Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 383821 (CVE-2011-3482)

Summary: net-analyzer/wireshark: Remote denial of service via a malformed capture (CVE-2011-{3842,3483,3484})
Product: Gentoo Security Reporter: daavelino
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3483
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description daavelino 2011-09-20 12:27:44 UTC 
As in NVD: Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."

Since we have net-analyzer/wireshark ~1.6.2 (and some old trees had 1.6.0-rc1), it is important to check before unmask it.
Comment 1 daavelino 2011-09-20 12:36:11 UTC 
CVE-2011 3484 "The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet." 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3484

and 

CVE-2011 3482 "The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet."
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3482

apply to the same packages.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-09-22 14:14:00 UTC 
Fixed package is in the tree now (thanks, Peter). Closing noglsa since 1.6.x is ~arch.