Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472762 - <net-analyzer/wireshark-{1.6.16,1.8.8} - multiple vulnerabilities (CVE-2013-{4074,4075,4076,4077,4078,4079,4080,4081,4082})
Summary: <net-analyzer/wireshark-{1.6.16,1.8.8} - multiple vulnerabilities (CVE-2013-{...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-09 17:10 UTC by Jeroen Roovers (RETIRED)
Modified: 2013-08-28 11:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-06-09 17:41:49 UTC
No word on an 1.10.1 yet, though the release notes say that 1.10.0 is vulnerable too.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-06-09 17:45:08 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.16
=net-analyzer/wireshark-1.8.8
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 3 Agostino Sarubbo gentoo-dev 2013-06-09 19:05:37 UTC
alpha stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-06-09 19:05:47 UTC
ia64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-06-09 19:06:00 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-06-09 19:06:11 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-06-09 19:06:22 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-06-09 19:06:34 UTC
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-06-09 19:06:45 UTC
amd64 stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2013-06-10 00:06:29 UTC
Stable for HPPA.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 22:20:25 UTC
CVE-2013-4082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082):
  The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in
  Wireshark 1.8.x before 1.8.8 does not validate the relationship between a
  record length and a trailer length, which allows remote attackers to cause a
  denial of service (heap-based buffer overflow and application crash) via a
  crafted packet.

CVE-2013-4081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081):
  The http_payload_subdissector function in epan/dissectors/packet-http.c in
  the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8
  does not properly determine when to use a recursive approach, which allows
  remote attackers to cause a denial of service (stack consumption) via a
  crafted packet.

CVE-2013-4080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080):
  The dissect_r3_upstreamcommand_queryconfig function in
  epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark
  1.8.x before 1.8.8 does not properly handle a zero-length item, which allows
  remote attackers to cause a denial of service (infinite loop, and CPU and
  memory consumption) via a crafted packet.

CVE-2013-4079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079):
  The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c
  in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote
  attackers to cause a denial of service (infinite loop and application hang)
  via a crafted packet.

CVE-2013-4078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078):
  epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before
  1.8.8 does not validate return values during checks for data availability,
  which allows remote attackers to cause a denial of service (application
  crash) via a crafted packet.

CVE-2013-4077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077):
  Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8
  allows remote attackers to cause a denial of service (application crash) via
  a crafted packet, related to nbap.cnf and packet-nbap.c.

CVE-2013-4076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076):
  Buffer overflow in the dissect_iphc_crtp_fh function in
  epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before
  1.8.8 allows remote attackers to cause a denial of service (application
  crash) via a crafted packet.

CVE-2013-4075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075):
  epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark
  1.8.x before 1.8.8 does not properly initialize memory, which allows remote
  attackers to cause a denial of service (application crash) via a crafted
  packet.

CVE-2013-4074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074):
  The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the
  CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8
  incorrectly uses a -1 data value to represent an error condition, which
  allows remote attackers to cause a denial of service (application crash) via
  a crafted packet.
Comment 12 Sergey Popov gentoo-dev 2013-08-28 05:56:46 UTC
Thanks for your work, added to existing GLSA draft
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 11:43:55 UTC
This issue was resolved and addressed in
 GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).