Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 248425 (CVE-2008-5285)

Summary: net-analyzer/wireshark < 1.0.5 SMTP processing DoS (CVE-2008-{5285,6472})
Product: Gentoo Security Reporter: stupendoussteve
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://packetstormsecurity.org/0811-advisories/wireshark104-dos.txt
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description stupendoussteve 2008-11-23 16:42:19 UTC 
From the advisory:

On Nov 2008, Security Vulnerability Research Team of Bkis (SVRT-Bkis) has
detected a vulnerability underlying WireShark 1.0.4 (lastest version).

The flaw is in the function processing SMTP protocol and enables hacker to
perform a DoS attack by sending a SMTP request with large content to port
25. The application then enter a large loop and cannot do anything else.

We have contacted the vendor of Wireshark. They fixed this vulnerability for
Wireshark 1.0.5 but they haven't released the official version yet. Details
is here : http://wiki.wireshark.org/Development/Roadmap
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2008-12-11 11:44:27 UTC 
1.0.5 out, but has some build problems, so I'll bump it as soon as I'll manage to resolve them.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2008-12-13 18:55:38 UTC 
New version is in the tree.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-13 21:14:37 UTC 
Arches, please test and mark stable net-analyzer/wireshark-1.0.5. Target keywords: "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 4 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-14 01:29:40 UTC 
sparc stable
Comment 5 Markus Meier gentoo-dev 2008-12-14 12:44:58 UTC 
minor doc-issues:
dodoc: READMEbsd does not exist
dodoc: READMElinux does not exist
dodoc: READMEmacos does not exist
dodoc: READMEvmware does not exist
>>> Completed installing wireshark-1.0.5 into /var/tmp/portage/net-analyzer/wireshark-1.0.5/image/
Comment 6 Markus Meier gentoo-dev 2008-12-14 12:46:10 UTC 
amd64/x86 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2008-12-14 14:12:23 UTC 
Stable on alpha.
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2008-12-14 14:49:51 UTC 
(In reply to comment #5)
> dodoc: READMEbsd does not exist

It was fixed in 1.1.x long time ago but seems that I forgot about stable. Thanks for notice. Fixed in 1.0.5 too.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-12-15 22:24:22 UTC 
Stable for HPPA.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2008-12-16 10:28:13 UTC 
ia64 stable
Comment 11 Brent Baude (RETIRED) gentoo-dev 2008-12-16 15:55:41 UTC 
ppc64 done
Comment 12 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-18 18:20:05 UTC 
ppc stable
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-11 18:52:23 UTC 
GLSA together with #242996.
Comment 14 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:11:49 UTC 
CVE-2008-6472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6472):
  The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote
  attackers to cause a denial of service (infinite loop) via
  unspecified vectors.
Comment 15 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-30 18:11:53 UTC 
GLSA 200906-05, thanks everyone