494612 – (CVE-2013-7112) <net-analyzer/wireshark-{1.8.12,1.10.5} - multiple vulnerabilities (CVE-2013-{7112,7113,7114})

Bug 494612 (CVE-2013-7112) - <net-analyzer/wireshark-{1.8.12,1.10.5} - multiple vulnerabilities (CVE-2013-{7112,7113,7114})

Summary: <net-analyzer/wireshark-{1.8.12,1.10.5} - multiple vulnerabilities (CVE-2013-...

Status:	RESOLVED FIXED

Alias:	CVE-2013-7112

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-12-18 07:16 UTC by Jeroen Roovers (RETIRED)
Modified:	2014-02-28 07:47 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2013-12-18 07:16:50 UTC

1.8.12:
 The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2013-66
       The SIP dissector could go into an infinite loop.
       Discovered by Alain Botti. ([2]Bug 9388)
       Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
       [3]CVE-2013-7112
     * [4]wnpa-sec-2013-68
       The NTLMSSP v2 dissector could crash. Discovered by Garming
       Sam. ([5]Bug 9488)
       Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
       [6]CVE-2013-7114

1.10.4:
   The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2013-66
       The SIP dissector could go into an infinite loop.
       Discovered by Alain Botti. ([2]Bug 9388)
       Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
       [3]CVE-2013-7112
     * [4]wnpa-sec-2013-67
       The BSSGP dissector could crash. Discovered by Laurent
       Butti. ([5]Bug 9488)
       Versions affected: 1.10.0 to 1.10.3
       [6]CVE-2013-7113
     * [7]wnpa-sec-2013-68
       The NTLMSSP v2 dissector could crash. Discovered by Garming
       Sam.
       Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
       [8]CVE-2013-7114

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2013-12-18 07:22:33 UTC

1.8.12: http://www.wireshark.org/lists/wireshark-announce/201312/msg00001.html
1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2013-12-18 08:18:12 UTC

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.8.12
=net-analyzer/wireshark-1.10.4
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2013-12-19 13:57:35 UTC

Stable for HPPA.

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2013-12-20 12:50:24 UTC

1.10.4 appears to be somewhat problematic[1]. Let's go for 1.10.5 instead.


Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.8.12
=net-analyzer/wireshark-1.10.5
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86


[1] http://www.wireshark.org/lists/wireshark-announce/201312/msg00002.html

Comment 5 Agostino Sarubbo gentoo-dev

2013-12-21 13:55:35 UTC

ppc stable

Comment 6 Agostino Sarubbo gentoo-dev

2013-12-21 14:18:00 UTC

ppc64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2013-12-21 14:21:44 UTC

alpha stable

Comment 8 Agostino Sarubbo gentoo-dev

2013-12-23 11:50:56 UTC

amd64 stable

Comment 9 Agostino Sarubbo gentoo-dev

2013-12-23 11:52:05 UTC

x86 stable

Comment 10 Agostino Sarubbo gentoo-dev

2013-12-23 11:56:00 UTC

sparc stable

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2013-12-25 20:28:36 UTC

CVE-2013-7114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7114):
  Multiple buffer overflows in the create_ntlmssp_v2_key function in
  epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark
  1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause
  a denial of service (application crash) via a long domain name in a packet.

CVE-2013-7113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7113):
  epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x
  before 1.10.4 incorrectly relies on a global variable, which allows remote
  attackers to cause a denial of service (application crash) via a crafted
  packet.

CVE-2013-7112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7112):
  The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP
  dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not
  check for empty lines, which allows remote attackers to cause a denial of
  service (infinite loop) via a crafted packet.

Comment 12 Agostino Sarubbo gentoo-dev

2014-01-12 13:17:43 UTC

ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 13 Sergey Popov gentoo-dev

2014-02-27 14:05:18 UTC

Thanks for your work!

GLSA vote: no

Comment 14 Mikle Kolyada (RETIRED) archtester

2014-02-28 07:47:36 UTC

GLSA vote: no.

Closing as [noglsa].