Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)

High Nessus Plugin ID 66069

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in wireshark :

Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392])

The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393])

Wireshark could crash on SPARC processors due to misaligned memory.
Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394])

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049).

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239).

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop.
(wnpa-sec-2012-40)

Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01).

The CLNP dissector could crash (wnpa-sec-2013-02).

The DTN dissector could crash (wnpa-sec-2013-03).

The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04).

The DTLS dissector could crash (wnpa-sec-2013-05).

The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).

The Wireshark dissection engine could crash (wnpa-sec-2013-08).

The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).

The sFlow dissector could go into an infinite loop (CVE-2012-6054).

The SCTP dissector could go into an infinite loop (CVE-2012-6056).

The MS-MMS dissector could crash (CVE-2013-2478).

The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).

The Mount dissector could crash (CVE-2013-2481).

The AMPQ dissector could go into an infinite loop (CVE-2013-2482).

The ACN dissector could attempt to divide by zero (CVE-2013-2483).

The CIMD dissector could crash (CVE-2013-2484).

The FCSP dissector could go into an infinite loop (CVE-2013-2485).

The DTLS dissector could crash (CVE-2013-2488).

This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 66069

File Name: mandriva_MDVSA-2013-055.nasl

Version: 1.12

Type: local

Published: 2013/04/20

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:dumpcap, p-cpe:/a:mandriva:linux:lib64wireshark-devel, p-cpe:/a:mandriva:linux:lib64wireshark1, p-cpe:/a:mandriva:linux:rawshark, p-cpe:/a:mandriva:linux:tshark, p-cpe:/a:mandriva:linux:wireshark, p-cpe:/a:mandriva:linux:wireshark-tools, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/05

Exploitable With

Core Impact

Reference Information

CVE: CVE-2012-2392, CVE-2012-2393, CVE-2012-2394, CVE-2012-3548, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4296, CVE-2012-4297, CVE-2012-6054, CVE-2012-6056, CVE-2013-2478, CVE-2013-2480, CVE-2013-2481, CVE-2013-2482, CVE-2013-2483, CVE-2013-2484, CVE-2013-2485, CVE-2013-2488

BID: 53651, 53652, 53653, 54649, 55035, 56729, 58340, 58351, 58353, 58355, 58356, 58357, 58362, 58365

MDVSA: 2013:055

MGASA: 2012-0134, 2012-0210, 2012-0226, 2012-0284, 2012-0348, 2013-0034, 2013-0090