[Need fake sync] a lot vulnerabilities buffer overflow crash ddos
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wireshark (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Won't Fix
|
High
|
Unassigned | ||
Quantal |
Won't Fix
|
High
|
Unassigned | ||
Saucy |
Won't Fix
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Patricia Mathis |
Bug Description
Requires updating. There are vulnerabilities:
CVE links:
http://
http://
http://
http://
Others links
https:/
https:/
https:/
https:/
Information extracted from the changelogs, affecting Quantal, Precise and Saucy:
- The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (CVE-2013-7112)
- The BSSGP dissector could crash. Discovered by Laurent Butti. (CVE-2013-7113)
- The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. (CVE-2013-7114)
- The IEEE 802.15.4 dissector could crash. (CVE-2013-6336)
- The NBAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-6337)
- The SIP dissector could crash. (CVE-2013-6338)
- The OpenWire dissector could go into a large loop. Discovered by Murali. (CVE-2013-6339)
- The TCP dissector could crash. (CVE-2013-6340)
-------
Affecting Quantal and Precise:
- NBAP dissector could crash. Discovered by Laurent Butti. (No assigned CVE number)
- The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (No assigned CVE number)
- The LDAP dissector could crash. (No assigned CVE number)
- The Netmon file parser could crash. Discovered by G. Geshev.
- The DVB-CI dissector could crash. Discovered by Laurent Butti. (CVE-2013-4930)
- The GSM A Common dissector could crash. (CVE-2013-4932)
- The Netmon file parser could crash. Discovered by G. Geshev. (CVE-2013-4933, CVE-2013-4934)
- The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka. (CVE-2013-4935)
- The CAPWAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4074)
- The GMR-1 BCCH dissector could crash. Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075)
- The PPP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4076)
- The NBAP dissector could crash. (CVE-2013-4077)
- The RDP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4078)
- The HTTP dissector could overrun the stack. (CVE-2013-4081)
- The Ixia IxVeriWave file parser could overflow the heap. Discovered by Sachin Shinde. (CVE-2013-4082)
- The DCP ETSI dissector could crash. (CVE-2013-4083)
- The GTPv2 dissector could crash (CVE-2013-3555)
- The ASN.1 BER dissector could crash (CVE-2013-3557)
- The PPP CCP dissector could crash (CVE-2013-3558)
- The DCP ETSI dissector could crash. Discovered by Evan Jensen. (CVE-2013-3559)
- The MPEG DSM-CC dissector could crash. (CVE-2013-3560)
- The Websocket dissector could crash. Discovered by Moshe Kaplan. (CVE-2013-3562)
- The TCP dissector could crash (CVE-2013-2475)
- The CSN.1 dissector could crash. Discovered by Laurent Butti. (CVE-2013-2477)
- MMS dissector could crash. Discovered by Laurent Butti. (CVE-2013-2478)
- The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (CVE-2013-2480)
- The Mount dissector could crash. Discovered by Alyssa Milburn. (CVE-2013-2481)
- The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (CVE-2013-2483)
- The CIMD dissector could crash. Discovered by Moshe Kaplan. (CVE-2013-2484)
- The DTLS dissector could crash. Discovered by Laurent Butti. (CVE-2013-2488)
- The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team (CVE-2013-1582)
- The DTN dissector could crash (CVE-2013-1583, CVE-2013-1584)
- The MS-MMC dissector (and possibly others) could crash (CVE-2013-1585)
- The DTLS dissector could crash. Discovered by Laurent Butti. (CVE-2013-1586)
- The ROHC dissector could crash (CVE-2013-1587)
- The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (CVE-2013-1588)
- The Wireshark dissection engine could crash. Discovered by Laurent Butti.
- The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar. (CVE-2013-1590)
information type: | Private Security → Public Security |
summary: |
- [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos + [Need fake sync] a lot vulnerabilities buffer overflow crash ddos |
description: | updated |
Changed in wireshark (Ubuntu Quantal): | |
status: | New → Won't Fix |
Changed in wireshark (Ubuntu Trusty): | |
assignee: | nobody → Patricia Mathis (pmathis9806) |
The update that corrects this was added to unstable http:// metadata. ftp-master. debian. org/changelogs/ /main/w/ wireshark/ wireshark_ 1.10.6- 1_changelog . Maybe when migrate to testing, ubuntu copy it from there to trusty. I do not think to update this package in previous versions of ubuntu.
I could not taste the binary debian unstable, because I use precise and some dependencies are not met. https:/ /packages. debian. org/source/ sid/wireshark
I downloaded the sources of the current version of the package and the new 1.10.6-1 and make a patch with debdiff. Maybe help.