Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 389255 (CVE-2011-4100) - <net-analyzer/wireshark-1.6.4 Multiple vulnerabilities (CVE-2011-{4100,4101,4102})
Summary: <net-analyzer/wireshark-1.6.4 Multiple vulnerabilities (CVE-2011-{4100,4101,4...
Status: RESOLVED FIXED
Alias: CVE-2011-4100
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 394433
Blocks:
  Show dependency tree
 
Reported: 2011-11-01 22:59 UTC by Sean Amoss (RETIRED)
Modified: 2012-03-06 01:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sean Amoss (RETIRED) gentoo-dev Security 2011-11-01 22:59:15 UTC
From the CVE request at $URL:

Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
the Infiniband dissector could dereference a NULL pointer.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
https://bugzilla.redhat.com/show_bug.cgi?id=750645


Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508
https://bugzilla.redhat.com/show_bug.cgi?id=750648
Comment 1 Michael Harrison 2011-11-05 00:43:10 UTC
Also CVE-2011-4100

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 

Affects Versions 1.6.x before 1.6.3
References:
http://secunia.com/advisories/cve_reference/CVE-2011-4100/
http://openwall.com/lists/oss-security/2011/11/01/9
http://www.wireshark.org/security/wnpa-sec-2011-17.html
http://www.wireshark.org/security/wnpa-sec-2011-18.html
http://www.wireshark.org/security/wnpa-sec-2011-19.html
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2011-11-16 23:59:00 UTC
CVE-2011-4102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4102):
  Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c
  in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before
  1.6.3 allows remote attackers to cause a denial of service (application
  crash) via a malformed file.

CVE-2011-4101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4101):
  The dissect_infiniband_common function in
  epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark
  1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause
  a denial of service (NULL pointer dereference and application crash) via a
  malformed packet.

CVE-2011-4100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4100):
  The csnStreamDissector function in epan/dissectors/packet-csn1.c in the
  CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a
  certain variable, which allows remote attackers to cause a denial of service
  (application crash) via a malformed packet.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2011-12-12 06:43:44 UTC
1.6.4 is in the tree. Arch teams, please, stabilize:

=net-analyzer/wireshark-1.6.4
Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2011-12-12 14:05:15 UTC
Bug #394433 should probably be addressed before this goes stable.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2011-12-13 15:02:03 UTC
Bug #394479 should not block this one.

Stable for HPPA.
Comment 6 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2011-12-14 11:39:52 UTC
net-analyzer/wireshark-1.6.4
amd64 - Ok (haven't had time to do full QA tests, but usage is ok)
Comment 7 Agostino Sarubbo gentoo-dev 2011-12-15 17:11:38 UTC
amd64 stable, thanks Tomas
Comment 8 kavol 2011-12-15 17:52:14 UTC
pardon my ignorance, but why has wireshark-1.6.4 ebuild this conflict:

DEPEND="${RDEPEND}
...
!!<net-analyzer/wireshark-1.6.0_rc1"

effectively blocking the upgrade, leaving the machine with old, vulnerable version?
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2011-12-15 18:46:48 UTC
(In reply to comment #8)
> effectively blocking the upgrade, leaving the machine with old, vulnerable
> version?

Unmerge then emerge if your package manager doesn't do it for you.

Bug #394479.

Now please take your comments there (perhaps with a nice patch) - this is not the right place.
Comment 10 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-12-18 19:47:25 UTC
x86 stable
Comment 11 Mark Loeser (RETIRED) gentoo-dev 2011-12-23 00:25:09 UTC
ppc/ppc64 done
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2012-01-06 18:52:12 UTC
alpha/ia64/sparc stable
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-06 19:48:24 UTC
Thanks, everyone. 

GLSA vote: yes.
Comment 14 Tim Sammut (RETIRED) gentoo-dev 2012-01-06 19:58:29 UTC
Thanks, folks. GLSA Vote: no (client-side DoS only).
Comment 15 Stefan Behte (RETIRED) gentoo-dev Security 2012-03-06 01:12:12 UTC
Vote: NO. Closing noglsa.