Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 542206 (CVE-2015-2187)

Summary: <net-analyzer/wireshark-1.12.4: Multiple vulnerabilities (CVE-2015-{2187,2188,2189,2190,2191,2192})
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.wireshark.org/lists/wireshark-announce/201503/msg00001.html
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2015-03-05 07:19:53 UTC
The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2015-06
       The ATN-CPDLC dissector could crash. ([2]Bug 9952) [3]CVE-2015-2187
     * [4]wnpa-sec-2015-07
       The WCP dissector could crash. ([5]Bug 10844) [6]CVE-2015-2188
     * [7]wnpa-sec-2015-08
       The pcapng file parser could crash. ([8]Bug 10895) [9]CVE-2015-2189
     * [10]wnpa-sec-2015-09
       The LLDP dissector could crash. ([11]Bug 10983) [12]CVE-2015-2190
     * [13]wnpa-sec-2015-10
       The TNEF dissector could go into an infinite loop. Discovered by
       Vlad Tsyrklevich. ([14]Bug 11023) [15]CVE-2015-2191
     * [16]wnpa-sec-2015-11
       The SCSI OSD dissector could go into an infinite loop. Discovered
       by Vlad Tsyrklevich. ([17]Bug 11024) [18]CVE-2015-2192
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-03-05 08:14:12 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.12.4
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-03-05 19:11:00 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2015-03-06 09:55:26 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-06 09:55:54 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-03-25 16:08:23 UTC
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-26 11:23:33 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-03-26 11:30:32 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-03-30 09:50:30 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-30 10:03:14 UTC
alpha stable.

Maintainer(s), please cleanup.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2015-04-12 22:31:44 UTC
CVE-2015-2192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2192):
  Integer overflow in the dissect_osd2_cdb_continuation function in
  epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark
  1.12.x before 1.12.4 allows remote attackers to cause a denial of service
  (infinite loop) via a crafted length field in a packet.

CVE-2015-2191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2191):
  Integer overflow in the dissect_tnef function in
  epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x
  before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a
  denial of service (infinite loop) via a crafted length field in a packet.

CVE-2015-2190 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2190):
  epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle
  integer data types greater than 32 bits in size, which allows remote
  attackers to cause a denial of service (assertion failure and application
  exit) via a crafted packet that is improperly handled by the LLDP dissector.

CVE-2015-2189 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2189):
  Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the
  pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before
  1.12.4 allows remote attackers to cause a denial of service (out-of-bounds
  read and application crash) via an invalid Interface Statistics Block (ISB)
  interface ID in a crafted packet.

CVE-2015-2188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2188):
  epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before
  1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data
  structure, which allows remote attackers to cause a denial of service
  (out-of-bounds read and application crash) via a crafted packet that is
  improperly handled during decompression.

CVE-2015-2187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2187):
  The dissect_atn_cpdlc_heur function in
  asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in
  Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code
  requirements, which allows remote attackers to cause a denial of service
  (stack memory corruption and application crash) via a crafted packet.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2015-04-19 17:29:40 UTC
Arches, Thank you for your work.

GLSA Vote: Yes

Maintainer(s), please drop the vulnerable version(s).
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2015-04-19 18:02:30 UTC
(In reply to Yury German from comment #11)

> Maintainer(s), please drop the vulnerable version(s).

That happened on March 30.
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2015-04-19 18:12:45 UTC
Sorry jer, not in the notes here and was looking at around 80 bugs today so did not check cve.

Thank you for cleaning it up.
Comment 14 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 20:47:49 UTC
GLSA Vote: Yes, new request filed
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:10:45 UTC
This issue was resolved and addressed in
 GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03
by GLSA coordinator Kristian Fiskerstrand (K_F).