Ubuntu
wireshark package

<wireshark-{1.6.10,1.8.2} - multiple vulnerabilities

Bug #1037434 reported by Karma Dorje
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gentoo Linux
Fix Released
Medium
wireshark (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned

Bug Description

The following vulnerabilities have been fixed.

wnpa-sec-2012-13

The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4285

wnpa-sec-2012-14

The MongoDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7572)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4287

wnpa-sec-2012-15

The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4288

wnpa-sec-2012-16

The ERF dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7563)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4294 CVE-2012-4295

wnpa-sec-2012-17

The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4289

wnpa-sec-2012-18

The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4296

wnpa-sec-2012-19

The GSM RLC MAC dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7561)

Versions affected: 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4297

wnpa-sec-2012-20

The CIP dissector could exhaust system memory. Reported by Ben Schmidt. (Bug 7570)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4291

wnpa-sec-2012-21

The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4292

wnpa-sec-2012-22

The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4293

wnpa-sec-2012-23

The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573)

Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.

CVE-2012-4290

wnpa-sec-2012-24

The pcap-ng file parser could trigger a zero division. (Bug 7533)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4286

wnpa-sec-2012-25

The Ixia IxVeriWave file parser could overflow a buffer. (Bug 7533)

Versions affected: 1.8.0 to 1.8.1.

CVE-2012-4298

http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

CVE-2012-4285 CVE-2012-4287 CVE-2012-4288 CVE-2012-4294 CVE-2012-4295 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290 CVE-2012-4286 CVE-2012-4298

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

For <1.6.10 the list is shorter:

CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

Bumping...

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.10
=net-analyzer/wireshark-1.8.2
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Karma Dorje (taaroa)
tags: added: upgrade-software-version
Changed in wireshark (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gentoo:
importance: Unknown → Medium
Jamie Strandboge (jdstrand)
visibility: private → public
Revision history for this message
In , Glsamaker (glsamaker) wrote :
Download full text (4.6 KiB)

CVE-2012-4298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298):
  Integer signedness error in the vwr_read_rec_data_ethernet function in
  wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
  1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
  crafted packet-trace file that triggers a buffer overflow.

CVE-2012-4297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297):
  Buffer overflow in the dissect_gsm_rlcmac_downlink function in
  epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in
  Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers
  to execute arbitrary code via a malformed packet.

CVE-2012-4296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296):
  Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  allows remote attackers to cause a denial of service (CPU consumption) via a
  malformed packet.

CVE-2012-4295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295):
  Array index error in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 might allow remote attackers to cause a denial of service (application
  crash) via a crafted speed (aka rate) value.

CVE-2012-4294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294):
  Buffer overflow in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 allows remote attackers to execute arbitrary code via a large speed
  (aka rate) value.

CVE-2012-4293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293):
  plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  does not properly handle certain integer fields, which allows remote
  attackers to cause a denial of service (application exit) via a malformed
  packet.

CVE-2012-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292):
  The dissect_stun_message function in epan/dissectors/packet-stun.c in the
  STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 does not properly interact with key-destruction behavior
  in a certain tree library, which allows remote attackers to cause a denial
  of service (application crash) via a malformed packet.

CVE-2012-4291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291):
  The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (memory consumption) via a malformed packet.

CVE-2012-4290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290):
  The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
  and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (loop and CPU consumption) via a malformed packet.

CVE-2012-4289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289):
  epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before
  1.4.15, 1.6.x before 1.6.10, and 1....

Read more...

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

Stable for HPPA.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

This bug was fixed in the package wireshark - 1.8.2-1

---------------
wireshark (1.8.2-1) unstable; urgency=high

  * New upstream release 1.8.2 (skipping 1.8.1 in Debian)
    - release notes:
      http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html
    - security fixes:
      - The PPP dissector could crash (Closes: #680056)(CVE-2012-4048)
      - The NFS dissector could use excessive amounts of CPU (CVE-2012-4049)
      - The DCP ETSI dissector could trigger a zero division. Reported by
         Laurent Butti. (CVE-2012-4285)
      - The MongoDB dissector could go into a large loop. Reported by
  Ben Schmidt. (CVE-2012-4287)
      - The XTP dissector could go into an infinite loop. Reported by
  Ben Schmidt. (CVE-2012-4288)
      - The ERF dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4294 CVE-2012-4295)
      - The AFP dissector could go into a large loop. Reported by
  Stefan Cornelius. (CVE-2012-4289)
      - The RTPS2 dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4296)
      - The GSM RLC MAC dissector could overflow a buffer. Reported by
  Laurent Butti. (CVE-2012-4297)
      - The CIP dissector could exhaust system memory. Reported by
  Ben Schmidt. (CVE-2012-4291)
      - The STUN dissector could crash. Reported by Laurent Butti.
  (CVE-2012-4292)
      - The EtherCAT Mailbox dissector could abort. Reported by
  Laurent Butti. (CVE-2012-4293)
      - The CTDB dissector could go into a large loop. Reported by
  Ben Schmidt. (CVE-2012-4290)
      - The pcap-ng file parser could trigger a zero division (CVE-2012-4286)
      - The Ixia IxVeriWave file parser could overflow a buffer
  (CVE-2012-4298)

 -- Balint Reczey <email address hidden> Sun, 19 Aug 2012 14:30:56 +0200

Changed in wireshark (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
In , Nativemad (nativemad) wrote :

x86 done.

Revision history for this message
In , J-ago (j-ago) wrote :

amd64 stable

Revision history for this message
In , Raúl Porcel (armin76) wrote :

alpha/ia64/sparc stable

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

Continued in bug #433990.

Revision history for this message
In , Ackle (ackle) wrote :

(In reply to comment #9)
> Continued in bug #433990.

Until an updated ebuild fixing bug #433990 is provided for stabilization, PPC/PPC64 should continue here.

Revision history for this message
In , Jeroen Roovers (jer-gentoo) wrote :

Returning to bug #433990

Revision history for this message
In , Glsamaker (glsamaker) wrote :

This issue was resolved and addressed in
 GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).

Bug Watch Updater (bug-watch-updater)
Changed in gentoo:
status: Unknown → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in wireshark (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.