Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 215276 (CVE-2008-1561) - net-analyzer/wireshark <1.0.0 Multiple DoS issues (CVE-2008-{1561,1562,1563})
Summary: net-analyzer/wireshark <1.0.0 Multiple DoS issues (CVE-2008-{1561,1562,1563})
Status: RESOLVED FIXED
Alias: CVE-2008-1561
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-29 01:42 UTC by Robert Buchholz (RETIRED)
Modified: 2008-07-09 21:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-29 01:42:26 UTC 
Name: Multiple problems in Wireshark®versions 0.99.2 to 0.99.8

Docid: wnpa-sec-2008-02

Date: March 31, 2008

Versions affected: 0.99.2 up to and including 0.99.8
Details
Description

Wireshark 1.0.0 fixes the following vulnerabilities:

    * The X.509sat dissector could crash. (Bug 2329)
      Versions affected: 0.99.5 to 0.99.8
    * The Roofnet dissector could crash on Windows, Solaris, and other platforms. (Bug 2331)
      Versions affected: 0.99.5 to 0.99.8
    * The LDAP dissector could crash on Windows and other platforms. (Bug 1613)
      Versions affected: 0.99.2 to 0.99.8
    * The SCCP dissector could crash while using the "decode as" feature. (Bug 2392)
      Versions affected: 0.99.6 to 0.99.8 

Impact

It may be possible to make Wireshark crashby injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.0.0 or later.
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2008-03-31 09:49:57 UTC 
1.0 is out
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-01 19:53:30 UTC 
Arches, please test and mark stable:
=net-analyzer/wireshark-1.0.0
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
Comment 3 Richard Freeman gentoo-dev 2008-04-02 01:44:50 UTC 
amd64 stable
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2008-04-02 07:58:42 UTC 
x86 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-02 13:29:06 UTC 
alpha/ia64/sparc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-02 16:06:17 UTC 
Stable for HPPA.
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2008-04-02 17:30:54 UTC 
ppc64 stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-03 18:26:46 UTC 
ppc stable
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-04-03 22:43:42 UTC 
GLSA vote.
Comment 10 Peter Volkov (RETIRED) gentoo-dev 2008-04-04 04:51:36 UTC 
Fixed in release snapshot.
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-12 13:55:31 UTC 
only a DoS, but since we issued GLSAs for wireshark DoS before, we should probably issue one again

-> (half) yes
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 16:42:43 UTC 
I'd consider wireshark more A then B, so I'm also in for a YES.
Comment 13 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-29 13:12:16 UTC 
GLSA request filed
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-09 21:31:28 UTC 
this was GLSA 200805-05.