SB2014122802 - Gentoo update for Wireshark

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2014-6421)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

2) Buffer overflow (CVE-ID: CVE-2014-6422)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.

3) Resource management error (CVE-ID: CVE-2014-6423)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.

4) Buffer overflow (CVE-ID: CVE-2014-6424)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.

5) Buffer overflow (CVE-ID: CVE-2014-6425)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '' character.

6) Resource management error (CVE-ID: CVE-2014-6426)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

7) Buffer overflow (CVE-ID: CVE-2014-6427)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.

8) Buffer overflow (CVE-ID: CVE-2014-6428)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

9) Input validation error (CVE-ID: CVE-2014-6429)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

10) Input validation error (CVE-ID: CVE-2014-6430)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

11) Buffer overflow (CVE-ID: CVE-2014-6431)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.

12) Resource management error (CVE-ID: CVE-2014-6432)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201412-52