369683 – (CVE-2011-1957) <net-analyzer/wireshark-1.4.7: Multiple vulnerabilities (CVE-2011-{1957,1958,1959,2174,2175})

Bug 369683 (CVE-2011-1957) - <net-analyzer/wireshark-1.4.7: Multiple vulnerabilities (CVE-2011-{1957,1958,1959,2174,2175})

Summary: <net-analyzer/wireshark-1.4.7: Multiple vulnerabilities (CVE-2011-{1957,1958,...

Status:	RESOLVED FIXED

Alias:	CVE-2011-1957

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.wireshark.org/docs/relnote...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:	369749
Blocks:
	Show dependency tree

Reported:	2011-06-01 17:17 UTC by Jeroen Roovers (RETIRED)
Modified:	2011-10-09 20:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2011-06-01 17:17:03 UTC

<http://www.wireshark.org/security/wnpa-sec-2011-08.html>:

Large/infinite loop in the DICOM dissector. (Bug 5876) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (Bug 5908) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

Comment 1 Peter Volkov (RETIRED) gentoo-dev

2011-06-02 09:18:13 UTC

Arch teams, please, stabilize wireshark-1.4.7.

Comment 2 Agostino Sarubbo gentoo-dev

2011-06-02 09:51:33 UTC

>>> Preparing source in /tmp/portage/net-analyzer/wireshark-1.4.7/work/wireshark-1.4.7 ...

 * Cannot find $EPATCH_SOURCE!  Value for $EPATCH_SOURCE is:
 * 
 *   /usr/portage/net-analyzer/wireshark/files/wireshark-1.4.7-wspy_dissectors_dir.patch
 *   ( wireshark-1.4.7-wspy_dissectors_dir.patch )

 * ERROR: net-analyzer/wireshark-1.4.7 failed (prepare phase):
 *   Cannot find $EPATCH_SOURCE!

Comment 3 Agostino Sarubbo gentoo-dev

2011-06-02 10:29:12 UTC

anyway fixing the ebuild locally it works for me on amd64. Same error on lua (see precedent stablereq of wireshark) but is not a regression.

Comment 4 Peter Volkov (RETIRED) gentoo-dev

2011-06-02 14:13:26 UTC

Err, patch dropped (as it should).

Comment 5 Ian Delaney (RETIRED) gentoo-dev

2011-06-02 15:09:39 UTC

amd64:

emerged: all a ok

Comment 6 Brent Baude (RETIRED) gentoo-dev

2011-06-03 15:24:13 UTC

ppc done

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2011-06-03 15:24:50 UTC

Stable for HPPA.

Comment 8 Thomas Kahle (RETIRED) gentoo-dev

2011-06-03 15:53:38 UTC

x86 stable. Thanks

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2011-06-03 17:20:15 UTC

alpha/ia64/sparc stable

Comment 10 Markos Chandras (RETIRED) gentoo-dev

2011-06-05 10:15:45 UTC

amd64 done. Thanks Agostino and Ian

Comment 11 Tim Sammut (RETIRED) gentoo-dev

2011-06-05 17:15:01 UTC

CVE Assignment:

> > Wireshark 1.2.17 fixes the following vulnerabilities:
> > 
> > Large/infinite loop in the DICOM dissector. (Bug 5876)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1957

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted Diameter dictionary file could crash Wireshark.
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1958

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted snoop file could crash Wireshark. (Bug 5912)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1959

> > 
> > David Maciejak of Fortinet's FortiGuard Labs discovered that malformed
> > compressed capture data could crash Wireshark. (Bug 5908)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2174

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted Visual Networks file could crash Wireshark. (Bug
> > 5934)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2175

Comment 12 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-06-07 10:15:01 UTC

ppc64 stable, last arch done

Comment 13 Tim Sammut (RETIRED) gentoo-dev

2011-06-07 13:14:27 UTC

Thanks, folks. GLSA Vote: No.

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2011-06-13 18:01:15 UTC

CVE-2011-2175 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175):
  Integer underflow in the visual_read function in wiretap/visual.c in
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers
  to cause a denial of service (application crash) via a malformed Visual
  Networks file that triggers a heap-based buffer over-read.

CVE-2011-2174 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174):
  Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers
  to cause a denial of service (application crash) via a packet with malformed
  data that uses zlib compression.

CVE-2011-1959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959):
  The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17
  and 1.4.x before 1.4.7 does not properly handle certain virtualizable
  buffers, which allows remote attackers to cause a denial of service
  (application crash) via a large length value in a snoop file that triggers a
  stack-based buffer over-read.

CVE-2011-1958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958):
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted
  remote attackers to cause a denial of service (NULL pointer dereference and
  application crash) via a crafted Diameter dictionary file.

CVE-2011-1957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957):
  The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM
  dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows
  remote attackers to cause a denial of service (infinite loop) via an invalid
  PDU length.

Comment 15 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 20:01:15 UTC

This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).

Comment 16 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 20:02:09 UTC

This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).