431572 – <net-analyzer/wireshark-{1.6.10,1.8.2} - multiple vulnerabilities (CVE-2012-{4285,4286,4287,4288,4289,4290,4291,4292,4293,4294,4295,4296,4297,4298})

Bug 431572 - <net-analyzer/wireshark-{1.6.10,1.8.2} - multiple vulnerabilities (CVE-2012-{4285,4286,4287,4288,4289,4290,4291,4292,4293,4294,4295,4296,4297,4298})

Summary: <net-analyzer/wireshark-{1.6.10,1.8.2} - multiple vulnerabilities (CVE-2012-{...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.wireshark.org/docs/relnote...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	CVE-2012-3548
Blocks:	CVE-2012-4048
	Show dependency tree

Reported:	2012-08-15 21:56 UTC by Jeroen Roovers (RETIRED)
Modified:	2013-08-28 11:43 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2012-08-15 21:56:31 UTC

CVE-2012-4285 CVE-2012-4287 CVE-2012-4288 CVE-2012-4294 CVE-2012-4295 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290 CVE-2012-4286 CVE-2012-4298

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2012-08-15 21:58:48 UTC

For <1.6.10 the list is shorter:

CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4296 CVE-2012-4297 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4290

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2012-08-15 21:59:28 UTC

Bumping...

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2012-08-15 22:54:56 UTC

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.10
=net-analyzer/wireshark-1.8.2
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2012-08-17 11:58:50 UTC

CVE-2012-4298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298):
  Integer signedness error in the vwr_read_rec_data_ethernet function in
  wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
  1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
  crafted packet-trace file that triggers a buffer overflow.

CVE-2012-4297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297):
  Buffer overflow in the dissect_gsm_rlcmac_downlink function in
  epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in
  Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers
  to execute arbitrary code via a malformed packet.

CVE-2012-4296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296):
  Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  allows remote attackers to cause a denial of service (CPU consumption) via a
  malformed packet.

CVE-2012-4295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295):
  Array index error in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 might allow remote attackers to cause a denial of service (application
  crash) via a crafted speed (aka rate) value.

CVE-2012-4294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294):
  Buffer overflow in the channelised_fill_sdh_g707_format function in
  epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
  1.8.2 allows remote attackers to execute arbitrary code via a large speed
  (aka rate) value.

CVE-2012-4293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293):
  plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in
  Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
  does not properly handle certain integer fields, which allows remote
  attackers to cause a denial of service (application exit) via a malformed
  packet.

CVE-2012-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292):
  The dissect_stun_message function in epan/dissectors/packet-stun.c in the
  STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 does not properly interact with key-destruction behavior
  in a certain tree library, which allows remote attackers to cause a denial
  of service (application crash) via a malformed packet.

CVE-2012-4291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291):
  The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (memory consumption) via a malformed packet.

CVE-2012-4290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290):
  The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
  and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (loop and CPU consumption) via a malformed packet.

CVE-2012-4289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289):
  epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before
  1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
  to cause a denial of service (loop and CPU consumption) via a large number
  of ACL entries.

CVE-2012-4288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288):
  Integer overflow in the dissect_xtp_ecntl function in
  epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before
  1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
  to cause a denial of service (loop or application crash) via a large value
  for a span length.

CVE-2012-4287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287):
  epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x
  before 1.8.2 allows remote attackers to cause a denial of service (loop and
  CPU consumption) via a small value for a BSON document length.

CVE-2012-4286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286):
  The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng
  file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote
  attackers to cause a denial of service (divide-by-zero error and application
  crash) via a crafted pcap-ng file.

CVE-2012-4285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285):
  The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP
  ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
  1.8.x before 1.8.2 allows remote attackers to cause a denial of service
  (divide-by-zero error and application crash) via a zero-length message.

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2012-08-17 16:29:16 UTC

Stable for HPPA.

Comment 6 Andreas Schürch gentoo-dev

2012-08-21 06:21:45 UTC

x86 done.

Comment 7 Agostino Sarubbo gentoo-dev

2012-08-22 00:04:32 UTC

amd64 stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2012-08-26 15:55:23 UTC

alpha/ia64/sparc stable

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2012-09-05 19:55:54 UTC

Continued in bug #433990.

Comment 10 Sean Amoss (RETIRED) gentoo-dev

2012-09-17 19:10:07 UTC

(In reply to comment #9)
> Continued in bug #433990.

Until an updated ebuild fixing bug #433990 is provided for stabilization, PPC/PPC64 should continue here.

Comment 11 Jeroen Roovers (RETIRED) gentoo-dev

2012-09-18 16:51:09 UTC

Returning to bug #433990

Comment 12 GLSAMaker/CVETool Bot gentoo-dev

2013-08-28 11:43:47 UTC

This issue was resolved and addressed in
 GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).