Summary: | <net-analyzer/wireshark-{1.6.16,1.8.8} - multiple vulnerabilities (CVE-2013-{4074,4075,4076,4077,4078,4079,4080,4081,4082}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2013-06-09 17:10:41 UTC
No word on an 1.10.1 yet, though the release notes say that 1.10.0 is vulnerable too. Arch teams, please test and mark stable: =net-analyzer/wireshark-1.6.16 =net-analyzer/wireshark-1.8.8 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 alpha stable ia64 stable ppc stable ppc64 stable sparc stable x86 stable amd64 stable Stable for HPPA. CVE-2013-4082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082): The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. CVE-2013-4081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081): The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. CVE-2013-4080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080): The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. CVE-2013-4079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079): The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. CVE-2013-4078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078): epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077): Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. CVE-2013-4076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076): Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075): epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074): The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Thanks for your work, added to existing GLSA draft This issue was resolved and addressed in GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml by GLSA coordinator Sergey Popov (pinkbyte). |