| Summary: | <net-analyzer/wireshark-1.6.8: Multiple DoS Vulnerabilities (CVE-2012-{2392,2393,2394,3825,3826}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon, pva |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=415585 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.6.8 Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" x86: I getting error, i'm created Bug 417301 x86 stable. USE="doc" works for me.... amd64 stable Stable for HPPA. alpha/ia64/sparc stable ppc64 done ppc done Thanks, folks. GLSA Vote: no. GLSA vote: no. Closing noglsa. CVE-2012-3826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3826): Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. CVE-2012-3825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3825): Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. CVE-2012-2394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2394): Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. CVE-2012-2393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2393): epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. CVE-2012-2392 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2392): Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. |
From the upstream release notes at $URL: wnpa-sec-2012-08 Infinite and large loops in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti. (Bugs 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125) Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7. wnpa-sec-2012-09 The DIAMETER dissector could try to allocate memory improperly and crash. (Bug 7138) Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7. wnpa-sec-2012-10 Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann. (Bug 7221) Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7. These have reportedly been fixed in 1.6.8.