Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 373961 (CVE-2011-2597)

Summary: <net-analyzer/wireshark-1.4.8: Lucent/Ascend file parser vulnerability (CVE-2011-2597)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: netmon, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.wireshark.org/security/wnpa-sec-2011-10.html
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2011-07-03 23:24:48 UTC 
The 1.4 advisory at $URL is not available yet, but the 1.2 advisory at http://www.wireshark.org/security/wnpa-sec-2011-09.html shows:

Summary

Name: Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17

Docid: wnpa-sec-2011-09

Date: May 31, 2011

Versions affected: 1.2.0 up to and including 1.2.17

Related: wnpa-sec-2011-11 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.6.0) wnpa-sec-2011-10 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.4.0 to 1.4.7)

Details
Description

Wireshark 1.2.18 fixes the following vulnerability:

    * The Lucent/Ascend file parser was susceptible to an infinite loop. Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0. CVE-2011-2597 

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.2.18 or later. It is not possible to work around this bug.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-07-10 00:33:57 UTC 
CVE-2011-2597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597):
  The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x
  through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of
  service (infinite loop) via malformed packets.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-07-24 08:04:04 UTC 
Thank you Tim. Should be fixed in 1.4.8:
http://www.wireshark.org/security/wnpa-sec-2011-10.html

Arch teams, please, stabilize wireshark-1.4.8.
Comment 3 Elijah "Armageddon" El Lazkani (amd64 AT) 2011-07-24 18:20:57 UTC 
amd64:

emerge pass, launch pass.
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-07-24 18:37:50 UTC 
x86 stable
Comment 5 Thomas Kahle (RETIRED) gentoo-dev 2011-07-24 19:08:24 UTC 
x86 done. Thanks
Comment 6 Mark Loeser (RETIRED) gentoo-dev 2011-07-24 20:12:34 UTC 
ppc/ppc64 done
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-07-24 21:20:07 UTC 
amd64 done. Thanks Elijah
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-07-26 17:52:18 UTC 
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-08-07 16:48:47 UTC 
alpha/ia64/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:37:51 UTC 
Thanks, Peter, folks. GLSA Vote: no.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:20 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:13 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).