Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 369683 (CVE-2011-1957) - <net-analyzer/wireshark-1.4.7: Multiple vulnerabilities (CVE-2011-{1957,1958,1959,2174,2175})
Summary: <net-analyzer/wireshark-1.4.7: Multiple vulnerabilities (CVE-2011-{1957,1958,...
Status: RESOLVED FIXED
Alias: CVE-2011-1957
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: http://www.wireshark.org/docs/relnote...
Whiteboard: B3 [glsa]
Keywords:
Depends on: 369749
Blocks:
  Show dependency tree
 
Reported: 2011-06-01 17:17 UTC by Jeroen Roovers (RETIRED)
Modified: 2011-10-09 20:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2011-06-01 17:17:03 UTC
<http://www.wireshark.org/security/wnpa-sec-2011-08.html>:

Large/infinite loop in the DICOM dissector. (Bug 5876) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (Bug 5908) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) 
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2011-06-02 09:18:13 UTC
Arch teams, please, stabilize wireshark-1.4.7.
Comment 2 Agostino Sarubbo gentoo-dev 2011-06-02 09:51:33 UTC
>>> Preparing source in /tmp/portage/net-analyzer/wireshark-1.4.7/work/wireshark-1.4.7 ...

 * Cannot find $EPATCH_SOURCE!  Value for $EPATCH_SOURCE is:
 * 
 *   /usr/portage/net-analyzer/wireshark/files/wireshark-1.4.7-wspy_dissectors_dir.patch
 *   ( wireshark-1.4.7-wspy_dissectors_dir.patch )

 * ERROR: net-analyzer/wireshark-1.4.7 failed (prepare phase):
 *   Cannot find $EPATCH_SOURCE!
Comment 3 Agostino Sarubbo gentoo-dev 2011-06-02 10:29:12 UTC
anyway fixing the ebuild locally it works for me on amd64. Same error on lua (see precedent stablereq of wireshark) but is not a regression.
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2011-06-02 14:13:26 UTC
Err, patch dropped (as it should).
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-06-02 15:09:39 UTC
amd64:

emerged: all a ok
Comment 6 Brent Baude (RETIRED) gentoo-dev 2011-06-03 15:24:13 UTC
ppc done
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2011-06-03 15:24:50 UTC
Stable for HPPA.
Comment 8 Thomas Kahle (RETIRED) gentoo-dev 2011-06-03 15:53:38 UTC
x86 stable. Thanks
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-06-03 17:20:15 UTC
alpha/ia64/sparc stable
Comment 10 Markos Chandras (RETIRED) gentoo-dev 2011-06-05 10:15:45 UTC
amd64 done. Thanks Agostino and Ian
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-06-05 17:15:01 UTC
CVE Assignment:

> > Wireshark 1.2.17 fixes the following vulnerabilities:
> > 
> > Large/infinite loop in the DICOM dissector. (Bug 5876)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1957

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted Diameter dictionary file could crash Wireshark.
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1958

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted snoop file could crash Wireshark. (Bug 5912)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1959

> > 
> > David Maciejak of Fortinet's FortiGuard Labs discovered that malformed
> > compressed capture data could crash Wireshark. (Bug 5908)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2174

> > 
> > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> > that a corrupted Visual Networks file could crash Wireshark. (Bug
> > 5934)
> > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2175
Comment 12 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-06-07 10:15:01 UTC
ppc64 stable, last arch done
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-06-07 13:14:27 UTC
Thanks, folks. GLSA Vote: No.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 18:01:15 UTC
CVE-2011-2175 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175):
  Integer underflow in the visual_read function in wiretap/visual.c in
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers
  to cause a denial of service (application crash) via a malformed Visual
  Networks file that triggers a heap-based buffer over-read.

CVE-2011-2174 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174):
  Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers
  to cause a denial of service (application crash) via a packet with malformed
  data that uses zlib compression.

CVE-2011-1959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959):
  The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17
  and 1.4.x before 1.4.7 does not properly handle certain virtualizable
  buffers, which allows remote attackers to cause a denial of service
  (application crash) via a large length value in a snoop file that triggers a
  stack-based buffer over-read.

CVE-2011-1958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958):
  Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted
  remote attackers to cause a denial of service (NULL pointer dereference and
  application crash) via a crafted Diameter dictionary file.

CVE-2011-1957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957):
  The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM
  dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows
  remote attackers to cause a denial of service (infinite loop) via an invalid
  PDU length.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:15 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:09 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).