Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 522968 (CVE-2014-6421) - <net-analyzer/wireshark-1.12.1: multiple vulnerabilities (CVE-2014-{6421,6422,6423,6424,6425,6426,6427,6428,6429,6430,6431,6432})
Summary: <net-analyzer/wireshark-1.12.1: multiple vulnerabilities (CVE-2014-{6421,6422...
Status: RESOLVED FIXED
Alias: CVE-2014-6421
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/docs/relnot...
Whiteboard: B3 [glsa]
Keywords:
Depends on: 511502
Blocks:
  Show dependency tree
 
Reported: 2014-09-16 20:34 UTC by Jeroen Roovers
Modified: 2014-12-28 22:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2014-09-16 20:34:19 UTC
1.10.10:

The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2014-12
       RTP dissector crash. ([2]Bug 9920) [3]CVE-2014-6421
       [4]CVE-2014-6422
     * [5]wnpa-sec-2014-13
       MEGACO dissector infinite loop. ([6]Bug 10333)
       [7]CVE-2014-6423
     * [8]wnpa-sec-2014-14
       Netflow dissector crash. ([9]Bug 10370) [10]CVE-2014-6424
     * [11]wnpa-sec-2014-17
       RTSP dissector crash. ([12]Bug 10381) [13]CVE-2014-6427
     * [14]wnpa-sec-2014-18
       SES dissector crash. ([15]Bug 10454) [16]CVE-2014-6428
     * [17]wnpa-sec-2014-19
       Sniffer file parser crash. ([18]Bug 10461)
       [19]CVE-2014-6429 [20]CVE-2014-6430 [21]CVE-2014-6431
       [22]CVE-2014-6432

1.12.1:

The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2014-13
       MEGACO dissector infinite loop. ([2]Bug 10333)
       [3]CVE-2014-6423
     * [4]wnpa-sec-2014-14
       Netflow dissector crash. ([5]Bug 10370) [6]CVE-2014-6424
     * [7]wnpa-sec-2014-15
       CUPS dissector crash. ([8]Bug 10353) [9]CVE-2014-6425
     * [10]wnpa-sec-2014-16
       HIP dissector infinite loop. [11]CVE-2014-6426
     * [12]wnpa-sec-2014-17
       RTSP dissector crash. ([13]Bug 10381) [14]CVE-2014-6427
     * [15]wnpa-sec-2014-18
       SES dissector crash. ([16]Bug 10454) [17]CVE-2014-6428
     * [18]wnpa-sec-2014-19
       Sniffer file parser crash. ([19]Bug 10461)
       [20]CVE-2014-6429 [21]CVE-2014-6430 [22]CVE-2014-6431
       [23]CVE-2014-6432
Comment 1 Jeroen Roovers gentoo-dev 2014-09-16 22:01:35 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.12.1
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

PPC and PPC64 will want to deal with bug #511502 too.
Comment 2 Jeroen Roovers gentoo-dev 2014-09-17 09:48:39 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2014-09-18 13:18:46 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-09-18 13:19:13 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-09-19 10:31:24 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-09-19 10:38:00 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-09-20 11:05:42 UTC
alpha stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-09-27 10:39:18 UTC
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-09-27 10:40:33 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-10-05 13:17:20 UTC
CVE-2014-6432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6432):
  The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer
  file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does
  not prevent data overwrites during copy operations, which allows remote
  attackers to cause a denial of service (application crash) via a crafted
  file.

CVE-2014-6431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6431):
  Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in
  the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x
  before 1.12.1 allows remote attackers to cause a denial of service
  (application crash) via a crafted file that triggers writes of uncompressed
  bytes beyond the end of the output buffer.

CVE-2014-6430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6430):
  The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer
  file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does
  not validate bitmask data, which allows remote attackers to cause a denial
  of service (application crash) via a crafted file.

CVE-2014-6429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6429):
  The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer
  file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does
  not properly handle empty input data, which allows remote attackers to cause
  a denial of service (application crash) via a crafted file.

CVE-2014-6428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6428):
  The dissect_spdu function in epan/dissectors/packet-ses.c in the SES
  dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does
  not initialize a certain ID value, which allows remote attackers to cause a
  denial of service (application crash) via a crafted packet.

CVE-2014-6427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6427):
  Off-by-one error in the is_rtsp_request_or_reply function in
  epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x
  before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a
  denial of service (application crash) via a crafted packet that triggers
  parsing of a token located one position beyond the current position.

CVE-2014-6426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6426):
  The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP
  dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL
  tree, which allows remote attackers to cause a denial of service (infinite
  loop) via a crafted packet.

CVE-2014-6425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6425):
  The (1) get_quoted_string and (2) get_unquoted_string functions in
  epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x
  before 1.12.1 allow remote attackers to cause a denial of service (buffer
  over-read and application crash) via a CUPS packet that lacks a trailing
  '\0' character.

CVE-2014-6424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6424):
  The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in
  the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before
  1.12.1 refers to incorrect offset and start variables, which allows remote
  attackers to cause a denial of service (uninitialized memory read and
  application crash) via a crafted packet.

CVE-2014-6423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6423):
  The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the
  MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1
  allows remote attackers to cause a denial of service (infinite loop) via an
  empty line.

CVE-2014-6422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6422):
  The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate
  hashtables for a media channel, which allows remote attackers to cause a
  denial of service (application crash) via a crafted packet to the RTP
  dissector.

CVE-2014-6421 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6421):
  Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before
  1.10.10 allows remote attackers to cause a denial of service (application
  crash) via a crafted packet that leverages split memory ownership between
  the SDP and RTP dissectors.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev Security 2014-10-05 13:20:45 UTC
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: Yes
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-12-28 19:15:32 UTC
GLSA vote: yes.

glsa request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-12-28 22:31:17 UTC
This issue was resolved and addressed in
 GLSA 201412-52 at http://security.gentoo.org/glsa/glsa-201412-52.xml
by GLSA coordinator Mikle Kolyada (Zlogene).