http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mpeg-dsmcc.c?r1=48332&r2=48331&pathrev=48332

http://anonsvn.wireshark.org/viewvc?view=revision&revision=48332

openSUSE-SU-2013:0911

openSUSE-SU-2013:0947

openSUSE-SU-2013:1084

openSUSE-SU-2013:1086

53425

54425

DSA-2700

GLSA-201308-05

http://www.wireshark.org/security/wnpa-sec-2013-28.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481

oval:org.mitre.oval:def:16751

This wireshark version update to 1.6.16 includes several security and general bug fixes.

http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html

  - The CAPWAP dissector could crash. Discovered by Laurent     Butti. (CVE-2013-4074)

  - The HTTP dissector could overrun the stack. Discovered     by David Keeler. (CVE-2013-4081)

  - The DCP ETSI dissector could crash. (CVE-2013-4083)

http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html

  - The ASN.1 BER dissector could crash. ( CVE-2013-3556     CVE-2013-3557 )

The releases also fix various non-security issues.

Additionally, a crash in processing SCTP filters has been fixed.
(bug#816887)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Solaris system is missing necessary patches to address security updates :

  - The dissect_diagnosticrequest function in     epan/dissectors/packet-reload.c in the REsource LOcation     And Discovery (aka RELOAD) dissector in Wireshark 1.8.x     before 1.8.6 uses an incorrect integer data type, which     allows remote attackers to cause a denial of service     (infinite loop) via crafted integer values in a packet.
    (CVE-2013-2486)

  - epan/dissectors/packet-reload.c in the REsource LOcation     And Discovery (aka RELOAD) dissector in Wireshark 1.8.x     before 1.8.6 uses incorrect integer data types, which     allows remote attackers to cause a denial of service     (infinite loop) via crafted integer values in a packet,     related to the (1) dissect_icecandidates, (2)     dissect_kinddata, (3) dissect_nodeid_list, (4)     dissect_storeans, (5) dissect_storereq, (6)     dissect_storeddataspecifier, (7) dissect_fetchreq, (8)     dissect_findans, (9) dissect_diagnosticinfo, (10)     dissect_diagnosticresponse, (11)     dissect_reload_messagecontents, and (12)     dissect_reload_message functions, a different     vulnerability than CVE-2013-2486. (CVE-2013-2487)

  - epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in     Wireshark 1.8.x before 1.8.7 calls incorrect functions     in certain contexts related to ciphers, which allows     remote attackers to cause a denial of service     (application crash) via a malformed packet.
    (CVE-2013-3555)

  - The fragment_add_seq_common function in     epan/reassemble.c in the ASN.1 BER dissector in     Wireshark before r48943 has an incorrect pointer     dereference during a comparison, which allows remote     attackers to cause a denial of service (application     crash) via a malformed packet. (CVE-2013-3556)

  - The dissect_ber_choice function in     epan/dissectors/packet-ber.c in the ASN.1 BER dissector     in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7     does not properly initialize a certain variable, which     allows remote attackers to cause a denial of service     (application crash) via a malformed packet.
    (CVE-2013-3557)

  - The dissect_ccp_bsdcomp_opt function in     epan/dissectors/packet-ppp.c in the PPP CCP dissector in     Wireshark 1.8.x before 1.8.7 does not terminate a     bit-field list, which allows remote attackers to cause a     denial of service (application crash) via a malformed     packet. (CVE-2013-3558)

  - epan/dissectors/packet-dcp-etsi.c in the DCP ETSI     dissector in Wireshark 1.8.x before 1.8.7 uses incorrect     integer data types, which allows remote attackers to     cause a denial of service (integer overflow, and heap     memory corruption or NULL pointer dereference, and     application crash) via a malformed packet.
    (CVE-2013-3559)

  - The dissect_dsmcc_un_download function in     epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC     dissector in Wireshark 1.8.x before 1.8.7 uses an     incorrect format string, which allows remote attackers     to cause a denial of service (application crash) via a     malformed packet. (CVE-2013-3560)

