Bug 290710 (CVE-2009-2560)

Summary:	<net-analyzer/wireshark-{1.0.10, 1.2.3}: DoS (CVE-2009-{2560,3549,3550,3551})
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	netmon, pva
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.wireshark.org/news/20091027.html
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-10-27 10:10:21 UTC

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Gerals Combs informed us about the following issues:

* The Paltalk dissector could crash on alignment-sensitive processors.
  CVE-2009-3549, Wireshark Bug 3689, fixed in r29064
  Affected: 1.2.0 to 1.2.2

* The DCERPC/NT dissector could crash.
  CVE-2009-3550, fixed in r30208
  Affected: <=1.0.9, 1.2.0 to 1.2.2

* The SMB dissector could crash.
  CVE-2009-3551, fixed in r30595
  Affected: 1.2.0 to 1.2.2

* The RADIUS dissector could crash.
  CVE-2009-2560, Wireshark bug 3578, fixed in r28891
  Affected: <=1.0.9 (1.2.0 is already obsolete for us)

The updated versions are expected today.

Comment 1 Alex Legler (RETIRED) archtester

2009-10-27 19:37:34 UTC

This is now public via the following advisories:

wnpa-sec-2009-07:
Multiple vulnerabilities in Wireshark® version 0.10.10 to 1.2.2
http://www.wireshark.org/security/wnpa-sec-2009-07.html

wnpa-sec-2009-08:
Multiple vulnerabilities in Wireshark® version 0.10.10 to 1.0.9
http://www.wireshark.org/security/wnpa-sec-2009-08.html

Peter/Netmon, please bump.

Comment 2 Peter Volkov (RETIRED) gentoo-dev

2009-10-28 09:22:07 UTC

bumped. Arch teams, please, stabilize wireshark-1.2.3.

Comment 3 Christian Faulhammer (RETIRED) gentoo-dev

2009-10-28 23:20:19 UTC

x86 stable

Comment 4 Tony Vroon (RETIRED) gentoo-dev

2009-10-29 13:53:06 UTC

+  29 Oct 2009; <chainsaw@gentoo.org> wireshark-1.2.3.ebuild:
+  Marked stable on AMD64 as requested by Alex "a3li" Legler in security bug
+  #290710. Tested capture on a Marvell "sky2" 88E8055 Gig-copper NIC.

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2009-10-29 14:52:25 UTC

Stable for HPPA.

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2009-10-30 17:11:26 UTC

alpha/ia64/sparc stable

Comment 7 Brent Baude (RETIRED) gentoo-dev

2009-10-31 13:45:01 UTC

ppc64 done

Comment 8 Alex Legler (RETIRED) archtester

2009-10-31 19:30:56 UTC

CVE-2009-3549 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3549):
  packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through
  1.2.2, on SPARC and certain other platforms, allows remote attackers
  to cause a denial of service (application crash) via a file that
  records a malformed packet trace.

CVE-2009-3550 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3550):
  The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0
  through 1.2.2 allows remote attackers to cause a denial of service
  (NULL pointer dereference and application crash) via a file that
  records a malformed packet trace.  NOTE: some of these details are
  obtained from third party information.

CVE-2009-3551 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3551):
  Off-by-one error in the dissect_negprot_response function in
  packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2
  allows remote attackers to cause a denial of service (application
  crash) via a file that records a malformed packet trace.  NOTE: some
  of these details are obtained from third party information.

Comment 9 nixnut (RETIRED) gentoo-dev

2009-11-01 16:02:12 UTC

ppc stable

Comment 10 Alex Legler (RETIRED) archtester

2009-11-04 23:06:38 UTC

GLSA together with bug 285280.

Comment 11 Alex Legler (RETIRED) archtester

2009-11-25 16:29:19 UTC

GLSA 200911-05