SB2011030305 - Multiple vulnerabilities in Wireshark
Published: March 3, 2011 Updated: March 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-1138)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.
2) Resource management error (CVE-ID: CVE-2011-1139)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
3) Resource management error (CVE-ID: CVE-2011-1140)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
4) Resource management error (CVE-ID: CVE-2011-1141)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
5) Heap-based buffer overflow (CVE-ID: CVE-2011-0713)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3. A remote attacker can use a long record in a Nokia DCT3 trace file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
- http://secunia.com/advisories/43759
- http://secunia.com/advisories/44169
- http://www.kb.cert.org/vuls/id/215900
- http://www.securityfocus.com/bid/46636
- http://www.securitytracker.com/id?1025148
- http://www.vupen.com/english/advisories/2011/0626
- http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
- http://www.wireshark.org/security/wnpa-sec-2011-04.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65783
- https://hermes.opensuse.org/messages/8086844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16299
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=35855
- http://secunia.com/advisories/43795
- http://secunia.com/advisories/43821
- http://www.debian.org/security/2011/dsa-2201
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:044
- http://www.redhat.com/support/errata/RHSA-2011-0369.html
- http://www.redhat.com/support/errata/RHSA-2011-0370.html
- http://www.vupen.com/english/advisories/2011/0622
- http://www.vupen.com/english/advisories/2011/0719
- http://www.vupen.com/english/advisories/2011/0747
- http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html
- http://www.wireshark.org/security/wnpa-sec-2011-03.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65779
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14997
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=36101
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14974
- http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
- http://openwall.com/lists/oss-security/2011/02/16/13
- http://www.securityfocus.com/bid/46416
- https://bugzilla.redhat.com/show_bug.cgi?id=678198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65780
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14766