SB2014092003 - Multiple vulnerabilities in Wireshark
Published: September 20, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2014-6423)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
2) Buffer overflow (CVE-ID: CVE-2014-6424)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
3) Buffer overflow (CVE-ID: CVE-2014-6425)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '�' character.
4) Resource management error (CVE-ID: CVE-2014-6426)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
5) Buffer overflow (CVE-ID: CVE-2014-6427)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
6) Buffer overflow (CVE-ID: CVE-2014-6428)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
7) Input validation error (CVE-ID: CVE-2014-6429)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
8) Input validation error (CVE-ID: CVE-2014-6430)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
9) Buffer overflow (CVE-ID: CVE-2014-6431)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
10) Resource management error (CVE-ID: CVE-2014-6432)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Remediation
Install update from vendor's website.
References
- http://linux.oracle.com/errata/ELSA-2014-1676
- http://linux.oracle.com/errata/ELSA-2014-1677
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
- http://rhn.redhat.com/errata/RHSA-2014-1676.html
- http://rhn.redhat.com/errata/RHSA-2014-1677.html
- http://secunia.com/advisories/60280
- http://secunia.com/advisories/60578
- http://secunia.com/advisories/61929
- http://secunia.com/advisories/61933
- http://www.debian.org/security/2014/dsa-3049
- http://www.wireshark.org/security/wnpa-sec-2014-13.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10333
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9112a099d7cc2cd924b7c667bf27f6e112b970c6
- http://www.wireshark.org/security/wnpa-sec-2014-14.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81
- http://www.wireshark.org/security/wnpa-sec-2014-15.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878
- http://www.wireshark.org/security/wnpa-sec-2014-16.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d9e5021fe79973d00ddd8fcef0bbefbaae63dd0f
- http://www.wireshark.org/security/wnpa-sec-2014-17.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0
- http://www.wireshark.org/security/wnpa-sec-2014-18.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10454
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=433a444d148f86f2562f804d25a57d00dc277cc0
- http://www.wireshark.org/security/wnpa-sec-2014-19.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2