http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075

http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision

50276

51363

54425

GLSA-201308-05

55035

http://www.wireshark.org/security/wnpa-sec-2012-25.html

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533

openSUSE-SU-2012:1067

oval:org.mitre.oval:def:15777

The remote Solaris system is missing necessary patches to address security updates :

  - The dissect_pft function in     epan/dissectors/packet-dcp-etsi.c in the DCP ETSI     dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before     1.6.10, and 1.8.x before 1.8.2 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a zero-length message.
    (CVE-2012-4285)

  - The pcapng_read_packet_block function in     wiretap/pcapng.c in the pcap-ng file parser in Wireshark     1.8.x before 1.8.2 allows user-assisted remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted pcap-ng file.
    (CVE-2012-4286)

  - epan/dissectors/packet-mongo.c in the MongoDB dissector     in Wireshark 1.8.x before 1.8.2 allows remote attackers     to cause a denial of service (loop and CPU consumption)     via a small value for a BSON document length.
    (CVE-2012-4287)

  - Integer overflow in the dissect_xtp_ecntl function in     epan/dissectors/ packet-xtp.c in the XTP dissector in     Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and     1.8.x before 1.8.2 allows remote attackers to cause a     denial of service (loop or application crash) via a     large value for a span length. (CVE-2012-4288)

  - epan/dissectors/packet-afp.c in the AFP dissector in     Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and     1.8.x before 1.8.2 allows remote attackers to cause a     denial of service (loop and CPU consumption) via a large     number of ACL entries. (CVE-2012-4289)

  - The CTDB dissector in Wireshark 1.4.x before 1.4.15,     1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows     remote attackers to cause a denial of service (loop and     CPU consumption) via a malformed packet. (CVE-2012-4290)

  - The CIP dissector in Wireshark 1.4.x before 1.4.15,     1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows     remote attackers to cause a denial of service (memory     consumption) via a malformed packet. (CVE-2012-4291)

  - The dissect_stun_message function in     epan/dissectors/packet-stun.c in the STUN dissector in     Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and     1.8.x before 1.8.2 does not properly interact with     key-destruction behavior in a certain tree library,     which allows remote attackers to cause a denial of     service (application crash) via a malformed packet.
    (CVE-2012-4292)

  - plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox     dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before     1.6.10, and 1.8.x before 1.8.2 does not properly handle     certain integer fields, which allows remote attackers to     cause a denial of service (application exit) via a     malformed packet. (CVE-2012-4293)

  - Buffer overflow in the channelised_fill_sdh_g707_format     function in epan/ dissectors/packet-erf.c in the ERF     dissector in Wireshark 1.8.x before 1.8.2 allows remote     attackers to execute arbitrary code via a large speed     (aka rate) value. (CVE-2012-4294)

  - Array index error in the     channelised_fill_sdh_g707_format function in epan/     dissectors/packet-erf.c in the ERF dissector in     Wireshark 1.8.x before 1.8.2 might allow remote     attackers to cause a denial of service (application     crash) via a crafted speed (aka rate) value.
    (CVE-2012-4295)

  - Buffer overflow in epan/dissectors/packet-rtps2.c in the     RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x     before 1.6.10, and 1.8.x before 1.8.2 allows remote     attackers to cause a denial of service (CPU consumption)     via a malformed packet. (CVE-2012-4296)

  - Buffer overflow in the dissect_gsm_rlcmac_downlink     function in epan/dissectors/ packet-gsm_rlcmac.c in the     GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10     and 1.8.x before 1.8.2 allows remote attackers to     execute arbitrary code via a malformed packet.
    (CVE-2012-4297)

  - Integer signedness error in the     vwr_read_rec_data_ethernet function in wiretap/ vwr.c in     the Ixia IxVeriWave file parser in Wireshark 1.8.x     before 1.8.2 allows user-assisted remote attackers to     execute arbitrary code via a crafted packet-trace file     that triggers a buffer overflow. (CVE-2012-4298)

Wireshark was updated to 1.8.2 :

  - The DCP ETSI dissector could trigger a zero division.
    (wnpa-sec-2012-13 CVE-2012-4285)

  - The MongoDB dissector could go into a large loop.
    (wnpa-sec-2012-14 CVE-2012-4287)

  - The XTP dissector could go into an infinite loop.
    (wnpa-sec-2012-15 CVE-2012-4288)

  - The ERF dissector could overflow a buffer.
    (wnpa-sec-2012-16 CVE-2012-4294 CVE-2012-4295)

  - The AFP dissector could go into a large loop.
    (wnpa-sec-2012-17 CVE-2012-4289)

