Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 248425 (CVE-2008-5285) - net-analyzer/wireshark < 1.0.5 SMTP processing DoS (CVE-2008-{5285,6472})
Summary: net-analyzer/wireshark < 1.0.5 SMTP processing DoS (CVE-2008-{5285,6472})
Status: RESOLVED FIXED
Alias: CVE-2008-5285
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://packetstormsecurity.org/0811-a...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-23 16:42 UTC by stupendoussteve
Modified: 2009-06-30 18:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description stupendoussteve 2008-11-23 16:42:19 UTC
From the advisory:

On Nov 2008, Security Vulnerability Research Team of Bkis (SVRT-Bkis) has
detected a vulnerability underlying WireShark 1.0.4 (lastest version).

The flaw is in the function processing SMTP protocol and enables hacker to
perform a DoS attack by sending a SMTP request with large content to port
25. The application then enter a large loop and cannot do anything else.

We have contacted the vendor of Wireshark. They fixed this vulnerability for
Wireshark 1.0.5 but they haven't released the official version yet. Details
is here : http://wiki.wireshark.org/Development/Roadmap
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2008-12-11 11:44:27 UTC
1.0.5 out, but has some build problems, so I'll bump it as soon as I'll manage to resolve them.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2008-12-13 18:55:38 UTC
New version is in the tree.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-13 21:14:37 UTC
Arches, please test and mark stable net-analyzer/wireshark-1.0.5. Target keywords: "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 4 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-14 01:29:40 UTC
sparc stable
Comment 5 Markus Meier gentoo-dev 2008-12-14 12:44:58 UTC
minor doc-issues:
dodoc: READMEbsd does not exist
dodoc: READMElinux does not exist
dodoc: READMEmacos does not exist
dodoc: READMEvmware does not exist
>>> Completed installing wireshark-1.0.5 into /var/tmp/portage/net-analyzer/wireshark-1.0.5/image/
Comment 6 Markus Meier gentoo-dev 2008-12-14 12:46:10 UTC
amd64/x86 stable
Comment 7 Tobias Klausmann gentoo-dev 2008-12-14 14:12:23 UTC
Stable on alpha.
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2008-12-14 14:49:51 UTC
(In reply to comment #5)
> dodoc: READMEbsd does not exist

It was fixed in 1.1.x long time ago but seems that I forgot about stable. Thanks for notice. Fixed in 1.0.5 too.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-12-15 22:24:22 UTC
Stable for HPPA.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2008-12-16 10:28:13 UTC
ia64 stable
Comment 11 Brent Baude (RETIRED) gentoo-dev 2008-12-16 15:55:41 UTC
ppc64 done
Comment 12 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-18 18:20:05 UTC
ppc stable
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-11 18:52:23 UTC
GLSA together with #242996.
Comment 14 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:11:49 UTC
CVE-2008-6472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6472):
  The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote
  attackers to cause a denial of service (infinite loop) via
  unspecified vectors.

Comment 15 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-30 18:11:53 UTC
GLSA 200906-05, thanks everyone