Bug 3103

Summary: Security issues in wireshark
Product: Mageia Reporter: Nicolas Vigier <boklm>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: wireshark CVE:
Status comment:

Description Nicolas Vigier 2011-10-18 21:58:11 CEST 
Wireshark 1.4.9 fix CVE-2011-3266 and other security issues :
http://www.wireshark.org/lists/wireshark-announce/201109/msg00001.html
Anssi Hannula 2011-10-18 22:05:53 CEST

Assignee: anssi.hannula => doktor5000

Comment 1 Florian Hubold 2011-10-19 02:07:05 CEST 
Citing from: http://www.wireshark.org/lists/wireshark-announce/201109/msg00001.html

   The following vulnerabilities have been fixed.

     o wnpa-sec-2011-13
       A malformed IKE packet could consume excessive resources.
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
       CVE-2011-3266

     o wnpa-sec-2011-14
       A malformed capture file could result in an invalid root
       tvbuff and cause a crash. (Bug 6135)
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.

     o wnpa-sec-2011-15
       Wireshark could run arbitrary Lua scripts. (Bug 6136)
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.


Working on CVE-2011-3266, the other two issues were already fixed with the last wireshark update.

Status: NEW => ASSIGNED

Comment 2 Florian Hubold 2011-10-21 16:12:43 CEST 
There is now wireshark-1.4.6-2.2.mga1 in core/updates_testing to validate
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the following CVEs:

- CVE-2011-3266


Wireshark is prone to a denial-of-service vulnerability because it fails to properly handle specially crafted IKE packets. An attacker can exploit this issue to trigger an infinite loop, which causes the affected application to crash, denying service to legitimate users.

This issue was reported by the penetration test team Of NCNIPC (China) [1]

[1] http://www.securityfocus.com/archive/1/archive/1/519049/100/0/threaded

-------------------------------------------------------
Steps to reproduce:

- install/update to update candidate
- exploit or proof of concept does not seem to be publicly available

Assignee: doktor5000 => qa-bugs

Comment 3 Dave Hodgins 2011-10-22 04:36:52 CEST 
Testing complete on i586 for the srpm
wireshark-1.4.6-2.2.mga1.src.rpm.

Just testing basic capture, and display of info.

CC: (none) => davidwhodgins

Comment 4 claire robinson 2011-10-22 13:05:19 CEST 
Testing complete x86_64

Advisory:
-----------------------
This update addresses the following CVEs:

- CVE-2011-3266


Wireshark is prone to a denial-of-service vulnerability because it fails to
properly handle specially crafted IKE packets. An attacker can exploit this
issue to trigger an infinite loop, which causes the affected application to
crash, denying service to legitimate users.

This issue was reported by the penetration test team Of NCNIPC (China) [1]

[1] http://www.securityfocus.com/archive/1/archive/1/519049/100/0/threaded

-----------------------

SRPM: wireshark-1.4.6-2.2.mga1.src.rpm

Sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2011-10-22 22:45:18 CEST 
Update pushed.

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED