Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 330479 (CVE-2010-2284)

Summary: <net-analyzer/wireshark-1.2.10: Multiple vulnerabilities (CVE-2010-{2284,2285,2286,2287,2992,2993,2994,2995,3133},CVE-2011-0024)
Product: Gentoo Security Reporter: Peter Volkov (RETIRED) <pva>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.wireshark.org/security/wnpa-sec-2010-08.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Peter Volkov (RETIRED) gentoo-dev 2010-07-30 10:04:10 UTC
Wireshark 1.2.10 fixes the following vulnerabilities:

    * The SigComp Universal Decompressor Virtual Machine could overrun a buffer. (Bug 4867)
      Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
      CVE-2010-2287
    * Due to a regression the ASN.1 BER dissector could exhaust stack memory. (Bug 4984)
      Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9
      CVE-2010-2284
    * The GSM A RR dissector could crash. (Bug 4897)
      Versions affected: 1.2.2 to 1.2.9
    * The IPMI dissector could go into an infinite loop. (Bug 5053)
      Versions affected: 1.2.0 to 1.2.9 

Impact

It may be possible to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.2.10 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2010-07-30 10:27:15 UTC
Arch teams, please, stabilize wireshark-1.2.10.
Comment 2 David Abbott (RETIRED) gentoo-dev 2010-07-30 20:40:49 UTC
All good x86.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-07-31 04:59:25 UTC
x86 stable, thanks David
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-07-31 14:46:38 UTC
amd64 done
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2010-07-31 15:59:04 UTC
alpha/ia64/sparc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2010-07-31 16:24:35 UTC
Stable for PPC.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-01 19:50:02 UTC
Stable for HPPA.
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-10 15:20:56 UTC
CVE-2010-2284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284):
  Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13
  through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote
  attack vectors.

CVE-2010-2285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285):
  The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0
  through 1.2.8 allows remote attackers to cause a denial of service
  (NULL pointer dereference) via unknown vectors.

CVE-2010-2286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286):
  The SigComp Universal Decompressor Virtual Machine dissector in
  Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote
  attackers to cause a denial of service (infinite loop) via unknown
  vectors.

CVE-2010-2287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287):
  Buffer overflow in the SigComp Universal Decompressor Virtual Machine
  dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
  has unknown impact and remote attack vectors.

Comment 9 Brent Baude (RETIRED) gentoo-dev 2010-08-10 17:36:58 UTC
ppc64 done
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2010-09-02 03:57:28 UTC
Looks like four more CVEs could be included in any GLSA that should come from this bug.

http://www.wireshark.org/security/wnpa-sec-2010-08.html

CVE-2010-2992
packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.

CVE-2010-2993
The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

CVE-2010-2994
Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.

CVE-2010-2995
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 22:31:01 UTC
CVE-2010-3133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133):
  Untrusted search path vulnerability in Wireshark 1.2.10 and earlier
  allows local users, and possibly remote attackers, to execute
  arbitrary code and conduct DLL hijacking attacks via a Trojan horse
  airpcap.dll, and possibly other DLLs, that is located in the same
  folder as a file that automatically launches Wireshark.

Comment 12 Tim Sammut (RETIRED) gentoo-dev 2010-10-02 15:16:31 UTC
GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 12:21:09 UTC
CVE-2011-0024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024):
  Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2
  allows remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a crafted capture file.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:00:39 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:40 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).