  - Multiple integer overflows in Wireshark 1.8.x before     1.8.7 allow remote attackers to cause a denial of     service (loop or application crash) via a malformed     packet, related to a crash of the Websocket dissector,     an infinite loop in the MySQL dissector, and a large     loop in the ETCH dissector. (CVE-2013-3561)

  - Multiple integer signedness errors in the tvb_unmasked     function in epan/ dissectors/packet-websocket.c in the     Websocket dissector in Wireshark 1.8.x before 1.8.7     allow remote attackers to cause a denial of service     (application crash) via a malformed packet.
    (CVE-2013-3562)

  - The dissect_pft function in     epan/dissectors/packet-dcp-etsi.c in the DCP ETSI     dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before     1.8.8, and 1.10.0 does not validate a certain fragment     length value, which allows remote attackers to cause a     denial of service (application crash) via a crafted     packet. (CVE-2013-4083)

This update of wireshark includes several security and bug fixes.

  - update to 1.8.8 [bnc#823932]

  + vulnerabilities fixed :

  - The CAPWAP dissector could crash. wnpa-sec-2013-32

  - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33

  - The PPP dissector could crash. wnpa-sec-2013-34

  - The NBAP dissector could crash. wnpa-sec-2013-35

  - The RDP dissector could crash. wnpa-sec-2013-36

  - The GSM CBCH dissector could crash. wnpa-sec-2013-37

  - The Assa Abloy R3 dissector could consume excessive     memory and CPU. wnpa-sec-2013-38

  - The HTTP dissector could overrun the stack.
    wnpa-sec-2013-39

  - The Ixia IxVeriWave file parser could overflow the heap.
    wnpa-sec-2013-40

  - The DCP ETSI dissector could crash. wnpa-sec-2013-41

  + Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.
    html

    wnpa-sec-2013-24 CVE-2013-3555 wnpa-sec-2013-25     CVE-2013-3556 CVE-2013-3557 wnpa-sec-2013-26     CVE-2013-3558 wnpa-sec-2013-27 CVE-2013-3559     wnpa-sec-2013-28 CVE-2013-3560 wnpa-sec-2013-29     CVE-2013-3561 CVE-2013-3562 wnpa-sec-2013-30     CVE-2013-3561 wnpa-sec-2013-31 CVE-2013-3561

dumpcap now stores temporary capture files in /var/tmp

  - Convert automake/pkgconfig files into patches (better     upstream integration)

    - Restored category in the *.desktop file

    - Install another one necessary header file -       frame_data_sequence.h

  - Add basic OpenFlow dissector

    - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Enhance desktop integration (*.desktop and MIME-related     files)

    - Add basic OpenFlow dissector

    - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Enhance desktop integration (*.desktop and MIME-related     files)

    - Add basic OpenFlow dissector

    - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Ver. 1.10.2

  - Ver. 1.10.1 fix missing ws_symbol_export.h

  - Ver. 1.10.2

    - Various security fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Wireshark. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This wireshark version update to 1.6.16 includes several security and general bug fixes.

http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html

  - The CAPWAP dissector could crash. Discovered by Laurent     Butti. (CVE-2013-4074)

  - The HTTP dissector could overrun the stack. Discovered     by David Keeler. (CVE-2013-4081)

  - The DCP ETSI dissector could crash. (CVE-2013-4083)     http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.
    html

  - The ASN.1 BER dissector could crash. ( CVE-2013-3556 /     CVE-2013-3557 ) The releases also fix various     non-security issues.

Additionally, a crash in processing SCTP filters has been fixed.
(bug#816887)

This wireshark version update to 1.8.8 includes several security and general bug fixes.

