Wireshark: Multiple vulnerabilities
Security Team
Contact Address
Updated June 30, 20091.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200906-05 / wireshark |
| Release Date |
June 30, 2009 |
| Latest Revision |
June 30, 2009: 02 |
| Impact |
high |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| net-analyzer/wireshark |
<
1.0.8 |
>=
1.0.8 |
All supported architectures
|
Related bugreports:
#242996, #248425, #258013, #264571, #271062
Synopsis
Multiple vulnerabilities have been discovered in Wireshark which allow for
Denial of Service or remote code execution.
2.
Impact Information
Background
Wireshark is a versatile network protocol analyzer.
Description
Multiple vulnerabilities have been discovered in Wireshark:
-
David Maciejak discovered a vulnerability in packet-usb.c in the USB
dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
-
Florent Drouin and David Maciejak reported an unspecified vulnerability
in the Bluetooth RFCOMM dissector (CVE-2008-4681).
-
A malformed Tamos CommView capture file (aka .ncf file) with an
"unknown/unexpected packet type" triggers a failed assertion in wtap.c
(CVE-2008-4682).
-
An unchecked packet length parameter in the dissect_btacl() function in
packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous
tvb_memcpy() call (CVE-2008-4683).
-
A vulnerability where packet-frame does not properly handle exceptions
thrown by post dissectors caused by a certain series of packets
(CVE-2008-4684).
-
Mike Davies reported a use-after-free vulnerability in the
dissect_q931_cause_ie() function in packet-q931.c in the Q.931
dissector via certain packets that trigger an exception
(CVE-2008-4685).
-
The Security Vulnerability Research Team of Bkis reported that the SMTP
dissector could consume excessive amounts of CPU and memory
(CVE-2008-5285).
-
The vendor reported that the WLCCP dissector could go into an infinite
loop (CVE-2008-6472).
-
babi discovered a buffer overflow in wiretap/netscreen.c via a
malformed NetScreen snoop file (CVE-2009-0599).
-
A specially crafted Tektronix K12 text capture file can cause an
application crash (CVE-2009-0600).
-
A format string vulnerability via format string specifiers in the HOME
environment variable (CVE-2009-0601).
- THCX Labs reported a format string vulnerability in the
PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string
specifiers in the station name (CVE-2009-1210).
- An unspecified vulnerability with unknown impact and attack vectors
(CVE-2009-1266).
-
Marty Adkins and Chris Maynard discovered a parsing error in the
dissector for the Check Point High-Availability Protocol (CPHAP)
(CVE-2009-1268).
-
Magnus Homann discovered a parsing error when loading a Tektronix .rf5
file (CVE-2009-1269).
- The vendor reported that the PCNFSD dissector could crash
(CVE-2009-1829).
Impact
A remote attacker could exploit these vulnerabilities by sending
specially crafted packets on a network being monitored by Wireshark or
by enticing a user to read a malformed packet trace file which can
trigger a Denial of Service (application crash or excessive CPU and
memory usage) and possibly allow for the execution of arbitrary code
with the privileges of the user running Wireshark.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All Wireshark users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"
|
4.
References