* Magnus Homann discovered a parsing error when loading a Tektronix
  .rf5 file (CVE-2009-1269).

* The vendor reported that the PCNFSD dissector could crash
  (CVE-2009-1829).

Impact
======

A remote attacker could exploit these vulnerabilities by sending
specially crafted packets on a network being monitored by Wireshark or
by enticing a user to read a malformed packet trace file which can
trigger a Denial of Service (application crash or excessive CPU and
memory usage) and possibly allow for the execution of arbitrary code
with the privileges of the user running Wireshark.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Wireshark users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"

References
==========

  [ 1 ] CVE-2008-4680
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680
  [ 2 ] CVE-2008-4681
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681
  [ 3 ] CVE-2008-4682
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682
  [ 4 ] CVE-2008-4683
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683
  [ 5 ] CVE-2008-4684
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684
  [ 6 ] CVE-2008-4685
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685
  [ 7 ] CVE-2008-5285
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285
  [ 8 ] CVE-2008-6472
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472
  [ 9 ] CVE-2009-0599
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599
  [ 10 ] CVE-2009-0600
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600
  [ 11 ] CVE-2009-0601
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601
  [ 12 ] CVE-2009-1210
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
  [ 13 ] CVE-2009-1266
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266
  [ 14 ] CVE-2009-1268
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268
  [ 15 ] CVE-2009-1269
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
  [ 16 ] CVE-2009-1829
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200906-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Gentoo Linux Security Advisory 200906-5

Gentoo Linux Security Advisory 200906-5

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 200906-5

Share This

Gentoo Linux Security Advisory 200906-5

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems