diff options
Diffstat (limited to 'metadata/glsa/glsa-200906-05.xml')
| -rw-r--r-- | metadata/glsa/glsa-200906-05.xml | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200906-05.xml b/metadata/glsa/glsa-200906-05.xml new file mode 100644 index 000000000000..c2ea511bb932 --- /dev/null +++ b/metadata/glsa/glsa-200906-05.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200906-05"> + <title>Wireshark: Multiple vulnerabilities</title> + <synopsis> + Multiple vulnerabilities have been discovered in Wireshark which allow for + Denial of Service or remote code execution. + </synopsis> + <product type="ebuild">wireshark</product> + <announced>2009-06-30</announced> + <revised count="02">2009-06-30</revised> + <bug>242996</bug> + <bug>248425</bug> + <bug>258013</bug> + <bug>264571</bug> + <bug>271062</bug> + <access>remote</access> + <affected> + <package name="net-analyzer/wireshark" auto="yes" arch="*"> + <unaffected range="ge">1.0.8</unaffected> + <vulnerable range="lt">1.0.8</vulnerable> + </package> + </affected> + <background> + <p> + Wireshark is a versatile network protocol analyzer. + </p> + </background> + <description> + <p> + Multiple vulnerabilities have been discovered in Wireshark: + </p> + <ul> + <li> + David Maciejak discovered a vulnerability in packet-usb.c in the USB + dissector via a malformed USB Request Block (URB) (CVE-2008-4680). + </li> + <li> + Florent Drouin and David Maciejak reported an unspecified vulnerability + in the Bluetooth RFCOMM dissector (CVE-2008-4681). + </li> + <li> + A malformed Tamos CommView capture file (aka .ncf file) with an + "unknown/unexpected packet type" triggers a failed assertion in wtap.c + (CVE-2008-4682). + </li> + <li> + An unchecked packet length parameter in the dissect_btacl() function in + packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous + tvb_memcpy() call (CVE-2008-4683). + </li> + <li> + A vulnerability where packet-frame does not properly handle exceptions + thrown by post dissectors caused by a certain series of packets + (CVE-2008-4684). + </li> + <li> + Mike Davies reported a use-after-free vulnerability in the + dissect_q931_cause_ie() function in packet-q931.c in the Q.931 + dissector via certain packets that trigger an exception + (CVE-2008-4685). + </li> + <li> + The Security Vulnerability Research Team of Bkis reported that the SMTP + dissector could consume excessive amounts of CPU and memory + (CVE-2008-5285). + </li> + <li> + The vendor reported that the WLCCP dissector could go into an infinite + loop (CVE-2008-6472). + </li> + <li> + babi discovered a buffer overflow in wiretap/netscreen.c via a + malformed NetScreen snoop file (CVE-2009-0599). + </li> + <li> + A specially crafted Tektronix K12 text capture file can cause an + application crash (CVE-2009-0600). + </li> + <li> + A format string vulnerability via format string specifiers in the HOME + environment variable (CVE-2009-0601). + </li> + <li>THCX Labs reported a format string vulnerability in the + PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string + specifiers in the station name (CVE-2009-1210). + </li> + <li>An unspecified vulnerability with unknown impact and attack vectors + (CVE-2009-1266). + </li> + <li> + Marty Adkins and Chris Maynard discovered a parsing error in the + dissector for the Check Point High-Availability Protocol (CPHAP) + (CVE-2009-1268). + </li> + <li> + Magnus Homann discovered a parsing error when loading a Tektronix .rf5 + file (CVE-2009-1269). + </li> + <li>The vendor reported that the PCNFSD dissector could crash + (CVE-2009-1829).</li> + </ul> + </description> + <impact type="high"> + <p> + A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file which can + trigger a Denial of Service (application crash or excessive CPU and + memory usage) and possibly allow for the execution of arbitrary code + with the privileges of the user running Wireshark. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Wireshark users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680">CVE-2008-4680</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681">CVE-2008-4681</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682">CVE-2008-4682</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683">CVE-2008-4683</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684">CVE-2008-4684</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685">CVE-2008-4685</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285">CVE-2008-5285</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472">CVE-2008-6472</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599">CVE-2009-0599</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600">CVE-2009-0600</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601">CVE-2009-0601</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210">CVE-2009-1210</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266">CVE-2009-1266</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268">CVE-2009-1268</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269">CVE-2009-1269</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829">CVE-2009-1829</uri> + </references> + <metadata tag="submitter" timestamp="2009-05-22T11:33:22Z"> + craig + </metadata> + <metadata tag="bugReady" timestamp="2009-06-29T22:09:27Z"> + craig + </metadata> +</glsa> |