  - The RTPS2 dissector could overflow a buffer.
    (wnpa-sec-2012-18 CVE-2012-4296)

  - The GSM RLC MAC dissector could overflow a buffer.
    (wnpa-sec-2012-19 CVE-2012-4297)

  - The CIP dissector could exhaust system memory.
    (wnpa-sec-2012-20 CVE-2012-4291)

  - The STUN dissector could crash. (wnpa-sec-2012-21     CVE-2012-4292)

  - The EtherCAT Mailbox dissector could abort.
    (wnpa-sec-2012-22 CVE-2012-4293)

  - The CTDB dissector could go into a large loop.
    (wnpa-sec-2012-23 CVE-2012-4290)

  - The pcap-ng file parser could trigger a zero division.
    (wnpa-sec-2012-24 CVE-2012-4286)

  - The Ixia IxVeriWave file parser could overflow a buffer.
    (wnpa-sec-2012-25 CVE-2012-4298) Further bug fixes and     updated protocol support as listed in:
    http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.h     tml

The remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Wireshark. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Upgrade to wireshark 1.8.2

The following vulnerabilities have been fixed.

wnpa-sec-2012-13:The DCP ETSI dissector could trigger a zero division.
wnpa-sec-2012-14: The MongoDB dissector could go into a large loop.
wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.
wnpa-sec-2012-16: The ERF dissector could overflow a buffer.
wnpa-sec-2012-17: AFP dissector could go into a large loop.
wnpa-sec-2012-18: RTPS2 dissector could overflow a buffer.
wnpa-sec-2012-19: GSM RLC MAC dissector could overflow a buffer.
wnpa-sec-2012-20: CIP dissector could exhaust system memory.
wnpa-sec-2012-21: STUN dissector could crash. wnpa-sec-2012-22:
EtherCAT Mailbox dissector could abort. wnpa-sec-2012-23: CTDB dissector could go into a large loop. wnpa-sec-2012-24: pcap-ng file parser could trigger a zero division. wnpa-sec-2012-25: Ixia IxVeriWave file parser could overflow a buffer.

See http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Wireshark reports :

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

The PPP dissector could crash.

The NFS dissector could use excessive amounts of CPU.

The DCP ETSI dissector could trigger a zero division.

The MongoDB dissector could go into a large loop.

The XTP dissector could go into an infinite loop.

The ERF dissector could overflow a buffer.

The AFP dissector could go into a large loop.

The RTPS2 dissector could overflow a buffer.

The GSM RLC MAC dissector could overflow a buffer.

The CIP dissector could exhaust system memory.

The STUN dissector could crash.

The EtherCAT Mailbox dissector could abort.

The CTDB dissector could go into a large loop.

The pcap-ng file parser could trigger a zero division.

The Ixia IxVeriWave file parser could overflow a buffer.

The installed version of Wireshark is 1.8.x before 1.8.2.  This version is affected by the following vulnerabilities :

  - The 'DCP ETSI' dissector and 'pcap-ng' parser can     attempt a divide by zero operation leading to an     application crash. (CVE-2012-4285, CVE-2012-4286)

  - The 'MongoDB', 'XTP', 'AFP', and 'CTDB' dissectors can     be caused to large or infinite loops. (CVE-2012-4287,     CVE-2012-4288, CVE-2012-4289, CVE-2012-4290)

  - The 'CIP' dissector can be caused to exhaust system     memory. (CVE-2012-4291)

  - The 'STUN' dissector can be caused to crash.
    (CVE-2012-4292)

  - The 'EtherCAT Mailbox' dissector can be caused to     abort. (CVE-2012-4293)

  - A buffer overflow exists related to the 'ERF', 'RTPS2'     and 'GSM RLC MAC' dissectors. (CVE-2012-4294,     CVE-2012-4295, CVE-2012-4296, CVE-2012-4297)

  - A file parsing error related to 'Ixia IxVeriWave'     processing can allow a buffer overflow. (CVE-2012-4298)

ID	Name	Product	Family	Severity
80804	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark3)	Nessus	Solaris Local Security Checks	high
74732	openSUSE Security Update : wireshark (openSUSE-SU-2012:1067-1)	Nessus	SuSE Local Security Checks	high
69500	GLSA-201308-05 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
62131	Fedora 18 : wireshark-1.8.2-1.fc18 (2012-11981)	Nessus	Fedora Local Security Checks	medium
61588	FreeBSD : Wireshark -- Multiple vulnerabilities (4cdfe875-e8d6-11e1-bea0-002354ed89bc)	Nessus	FreeBSD Local Security Checks	high
61573	Wireshark 1.8.x < 1.8.2 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2012-4298

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

medium

high

high