There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and potential code execution. Fix available on $URL.
Usually people run wireshark as root, though it is not recommended - thus rating as A0.
(In reply to comment #1) > Usually people run wireshark as root, though it is not recommended - thus > rating as A0. All of our ebuilds set up the wireshark group, which allows "unprivileged" sniffing to normal users, and write ewarn messages to inform users about that. We could extend the ewarn messages to inform users that running wireshark as root is neither recommended nor needed, and when a user does run it as root, it opens a "Confirm" dialog strongly warning against that use of the software.
I wasn't sure about this issue, thus the ? in the whiteboard. Wireshark itself already opens such a dialog, fixing whiteboard and severity.
Per http://www.openwall.com/lists/oss-security/2011/01/03/8 this has been assigned CVE-2010-4538.
There's another vulnerability being fixed in 1.4.3, a DoS, see http://www.wireshark.org/security/wnpa-sec-2011-02.html. It has been assigned CVE-2011-0445.
CVE-2011-0444 is also applicable, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444 Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. MAC-LTE (CVE-2011-0444) and ENTTEC (CVE-2010-4538) appear to affect 1.2.x also.
(In reply to comment #2) > We could extend the ewarn messages to inform users that running wireshark as > root is neither recommended nor needed, and when a user does run it as root, > it opens a "Confirm" dialog strongly warning against that use of the software. I don't think we need to extend anything - all information is in place. Also, please, don't forget to CC maintainers (me).
(In reply to comment #7) > I don't think we need to extend anything - all information is in place. Agreed. > Also, please, don't forget to CC maintainers (me). I guess this was not done because netmon includes you already, and I hesitated whether I should CC you myself at the time. :)
(In reply to comment #8) > > Also, please, don't forget to CC maintainers (me). > > I guess this was not done because netmon includes you already, and I hesitated > whether I should CC you myself at the time. :) Please, don't hesitate next time :) This was already discussed on -dev mailing list and we have resolution to include everybody mentioned in metadata.xml (if there are no restrict attributes). I know that I'm part of netmon but there are packages I have more interest in and thus I've added myself into metadata.xml to make it explicit that I want to be CC'ed to bug reports. This makes my mail filters highlight this bug report. New version is in the tree. Arch teams, please stabilize: net-analyzer/wireshark-1.4.3
ppc/ppc64 stable @pva: could you fix that: BadInsIntoDir: version 1.4.3: ebuild uses insinto /usr/share/applications on line 203
amd64 done
x86 stable
(In reply to comment #10) > @pva: could you fix that: > BadInsIntoDir: version 1.4.3: ebuild uses insinto /usr/share/applications on > line 203 Fixed.
Stable for HPPA.
alpha/ia64/sparc stable
Thanks, folks. Added to existing GLSA request.
CVE-2011-0445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445): The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. CVE-2011-0444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444): Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
CVE-2010-4301 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301): epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).