Version update to 1.8.8 [bnc#824900] :

  - vulnerabilities fixed :

  - The CAPWAP dissector could crash. wnpa-sec-2013-32.
    (CVE-2013-4074)

  - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33.
    (CVE-2013-4075)

  - The PPP dissector could crash. wnpa-sec-2013-34.
    (CVE-2013-4076)

  - The NBAP dissector could crash. wnpa-sec-2013-35.
    (CVE-2013-4077)

  - The RDP dissector could crash. wnpa-sec-2013-36.
    (CVE-2013-4078)

  - The GSM CBCH dissector could crash. wnpa-sec-2013-37.
    (CVE-2013-4079)

  - The Assa Abloy R3 dissector could consume excessive     memory and CPU. wnpa-sec-2013-38. (CVE-2013-4080)

  - The HTTP dissector could overrun the stack.
    wnpa-sec-2013-39. (CVE-2013-4081)

  - The Ixia IxVeriWave file parser could overflow the heap.
    wnpa-sec-2013-40. (CVE-2013-4082)

  - The DCP ETSI dissector could crash. wnpa-sec-2013-41.
    (CVE-2013-4083)

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.
    html Version update to 1.8.7 [bnc#813217, bnc#820973] :

  - vulnerabilities fixed :

  - The RELOAD dissector could go into an infinite loop.
    wnpa-sec-2013-23. (CVE-2013-2486 / CVE-2013-2487)

  - The GTPv2 dissector could crash. wnpa-sec-2013-24

  - The ASN.1 BER dissector could crash. wnpa-sec-2013-25

  - The PPP CCP dissector could crash. wnpa-sec-2013-26

  - The DCP ETSI dissector could crash. wnpa-sec-2013-27

  - The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28

  - The Websocket dissector could crash. wnpa-sec-2013-29

  - The MySQL dissector could go into an infinite loop.
    wnpa-sec-2013-30

  - The ETCH dissector could go into a large loop.
    wnpa-sec-2013-31

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.
    html Ohter bug fixes :

  - 'Save As' Nokia libpcap corrupting the file.
    (bnc#816517)

  - wireshark crashed in 'SCTP' -> 'Prepare Filter for this     Association'. (bnc#816887)

Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code.

The oldstable distribution (squeeze) is not affected.

The installed version of Wireshark 1.8 is earlier than 1.8.7.  It is, therefore, affected by the following vulnerabilities :

  - Errors exist in the ETCH, MySQL, and RELOAD dissectors     that could lead to an infinite loop, resulting in a     denial of service. (Bugs 8546, 8458, 8464)

  - Errors exist in the ASN.1 BER, DCP ETSI, GTPv2, MPEG     DSM-CC, PPP CCP, and Websocket dissectors that could     allow them to crash. (Bugs  8231, 8448, 8499, 8481,     8493, 8540, 8541, 8599, 8638)

ID	Name	Product	Family	Severity
83596	SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)	Nessus	SuSE Local Security Checks	high
80807	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark5)	Nessus	Solaris Local Security Checks	high
75058	openSUSE Security Update : wireshark (openSUSE-SU-2013:1084-1)	Nessus	SuSE Local Security Checks	high
71543	Fedora 18 : wireshark-1.10.2-4.fc18 (2013-17635)	Nessus	Fedora Local Security Checks	high
70280	Fedora 20 : wireshark-1.10.2-7.fc20 (2013-17627)	Nessus	Fedora Local Security Checks	high
70181	Fedora 19 : wireshark-1.10.2-6.fc19 (2013-17661)	Nessus	Fedora Local Security Checks	high
69500	GLSA-201308-05 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
69169	SuSE 10 Security Update : wireshark (ZYPP Patch Number 8659)	Nessus	SuSE Local Security Checks	high
69091	SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8044 / 8045)	Nessus	SuSE Local Security Checks	high
66767	Debian DSA-2700-1 : wireshark - several vulnerabilities	Nessus	Debian Local Security Checks	medium
66544	Wireshark 1.8.x < 1.8.7 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2013-3560

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins