Ubuntu

<wireshark-{1.6.10,1.8.2} - multiple vulnerabilities

Reported by Karma Dorje on 2012-08-16
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gentoo Linux
Fix Released
Medium
wireshark (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

The following vulnerabilities have been fixed.

wnpa-sec-2012-13

The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4285

wnpa-sec-2012-14

The MongoDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7572)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4287

wnpa-sec-2012-15

The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4288

wnpa-sec-2012-16

The ERF dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7563)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4294 CVE-2012-4295

wnpa-sec-2012-17

The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4289

wnpa-sec-2012-18

The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4296

wnpa-sec-2012-19

The GSM RLC MAC dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7561)

Versions affected: 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4297

wnpa-sec-2012-20

The CIP dissector could exhaust system memory. Reported by Ben Schmidt. (Bug 7570)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4291

wnpa-sec-2012-21

The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4292

wnpa-sec-2012-22

The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4293

wnpa-sec-2012-23

The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4290

wnpa-sec-2012-24

The pcap-ng file parser could trigger a zero division. (Bug 7533)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4286

wnpa-sec-2012-25

The Ixia IxVeriWave file parser could overflow a buffer. (Bug 7533)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4298

http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html

CVE-2012-4285 CVE-2012-4287 CVE-2012-4288 CVE-2012-4294 CVE-2012-4295 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290 CVE-2012-4286 CVE-2012-4298

For <1.6.10 the list is shorter:

CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290

Bumping...

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.10
=net-analyzer/wireshark-1.8.2
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Karma Dorje (taaroa) on 2012-08-16
tags: added: upgrade-software-version
Changed in wireshark (Ubuntu):
status: New → Confirmed
Changed in gentoo:
importance: Unknown → Medium
visibility: private → public
Download full text (4.6 KiB)

CVE-2012-4298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298):
  Integer signedness error in the vwr_read_rec_data_ethernet function in
  wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
  1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
  crafted packet-trace file that triggers a buffer overflow.

CVE-2012-4297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297):
  Buffer overflow in the dissect_gsm_rlcmac_downlink function in
  epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in
  Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers
  to execute arbitrary code via a malformed packet.

CVE-2012-4296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296):
  Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  allows remote attackers to cause a denial of service (CPU consumption) via a
  malformed packet.

CVE-2012-4295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295):
  Array index error in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 might allow remote attackers to cause a denial of service (application
  crash) via a crafted speed (aka rate) value.

CVE-2012-4294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294):
  Buffer overflow in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 allows remote attackers to execute arbitrary code via a large speed
  (aka rate) value.

CVE-2012-4293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293):
  plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  does not properly handle certain integer fields, which allows remote
  attackers to cause a denial of service (application exit) via a malformed
  packet.

CVE-2012-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292):
  The dissect_stun_message function in epan/dissectors/packet-stun.c in the
  STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 does not properly interact with key-destruction behavior
  in a certain tree library, which allows remote attackers to cause a denial
  of service (application crash) via a malformed packet.

CVE-2012-4291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291):
  The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (memory consumption) via a malformed packet.

CVE-2012-4290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290):
  The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
  and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (loop and CPU consumption) via a malformed packet.

CVE-2012-4289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289):
  epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before
  1.4.15, 1.6.x before 1.6.10, and 1....

Read more...

Stable for HPPA.

Jeremy Bicha (jbicha) wrote :

This bug was fixed in the package wireshark - 1.8.2-1

---------------
wireshark (1.8.2-1) unstable; urgency=high

  * New upstream release 1.8.2 (skipping 1.8.1 in Debian)
    - release notes:
      http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html
    - security fixes:
      - The PPP dissector could crash (Closes: #680056)(CVE-2012-4048)
      - The NFS dissector could use excessive amounts of CPU (CVE-2012-4049)
      - The DCP ETSI dissector could trigger a zero division. Reported by
         Laurent Butti. (CVE-2012-4285)
      - The MongoDB dissector could go into a large loop. Reported by
  Ben Schmidt. (CVE-2012-4287)
      - The XTP dissector could go into an infinite loop. Reported by
  Ben Schmidt. (CVE-2012-4288)
      - The ERF dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4294 CVE-2012-4295)
      - The AFP dissector could go into a large loop. Reported by
  Stefan Cornelius. (CVE-2012-4289)
      - The RTPS2 dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4296)
      - The GSM RLC MAC dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4297)
      - The CIP dissector could exhaust system memory. Reported by
  Ben Schmidt. (CVE-2012-4291)
      - The STUN dissector could crash. Reported by Laurent Butti.
  (CVE-2012-4292)
      - The EtherCAT Mailbox dissector could abort. Reported by
  Laurent Butti. (CVE-2012-4293)
      - The CTDB dissector could go into a large loop. Reported by
  Ben Schmidt. (CVE-2012-4290)
      - The pcap-ng file parser could trigger a zero division (CVE-2012-4286)
      - The Ixia IxVeriWave file parser could overflow a buffer
  (CVE-2012-4298)

 -- Balint Reczey <email address hidden> Sun, 19 Aug 2012 14:30:56 +0200

Changed in wireshark (Ubuntu):
status: Confirmed → Fix Released

x86 done.

In , J-ago (j-ago) wrote :

amd64 stable

alpha/ia64/sparc stable

(In reply to comment #9)
> Continued in bug #433990.

Until an updated ebuild fixing bug #433990 is provided for stabilization, PPC/PPC64 should continue here.

This issue was resolved and addressed in
 GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).

Changed in gentoo:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.