From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200906-05.xml | 151 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 metadata/glsa/glsa-200906-05.xml (limited to 'metadata/glsa/glsa-200906-05.xml') diff --git a/metadata/glsa/glsa-200906-05.xml b/metadata/glsa/glsa-200906-05.xml new file mode 100644 index 000000000000..45c506d44da2 --- /dev/null +++ b/metadata/glsa/glsa-200906-05.xml @@ -0,0 +1,151 @@ + + + + Wireshark: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Wireshark which allow for + Denial of Service or remote code execution. + + wireshark + 2009-06-30 + 2009-06-30: 02 + 242996 + 248425 + 258013 + 264571 + 271062 + remote + + + 1.0.8 + 1.0.8 + + + +

+ Wireshark is a versatile network protocol analyzer. +

+ + +

+ Multiple vulnerabilities have been discovered in Wireshark: +

+
    +
  • + David Maciejak discovered a vulnerability in packet-usb.c in the USB + dissector via a malformed USB Request Block (URB) (CVE-2008-4680). +
    • +
  • + Florent Drouin and David Maciejak reported an unspecified vulnerability + in the Bluetooth RFCOMM dissector (CVE-2008-4681). +
    • +
  • + A malformed Tamos CommView capture file (aka .ncf file) with an + "unknown/unexpected packet type" triggers a failed assertion in wtap.c + (CVE-2008-4682). +
    • +
  • + An unchecked packet length parameter in the dissect_btacl() function in + packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous + tvb_memcpy() call (CVE-2008-4683). +
    • +
  • + A vulnerability where packet-frame does not properly handle exceptions + thrown by post dissectors caused by a certain series of packets + (CVE-2008-4684). +
    • +
  • + Mike Davies reported a use-after-free vulnerability in the + dissect_q931_cause_ie() function in packet-q931.c in the Q.931 + dissector via certain packets that trigger an exception + (CVE-2008-4685). +
    • +
  • + The Security Vulnerability Research Team of Bkis reported that the SMTP + dissector could consume excessive amounts of CPU and memory + (CVE-2008-5285). +
    • +
  • + The vendor reported that the WLCCP dissector could go into an infinite + loop (CVE-2008-6472). +
    • +
  • + babi discovered a buffer overflow in wiretap/netscreen.c via a + malformed NetScreen snoop file (CVE-2009-0599). +
    • +
  • + A specially crafted Tektronix K12 text capture file can cause an + application crash (CVE-2009-0600). +
    • +
  • + A format string vulnerability via format string specifiers in the HOME + environment variable (CVE-2009-0601). +
    • +
  • THCX Labs reported a format string vulnerability in the + PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string + specifiers in the station name (CVE-2009-1210). +
    • +
  • An unspecified vulnerability with unknown impact and attack vectors + (CVE-2009-1266). +
    • +
  • + Marty Adkins and Chris Maynard discovered a parsing error in the + dissector for the Check Point High-Availability Protocol (CPHAP) + (CVE-2009-1268). +
    • +
  • + Magnus Homann discovered a parsing error when loading a Tektronix .rf5 + file (CVE-2009-1269). +
    • +
  • The vendor reported that the PCNFSD dissector could crash + (CVE-2009-1829).
    • +
+ + +

+ A remote attacker could exploit these vulnerabilities by sending + specially crafted packets on a network being monitored by Wireshark or + by enticing a user to read a malformed packet trace file which can + trigger a Denial of Service (application crash or excessive CPU and + memory usage) and possibly allow for the execution of arbitrary code + with the privileges of the user running Wireshark. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Wireshark users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8" + + + CVE-2008-4680 + CVE-2008-4681 + CVE-2008-4682 + CVE-2008-4683 + CVE-2008-4684 + CVE-2008-4685 + CVE-2008-5285 + CVE-2008-6472 + CVE-2009-0599 + CVE-2009-0600 + CVE-2009-0601 + CVE-2009-1210 + CVE-2009-1266 + CVE-2009-1268 + CVE-2009-1269 + CVE-2009-1829 + + + craig + + + craig + + -- cgit v1.2.3