SB2012083103 - Multiple vulnerabilities in Wireshark

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2012-5237)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

2) Input validation error (CVE-ID: CVE-2012-5238)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.

3) Buffer overflow (CVE-ID: CVE-2012-5240)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.

4) Resource management error (CVE-ID: CVE-2012-3548)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.

Remediation

Install update from vendor's website.

References

• http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-hsrp.c?r1=44454&r2=44453&pathrev=44454
• http://anonsvn.wireshark.org/viewvc?view=revision&revision=44454
• http://osvdb.org/85884
• http://www.securityfocus.com/bid/55754
• http://www.securitytracker.com/id?1027604
• http://www.wireshark.org/security/wnpa-sec-2012-26.html
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7581
• https://exchange.xforce.ibmcloud.com/vulnerabilities/79009
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14992
• http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989
• http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688
• http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989
• http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688
• http://osvdb.org/85883
• http://www.wireshark.org/security/wnpa-sec-2012-27.html
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
• https://exchange.xforce.ibmcloud.com/vulnerabilities/79010
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593
• http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ldp.c?r1=44801&r2=44800&pathrev=44801
• http://anonsvn.wireshark.org/viewvc?view=revision&revision=44801
• http://www.wireshark.org/security/wnpa-sec-2012-29.html
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7567
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15691
• http://openwall.com/lists/oss-security/2012/08/29/4
• http://secunia.com/advisories/54425
• http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
• http://www.securitytracker.com/id?1027464
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666
• https://bugzilla.redhat.com/show_bug.cgi?id=849926
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646