Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 140856 - net-analyzer/wireshark < 0.99.2, net-analyzer/ethereal - multiple vulnerabilities
Summary: net-analyzer/wireshark < 0.99.2, net-analyzer/ethereal - multiple vulnerabili...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High major (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org
Whiteboard: B2? [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-17 17:27 UTC by ChazeFroy
Modified: 2008-03-06 09:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ChazeFroy 2006-07-17 17:27:04 UTC
Wireshark 0.99.2 fixes the following vulnerabilities:
* The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627 

Ilja van Sprundel discovered the following vulnerabilities:
* The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628
* The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628
* The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628
* The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629
* The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630
* The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631
* The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632 

File exports under Windows work again.
Problems with ring buffers under 0.99.0 have been fixed.
It was possible for Wireshark to crash when closing the capture information dialog. This has been fixed.
It was possible for Wireshark to crash when using the "Find" feature. This has been fixed.
Wireshark could crash if an interface was removed while viewing the interface list. This has been fixed.

Multicast stream analysis (Statistics->Multicast Streams) has been added. It lets you determine burst size, output buffer size, and losses for multicast data.
TCP reassembly has been updated and improved.
Expert analysis has been updated and improved.
SCSI service response time statistics have been added.
You can now find next/previous marked frames.
The LDAP and SNMP dissectors have been completely rewriten.
The SMB dissector now tracks filenames and share names.
The Windows file dialogs have been improved.
If Wireshark is linked with the PortAudio library, you can now listen to RTP streams. (PortAudio didn't make the cut in the current Windows installer. It will be included with 0.99.3.)

New Protocol Support

Bluetooth HCI (ACL, Command, Event, L2CAP, H4, RFCOMM, SCO, SDP), Cisco WIDS, DTLS, Ether-S-Bus, OMA ULP, PN-MRP, PN-MRRT, REXEC (yes, that REXEC), RRLP, RSerPool (CalcAppProtocol, ComponentStatusProtocol, FractalGeneratorProtocol, PingPongProtocol), Telkonet, TiVoConnect Discovery Protocol
Updated Protocol Support

AIM, AMR, ASAP, BER, BGP, BSSAP, BVLC, CAMEL, CMS, COPS, DAP, DCERPC (NETLOGON, PNIO), DCOM, DIAMETER, DVMRP, EAPOL, ENRP, ESP, FC, FIX, Frame, GPRS LLC, GSM A, GSM MAP, GSSAPI, GTP, H.225, H.235, H.245, H.248, H.263, H.450, H1, ICMP, IEEE 802.11, INAP, IP, IPMI, iSCSI, ISUP, JXTA, Kerberos, LDAP, LLDP, MEGACO, MySQL, NBAP, NDMP, NFS, OICQ, PER, PGM, PN-PTCP, Q.931, RANAP, RNSAP, ROS, RTCP, S4406, S5066, SCCP, SCSI, SDP, SIP, SMB (PIPE, SMB), SNMP, SSL, SUA, TCP, TDS, TELNET, TIPC, UMA, X.420, X.509 (af, ce, if), XML
New and Updated Capture File Support

Wireshark can now read BER-encoded files. Catapult DCT2000 support has been updated.
Comment 1 Markus Ullmann (RETIRED) gentoo-dev 2006-07-18 09:01:44 UTC
bumped in cvs
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-07-18 09:04:04 UTC
Arches, please test and stable wireshark 0.99.2, thank you.
Comment 3 Andy Romeril 2006-07-18 13:14:57 UTC
Suggest modifying build to use the .tar.bz2 (9.3MB) instead of the tar.gz (12MB). This will save bandwidth on our mirrors.

May also want to list other download locations. Sources are available on Sourceforge.net, among others.
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-19 02:04:00 UTC
1) emerges fine
2) passes test suite
3) passes collision test
4) changed setting, sniffed my network traffic (with and without vpn)-> works

Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r13 i686)
=================================================================
System uname: 2.6.16-gentoo-r13 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa artworkextra asf audiofile avi bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss encode esd evo exif expat fam fat fbcon fdftk ffmpeg firefox foomaticdb fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k ldap leim libg++ libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds pppd preview-latex print python qt qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_radeon video_cards_vesa video_cards_fbdev"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 5 Markus Rothe (RETIRED) gentoo-dev 2006-07-19 03:14:34 UTC
ppc64 stable
Comment 6 Thomas Cort (RETIRED) gentoo-dev 2006-07-19 07:04:27 UTC
alpha stable.
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2006-07-19 08:36:06 UTC

    
Comment 8 Simon Stelling (RETIRED) gentoo-dev 2006-07-19 08:36:06 UTC
«amd64 is back.»
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2006-07-19 09:01:06 UTC
ppc stable
Comment 10 Joshua Jackson (RETIRED) gentoo-dev 2006-07-19 22:45:03 UTC
x86 has gone poof ^.^
Comment 11 Daniel Black (RETIRED) gentoo-dev 2006-07-20 05:02:05 UTC
It is probably worth noting from the versions in the comment 0 that all ethereal versions are vulnerable (<0.99 are ethereal version numbers).

Given ethereal.com has no devs working on ethereal (evidence by their cvs email list with last commit on it in May[1] (when their devs left) is very unlikely they will issue a fix.

[1] http://www.ethereal.com/lists/ethereal-cvs/200605/
Comment 12 Chris Gianelloni (RETIRED) gentoo-dev 2006-07-20 07:00:34 UTC
So in the course of three days we assume that upstream is totally dead because they haven't made a commit in two months?  I mean, I can think of *lots* of packages in the tree where upstream hasn't made a commit in two months, but it doesn't mean that they're dead.  Has anyone tried to contact them?
Comment 13 Chris Gianelloni (RETIRED) gentoo-dev 2006-07-20 07:04:46 UTC
Bleh... it helps if I actually read everything before I comment.

I'll shut up now.  Leaving "release" on here so I take the time to do the swap in our release snapshot.  Sorry for the noise.
Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev 2006-07-20 11:32:19 UTC
sparc stable.
Comment 15 Sune Kloppenborg Jeppesen gentoo-dev 2006-07-25 11:37:37 UTC
GLSA 200607-09

ia64 don't forget to mark stable to benifit from the GLSA.
Comment 16 Daniel Black (RETIRED) gentoo-dev 2006-08-24 04:16:05 UTC
ia64 don't worry about this one - see bug 144946
Comment 17 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:38:36 UTC
Does not affect current (2008.0) release. Removing release.