[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UOAE9-0006xV-60@titan.mandriva.com>
Date: Fri, 05 Apr 2013 19:15:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:055 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:055
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : wireshark
Date : April 5, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in wireshark:
Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE
802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent
Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html
[CVE-2012-2392])
The DIAMETER dissector could try to allocate memory improperly
and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html
[CVE-2012-2393])
Wireshark could crash on SPARC processors due to
misaligned memory. Discovered by Klaus Heckelmann
(http://www.wireshark.org/security/wnpa-sec-2012-10.html
[CVE-2012-2394])
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
service (invalid pointer dereference and application crash) via a
crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
attackers to cause a denial of service (loop and CPU consumption)
via a crafted packet (CVE-2012-4049).
The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
The XTP dissector could go into an infinite loop (CVE-2012-4288).
The AFP dissector could go into a large loop (CVE-2012-4289).
The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
The CIP dissector could exhaust system memory (CVE-2012-4291).
The STUN dissector could crash (CVE-2012-4292).
The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
The CTDB dissector could go into a large loop (CVE-2012-4290).
Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239).
The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)
The ISAKMP dissector could crash. (wnpa-sec-2012-35)
The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)
The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)
The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)
The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP
dissectors (wnpa-sec-2013-01).
The CLNP dissector could crash (wnpa-sec-2013-02).
The DTN dissector could crash (wnpa-sec-2013-03).
The MS-MMC dissector (and possibly others) could crash
(wnpa-sec-2013-04).
The DTLS dissector could crash (wnpa-sec-2013-05).
The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).
The Wireshark dissection engine could crash (wnpa-sec-2013-08).
The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).
The sFlow dissector could go into an infinite loop (CVE-2012-6054).
The SCTP dissector could go into an infinite loop (CVE-2012-6056).
The MS-MMS dissector could crash (CVE-2013-2478).
The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).
The Mount dissector could crash (CVE-2013-2481).
The AMPQ dissector could go into an infinite loop (CVE-2013-2482).
The ACN dissector could attempt to divide by zero (CVE-2013-2483).
The CIMD dissector could crash (CVE-2013-2484).
The FCSP dissector could go into an infinite loop (CVE-2013-2485).
The DTLS dissector could crash (CVE-2013-2488).
This advisory provides the latest version of Wireshark (1.6.14)
which is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2488
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0134
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0210
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0226
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0284
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0348
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0034
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0090
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
1817d98ba604d0b8347bf9ef5d7ddf00 mbs1/x86_64/dumpcap-1.6.14-1.mbs1.x86_64.rpm
a5319dbd9c47629f4fb6797f313dfcf5 mbs1/x86_64/lib64wireshark1-1.6.14-1.mbs1.x86_64.rpm
c0bb6476540803d16355bb9006179b1d mbs1/x86_64/lib64wireshark-devel-1.6.14-1.mbs1.x86_64.rpm
e0b9fede48c4c4db36b22814477cfaa4 mbs1/x86_64/rawshark-1.6.14-1.mbs1.x86_64.rpm
4de1571d4b7a2cf3daea452a2d46ed78 mbs1/x86_64/tshark-1.6.14-1.mbs1.x86_64.rpm
1c3a0948612798f471d1bb6a5a9e3620 mbs1/x86_64/wireshark-1.6.14-1.mbs1.x86_64.rpm
88fea6e5203d3d0c8f38ebf9a82ae5d4 mbs1/x86_64/wireshark-tools-1.6.14-1.mbs1.x86_64.rpm
e915fb3656c689705b86ab93896a5da9 mbs1/SRPMS/wireshark-1.6.14-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRXtyXmqjQ0CJFipgRAgMzAKDwwytA+3WgVuter5KJQGZRRrYcTgCgtfRQ
XHymwS7GufNjxMJpVxFzcvM=
=46Zu
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists