Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 144946 - net-analyzer/wireshark Multiple vulnerabilities (CVE-2006-433{0-3})
Summary: net-analyzer/wireshark Multiple vulnerabilities (CVE-2006-433{0-3})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B2? [glsa] jaervosz
Keywords:
: 145005 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-08-24 02:13 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-09-07 12:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-24 02:13:09 UTC
Summary
Name: Multiple problems in Wireshark (Ethereal
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-24 02:13:09 UTC
Summary
Name: Multiple problems in Wireshark (Ethereal®) versions 0.7.9 to 0.99.2
Docid: wnpa-sec-2006-02
Date: July 17, 2006
Versions affected: 0.7.9 up to and including 0.99.2 
Details
Description
 Wireshark 0.99.3 fixes the following vulnerabilities: 
 The SCSI dissector could crash.   Versions affected: 0.99.2. 
 If Wireshark was compiled with ESP decryption support, the IPsec ESP preference parser was susceptible to off-by-one errors.   Versions affected: 0.99.2. 
 The DHCP dissector (and possibly others) in the Windows version of Wireshark could trigger a bug in Glib and crash.    Versions affected: 0.10.13 - 0.99.2. 
 If the SSCOP dissector has a port range configured and the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default.   Versions affected: 0.7.9 - 0.99.2. 
Impact
 It may be possible to make Wireshark or Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. 
Resolution
 Upgrade to Wireshark 0.99.3.
 If are running Wireshark 0.99.2 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following: 
Disable the SCSI and Q.2931 dissectors. If you're running Wireshark under Windows, disable the DHCP dissector. 
Select Analyze→Enabled Protocols... from the menu. 
Make sure "SCSI", "Q.2931", and "BOOTP/DHCP" (if needed) are un-checked. 
Click "Save", then click "OK". 
If your copy of Wireshark has ESP decryption compiled in, make sure it's disabled. 
Select Edit→Preferences, then Protocols→ESP from the menu. 
Make sure "Attempt to detect/decode encrypted ESP payloads" is un-checked.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-24 02:14:03 UTC
netmon please advise and patch as necessary.
Comment 3 Daniel Black (RETIRED) gentoo-dev 2006-08-24 04:32:42 UTC
wireshark-0.99.3 added for security happiness.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2006-08-24 05:59:56 UTC
ppc64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2006-08-24 06:02:28 UTC
    1) please give version number in summary (at least you have category :)
    2) emerges fine
    3) passes collision test
    4) works

    Portage 2.1-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-gentoo-r4 i686)
    =================================================================
    System uname: 2.6.17-gentoo-r4 i686 AMD Athlon(tm) XP 2500+
    Gentoo Base System version 1.12.4
    app-admin/eselect-compiler: [Not Present]
    dev-lang/python:     2.4.3-r1
    dev-python/pycrypto: 2.0.1-r5
    dev-util/ccache:     [Not Present]
    dev-util/confcache:  [Not Present]
    sys-apps/sandbox:    1.2.17
    sys-devel/autoconf:  2.13, 2.59-r7
    sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
    sys-devel/binutils:  2.16.1-r3
    sys-devel/gcc-config: 1.3.13-r3
    sys-devel/libtool:   1.5.22
    virtual/os-headers:  2.6.11-r2
    ACCEPT_KEYWORDS="x86"
    AUTOCLEAN="yes"
    CBUILD="i686-pc-linux-gnu"
    CFLAGS="-O2"
    CHOST="i686-pc-linux-gnu"
    CONFIG_PROTECT="/etc /usr/share/X11/xkb"
    CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
    CXXFLAGS="-O2"
    DISTDIR="/usr/portage/distfiles"
    FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
    GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
    LANG="de_DE@euro"
    LC_ALL="de_DE@euro"
    LINGUAS="de"
    MAKEOPTS="-j2"
    PKGDIR="/usr/portage/packages"
    PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
    PORTAGE_TMPDIR="/var/tmp"
    PORTDIR="/usr/portage"
    PORTDIR_OVERLAY="/usr/local/portage"
    SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
    USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile avi bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox foomaticdb fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k ldap leim libg++ libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_radeon video_cards_vesa video_cards_fbdev"
    Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-08-24 09:45:29 UTC
ppc stable
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-24 10:13:29 UTC
SCSI dissector - CVE-2006-4330

