Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 373961 (CVE-2011-2597) - <net-analyzer/wireshark-1.4.8: Lucent/Ascend file parser vulnerability (CVE-2011-2597)
Summary: <net-analyzer/wireshark-1.4.8: Lucent/Ascend file parser vulnerability (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2011-2597
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-03 23:24 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-09 20:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-07-03 23:24:48 UTC
The 1.4 advisory at $URL is not available yet, but the 1.2 advisory at http://www.wireshark.org/security/wnpa-sec-2011-09.html shows:

Summary

Name: Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17

Docid: wnpa-sec-2011-09

Date: May 31, 2011

Versions affected: 1.2.0 up to and including 1.2.17

Related: wnpa-sec-2011-11 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.6.0) wnpa-sec-2011-10 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.4.0 to 1.4.7)

Details
Description

Wireshark 1.2.18 fixes the following vulnerability:

    * The Lucent/Ascend file parser was susceptible to an infinite loop. Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0. CVE-2011-2597 

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.2.18 or later. It is not possible to work around this bug.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-07-10 00:33:57 UTC
CVE-2011-2597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597):
  The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x
  through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of
  service (infinite loop) via malformed packets.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-07-24 08:04:04 UTC
Thank you Tim. Should be fixed in 1.4.8:
http://www.wireshark.org/security/wnpa-sec-2011-10.html

Arch teams, please, stabilize wireshark-1.4.8.
Comment 3 Elijah "Armageddon" El Lazkani (amd64 AT) 2011-07-24 18:20:57 UTC
amd64:

emerge pass, launch pass.
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-07-24 18:37:50 UTC
x86 stable
Comment 5 Thomas Kahle (RETIRED) gentoo-dev 2011-07-24 19:08:24 UTC
x86 done. Thanks
Comment 6 Mark Loeser (RETIRED) gentoo-dev 2011-07-24 20:12:34 UTC
ppc/ppc64 done
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-07-24 21:20:07 UTC
amd64 done. Thanks Elijah
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-07-26 17:52:18 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-08-07 16:48:47 UTC
alpha/ia64/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:37:51 UTC
Thanks, Peter, folks. GLSA Vote: no.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:20 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:13 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).