Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 484582 (CVE-2013-5717)

Summary: <net-analyzer/wireshark-{1.8.10,1.10.2} : Multiple Vulnerabilities (CVE-2013-{5717,5718,5719,5720,5721,5722})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/54765/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-09-11 15:01:14 UTC 
From ${URL} :

Description

Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a 
vulnerable system.

1) An error in the Bluetooth HCI ACL dissector (dissectors/packet-bthci_acl.c) can be exploited to cause a crash.

This vulnerability is reported in versions 1.10.0 and 1.10.1.

2) An error in the NBAP dissector (dissectors/packet-nbap.c) can be exploited to cause a crash.

3) An error in the ASSA R3 dissector (dissectors/packet-assa_r3.c) can be exploited to cause an infinite loop and consume CPU resources.

4) An error in the RTPS dissector (dissectors/packet-rtsp.c) can be exploited to cause a buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

5) An error in the MQ dissector (dissectors/packet-mq.c) can be exploited to cause a crash.

6) An error in the LDAP dissector (dissectors/packet-ldap.c) can be exploited to cause a crash.

7) An error in the Netmon file parser (wiretap/netmon.c) can be exploited to cause a crash via a specially crafted packet trace file.

The vulnerabilities #2 through #7 are reported in versions 1.8.0 through 1.8.9, 1.10.0, and 1.10.1.


Solution:
Update to version 1.8.10 or 1.10.2.

Provided and/or discovered by:
5, 6) Reported by the vendor

The vendor credits:
1, 2) Laurent Butti
3, 4) Ben Schmidt
7) G. Geshev

Original Advisory:
http://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html




@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-09-11 16:24:31 UTC 
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.8.10
=net-analyzer/wireshark-1.10.2
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2013-09-11 18:40:25 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-09-11 18:41:34 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-09-11 18:41:44 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-09-11 18:41:55 UTC 
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-09-11 18:42:04 UTC 
ia64 stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2013-09-12 14:56:50 UTC 
Stable for HPPA.
Comment 8 Agostino Sarubbo gentoo-dev 2013-09-14 10:35:43 UTC 
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-09-14 10:35:53 UTC 
sparc stable
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-09-17 22:33:37 UTC 
CVE-2013-5722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5722):
  Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before
  1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of
  service (application crash) via a crafted packet.

CVE-2013-5721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5721):
  The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ
  dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not
  properly determine when to enter a certain loop, which allows remote
  attackers to cause a denial of service (application crash) via a crafted
  packet.

CVE-2013-5720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5720):
  Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and
  1.10.x before 1.10.2 allows remote attackers to cause a denial of service
  (application crash) via a crafted packet.

CVE-2013-5719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5719):
  epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x
  before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a
  denial of service (infinite loop) via a crafted packet.

CVE-2013-5718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5718):
  The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the
  NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
  does not restrict the dch_id value, which allows remote attackers to cause a
  denial of service (application crash) via a crafted packet.

CVE-2013-5717 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5717):
  The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not
  properly maintain a certain free list, which allows remote attackers to
  cause a denial of service (application crash) via a crafted packet that is
  not properly handled by the wmem_block_alloc function in
  epan/wmem/wmem_allocator_block.c.
Comment 11 Sean Amoss (RETIRED) gentoo-dev Security 2013-09-30 23:38:30 UTC 
GLSA drafted and ready for review.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-12-16 18:32:13 UTC 
This issue was resolved and addressed in
 GLSA 201312-13 at http://security.gentoo.org/glsa/glsa-201312-13.xml
by GLSA coordinator Sergey Popov (pinkbyte).