Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 354197 (CVE-2011-0538) - <net-analyzer/wireshark-1.4.4: multiple vulnerabilities (CVE-2011-{0538,0713,1138,1139,1140,1141,1142,1143})
Summary: <net-analyzer/wireshark-1.4.4: multiple vulnerabilities (CVE-2011-{0538,0713,...
Status: RESOLVED FIXED
Alias: CVE-2011-0538
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://bugs.wireshark.org/bugzilla/s...
Whiteboard: B2 [glsa]
Keywords:
: CVE-2011-0713 (view as bug list)
Depends on:
Blocks: 357237
  Show dependency tree
 
Reported: 2011-02-09 08:12 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2011-10-09 20:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-09 08:12:12 UTC
Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-09 08:13:29 UTC
The crash may be exploitable. There is some updated patch in the upstream bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-03-02 03:41:45 UTC
Wireshark-1.4.4 has been released. This addresses this issue, Bug 355335 (CVE-2011-0713) and three more. Details from http://www.wireshark.org/security/wnpa-sec-2011-04.html:

    * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. (Bug 5652) Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. CVE-2011-0538

    * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a large packet length in a pcap-ng file could crash Wireshark. (Bug 5661) Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

    * Wireshark could overflow a buffer while reading a Nokia DCT3 trace file. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. CVE-2011-0713

    * Paul Makowski working for SEI/CERT discovered that Wireshark on 32 bit systems could crash while reading a malformed 6LoWPAN packet. (Bug 5722) Versions affected: 1.4.0 to 1.4.3.

    * joernchen of Phenoelit discovered that the LDAP and SMB dissectors could overflow the stack. (Bug 5717) Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)

    * Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that large LDAP Filter strings can consume excessive amounts of memory. (Bug 5732) Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.) 

Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-03 07:55:07 UTC
*** Bug 355335 has been marked as a duplicate of this bug. ***
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-03 07:57:52 UTC
The status whiteboard got corrupted at some point, B12 is not a valid rating.
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2011-03-09 14:32:01 UTC
New version is in the tree. Arch teams, please, stabilize wireshark-1.4.4.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2011-03-09 17:11:38 UTC
amd64 done
Comment 7 Agostino Sarubbo gentoo-dev 2011-03-09 18:25:05 UTC
posted:

bug 358097
bug 358099
bug 358101

add as a block if is necessary, Whereas it is a security stabilization

thanks
Comment 8 Thomas Kahle (RETIRED) gentoo-dev 2011-03-10 12:37:02 UTC
x86 done. Thanks.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-10 18:05:32 UTC
Stable for HPPA.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-03-12 11:44:08 UTC
alpha/ia64/sparc stable
Comment 11 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-13 11:23:46 UTC
ppc/ppc64 stable, last arch done
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-03-14 03:06:48 UTC
Thanks, everyone. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-06-14 09:11:09 UTC
CVE-2011-1143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143):
  epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark
  before 1.4.4 allows remote attackers to cause a denial of service (NULL
  pointer dereference and application crash) via a crafted .pcap file.

CVE-2011-1142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142):
  Stack consumption vulnerability in the dissect_ber_choice function in the
  BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4
  might allow remote attackers to cause a denial of service (infinite loop)
  via vectors involving self-referential ASN.1 CHOICE values.

CVE-2011-1141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141):
  epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and
  1.4.0 through 1.4.3 allows remote attackers to cause a denial of service
  (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter
  string containing many elements.

CVE-2011-1140 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140):
  Multiple stack consumption vulnerabilities in the
  dissect_ms_compressed_string and dissect_mscldap_string functions in
  Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote
  attackers to cause a denial of service (infinite recursion) via a crafted
  (1) SMB or (2) Connection-less LDAP (CLDAP) packet.

CVE-2011-1139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139):
  wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3
  allows remote attackers to cause a denial of service (application crash) via
  a pcap-ng file that contains a large packet-length field.

CVE-2011-1138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138):
  Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in
  Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to
  cause a denial of service (application crash) via a malformed 6LoWPAN IPv6
  packet.

CVE-2011-0713 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713):
  Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through
  1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of
  service (application crash) or possibly have unspecified other impact via a
  long record in a Nokia DCT3 trace file.

CVE-2011-0538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538):
  Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an
  uninitialized pointer during processing of a .pcap file in the pcap-ng
  format, which allows remote attackers to cause a denial of service (memory
  corruption) or possibly have unspecified other impact via a malformed file.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:00:57 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:57 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).