ESP decryption - CVE-2006-4331

DHCP dissector - CVE-2006-4332

SSCOP dissector - CVE-2006-4333
Comment 8 Carsten Lohrke (RETIRED) gentoo-dev 2006-08-24 13:28:11 UTC
*** Bug 145005 has been marked as a duplicate of this bug. ***
Comment 9 Markus Meier gentoo-dev 2006-08-24 13:57:39 UTC
compiles on x86 with USE="gtk ipv6 ssl"
passes collision-test
seems to work fine

emerge --info
Portage 2.1-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17.6 i686)
=================================================================
System uname: 2.6.17.6 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.4
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.3.5-r2, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal /usr/local/portage/testing"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 apm avi bash-completion berkdb bitmap-fonts bzip2 cdr cli crypt css cups dbus divx4linux dlloader dri dts dvd dvdr dvdread emboss exif ffmpeg firefox font-server foomaticdb fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal imlib ipv6 isdnlog java jpeg kde kdeenablefinal libclamav libg++ libwww logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3 mpeg ncurses network nls nptl nvidia oav ogg opengl oss pam pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb vcd vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_en linguas_de linguas_en_GB userland_GNU video_cards_nv video_cards_none"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 Jason Wever (RETIRED) gentoo-dev 2006-08-24 20:03:39 UTC
SPARC stable
Comment 11 Andrej Kacian (RETIRED) gentoo-dev 2006-08-25 03:04:55 UTC
x86 done
Comment 12 Olivier Crete (RETIRED) gentoo-dev 2006-08-25 06:53:26 UTC
amd64 stable
Comment 13 Bryan Østergaard (RETIRED) gentoo-dev 2006-08-25 08:34:41 UTC
Alpha stable.
Comment 14 Daniel Black (RETIRED) gentoo-dev 2006-08-25 16:59:55 UTC
sorry hppa folk - seem to have accidently dropped you.

http://www.wireshark.org/security/wnpa-sec-2006-02.html

wrt to B2 - if this is due is arbitrary code execution (due to ESP vulnerabilty) it is more likely a B0 as the injection of data over a network doesn't require social engineering for the exploit, it just requires the user to be running wireshark in capture mode (typically as root).

Hopefully the warnings in pkg_postinst have made some people take precautions.

FYI 0.99.3 is the same as 0.99.3a in content on wireshark's website. I just happened to fix their release before they did.
Comment 15 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-26 07:54:13 UTC
Sune are you sure about your CVE ids? 
("ERROR: Couldn't find 'CVE-2006-4330'")

btw the DHCP crash is for windows versions only.

(In reply to comment #6)
> SCSI dissector - CVE-2006-4330
> 
> ESP decryption - CVE-2006-4331
> 
> DHCP dissector - CVE-2006-4332
> 
> SSCOP dissector - CVE-2006-4333
> 

Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2006-08-27 10:52:35 UTC
HPPA done (by killerfox).
Comment 17 Jeroen Roovers (RETIRED) gentoo-dev 2006-08-27 12:15:27 UTC
Really done
Comment 18 Bryan Østergaard (RETIRED) gentoo-dev 2006-08-29 12:09:11 UTC
ia64 stable.
Comment 19 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-31 10:05:59 UTC
GLSA 200608-26 sent but does not appear on some gentoo-announce recipients...
Comment 20 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-09-05 06:47:40 UTC
Falco, same as the other one. I think we should close or resend.
Comment 21 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-09-07 12:02:28 UTC
i'll send them separately this time.

GLSA-200608-26 resent to gentoo-announce@gentoo.org
Comment 22 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-09-07 12:13:51 UTC
and closing