Package name
wireshark
Date
2013-04-05
Advisory ID
MDVSA-2013:055
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in wireshark:

Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE
802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent
Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html
[CVE-2012-2392])

The DIAMETER dissector could try to allocate memory improperly
and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html
[CVE-2012-2393])

Wireshark could crash on SPARC processors due to
misaligned memory. Discovered by Klaus Heckelmann
(http://www.wireshark.org/security/wnpa-sec-2012-10.html
[CVE-2012-2394])

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
service (invalid pointer dereference and application crash) via a
crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
attackers to cause a denial of service (loop and CPU consumption)
via a crafted packet (CVE-2012-4049).

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239).

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)

Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP
dissectors (wnpa-sec-2013-01).

The CLNP dissector could crash (wnpa-sec-2013-02).

The DTN dissector could crash (wnpa-sec-2013-03).

The MS-MMC dissector (and possibly others) could crash
(wnpa-sec-2013-04).

The DTLS dissector could crash (wnpa-sec-2013-05).

The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).

The Wireshark dissection engine could crash (wnpa-sec-2013-08).

The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).

The sFlow dissector could go into an infinite loop (CVE-2012-6054).

The SCTP dissector could go into an infinite loop (CVE-2012-6056).

The MS-MMS dissector could crash (CVE-2013-2478).

The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).

The Mount dissector could crash (CVE-2013-2481).

The AMPQ dissector could go into an infinite loop (CVE-2013-2482).

The ACN dissector could attempt to divide by zero (CVE-2013-2483).

The CIMD dissector could crash (CVE-2013-2484).

The FCSP dissector could go into an infinite loop (CVE-2013-2485).

The DTLS dissector could crash (CVE-2013-2488).

This advisory provides the latest version of Wireshark (1.6.14)
which is not vulnerable to these issues.

Updated packages

MBS1 x86_64

 1817d98ba604d0b8347bf9ef5d7ddf00  mbs1/x86_64/dumpcap-1.6.14-1.mbs1.x86_64.rpm
 a5319dbd9c47629f4fb6797f313dfcf5  mbs1/x86_64/lib64wireshark1-1.6.14-1.mbs1.x86_64.rpm
 c0bb6476540803d16355bb9006179b1d  mbs1/x86_64/lib64wireshark-devel-1.6.14-1.mbs1.x86_64.rpm
 e0b9fede48c4c4db36b22814477cfaa4  mbs1/x86_64/rawshark-1.6.14-1.mbs1.x86_64.rpm
 4de1571d4b7a2cf3daea452a2d46ed78  mbs1/x86_64/tshark-1.6.14-1.mbs1.x86_64.rpm
 1c3a0948612798f471d1bb6a5a9e3620  mbs1/x86_64/wireshark-1.6.14-1.mbs1.x86_64.rpm
 88fea6e5203d3d0c8f38ebf9a82ae5d4  mbs1/x86_64/wireshark-tools-1.6.14-1.mbs1.x86_64.rpm 
 e915fb3656c689705b86ab93896a5da9  mbs1/SRPMS/wireshark-1.6.14-1.mbs1.src.rpm

References