more security issues with wireshark from 0.99.6 down to ...

Bug #164501 reported by Stephan Rügamer
256
Affects Status Importance Assigned to Milestone
wireshark (Debian)
Fix Released
Unknown
wireshark (Ubuntu)
Fix Released
Undecided
Unassigned
Edgy
Fix Released
Undecided
Stephan Rügamer
Feisty
Fix Released
Undecided
Stephan Rügamer
Gutsy
Fix Released
Undecided
Stephan Rügamer
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: wireshark

Wireshark upstream developers released 0.99.7.
This fixes some more vulnerabilities:

Release announcement from Upstream:

Wireshark 0.99.7 fixes the following vulnerabilities:

    * Wireshark could crash when reading an MP3 file.
      Versions affected: 0.99.6
    * Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
      Versions affected: 0.10.12 to 0.99.6
    * Stefan Esser discovered a buffer overflow in the SSL dissector.
      Versions affected: 0.99.0 to 0.99.6
    * The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms. (Bug 1844)
      Versions affected: 0.99.5 to 0.99.6
    * The Firebird/Interbase dissector could go into an infinite loop or crash. (Bugs 1931 and 1932)
      Versions affected: 0.99.6
    * The NCP dissector could cause a crash.
      Versions affected: 0.99.6
    * The HTTP dissector could crash on some systems while decoding chunked messages.
      Versions affected: 0.10.14 to 0.99.6
    * The MEGACO dissector could enter a large loop and consume system resources.
      Versions affected: 0.9.14 to 0.99.6
    * The DCP ETSI dissector could enter a large loop and consume system resources.
      Versions affected: 0.99.6
    * Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser. (Bug 1926)
      Versions affected: 0.99.0 to 0.99.6
    * The PPP dissector could overflow a buffer.
      Versions affected: 0.99.6
    * The Bluetooth SDP dissector could go into an infinite loop.
      Versions affected: 0.99.2 to 0.99.6
    * A malformed RPC Portmap packet could cause a crash. (Bug 1998)
      Versions affected: 0.8.16 to 0.99.6

A sync for hardy should be done, when debian releases a new package.
Other versions, from gutsy to dapper needs to be security patches according to upstream changes.

CVE ID are pending.

Debian Bug is attached to this report.

description: updated
Changed in wireshark:
assignee: nobody → shermann
status: New → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

Affected by CVE IDs:

CVE-2007-6121: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.

CVE-2007-6120:The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

CVE-2007-6119: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

CVE-2007-6118: The MEGACO dissector in Wireshark (formeThe Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.

 rly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

CVE-2007-6117: Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages.

CVE-2007-6116: The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.

CVE-2007-6115: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.

CVE-2007-6114: Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

CVE-2007-6113: Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet.

CVE-2007-6112: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.

Revision history for this message
William Grant (wgrant) wrote :

Hardy is OK, with 0.9.7~pre1.

Changed in wireshark:
assignee: shermann → nobody
status: In Progress → Fix Released
assignee: nobody → shermann
status: New → In Progress
assignee: nobody → shermann
status: New → In Progress
assignee: nobody → shermann
status: New → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

The following CVEs are affecting Edgies Version:

    CVE-2007-6121
    CVE-2007-6120
    CVE-2007-6117
    CVE-2007-6114
    CVE-2007-6113

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

The following CVEs are affecting Feisties Version:

    CVE-2007-6121
    CVE-2007-6120
    CVE-2007-6117
    CVE-2007-6114
    CVE-2007-6113

Revision history for this message
Kees Cook (kees) wrote :

Thanks for preparing this! I've uploaded it to the security queue; it should be published shortly.

Changed in wireshark:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Changed in wireshark:
status: Unknown → New
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for preparing this for Gutsy too! I've uploaded it to the security queue; it should be published shortly.

Changed in wireshark:
status: In Progress → Fix Committed
Kees Cook (kees)
Changed in wireshark:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in wireshark:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.