Wireshark 1.2.10 fixes the following vulnerabilities: * The SigComp Universal Decompressor Virtual Machine could overrun a buffer. (Bug 4867) Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9 CVE-2010-2287 * Due to a regression the ASN.1 BER dissector could exhaust stack memory. (Bug 4984) Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9 CVE-2010-2284 * The GSM A RR dissector could crash. (Bug 4897) Versions affected: 1.2.2 to 1.2.9 * The IPMI dissector could go into an infinite loop. (Bug 5053) Versions affected: 1.2.0 to 1.2.9 Impact It may be possible to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.2.10 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.
Arch teams, please, stabilize wireshark-1.2.10.
All good x86.
x86 stable, thanks David
amd64 done
alpha/ia64/sparc stable
Stable for PPC.
Stable for HPPA.
CVE-2010-2284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284): Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVE-2010-2285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285): The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVE-2010-2286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286): The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVE-2010-2287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287): Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
ppc64 done
Looks like four more CVEs could be included in any GLSA that should come from this bug. http://www.wireshark.org/security/wnpa-sec-2010-08.html CVE-2010-2992 packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. CVE-2010-2993 The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVE-2010-2994 Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. CVE-2010-2995 The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
CVE-2010-3133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133): Untrusted search path vulnerability in Wireshark 1.2.10 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
GLSA request filed.
CVE-2011-0024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024): Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).