Wireshark has released versions 1.8.9 and 1.10.1 on July 26: http://www.wireshark.org/news/20130726.html Updated packages uploaded for Mageia 3 and Cauldron. Thanks to Jani for fixing the build on Cauldron. Patched package uploaded for Mageia 2. I had to backport the security patches from 1.8.9 myself, as 1.6.x is no longer supported upstream. Please do check the PoCs in the upstream bugs, especially for CVE-2013-4932 as I had to rewrite the last part of it, as the code changed. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The Bluetooth SDP dissector could go into a large loop (CVE-2013-4927). The DIS dissector could go into a large loop (CVE-2013-4929). The DVB-CI dissector could crash (CVE-2013-4930). The GSM RR dissector (and possibly others) could go into a large loop (CVE-2013-4931). The GSM A Common dissector could crash (CVE-2013-4932). The Netmon file parser could crash (CVE-2013-4933, CVE-2013-4934). The ASN.1 PER dissector could crash (CVE-2013-4935). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4933 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4934 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4935 http://www.wireshark.org/security/wnpa-sec-2013-45.html http://www.wireshark.org/security/wnpa-sec-2013-47.html http://www.wireshark.org/security/wnpa-sec-2013-48.html http://www.wireshark.org/security/wnpa-sec-2013-49.html http://www.wireshark.org/security/wnpa-sec-2013-50.html http://www.wireshark.org/security/wnpa-sec-2013-51.html http://www.wireshark.org/security/wnpa-sec-2013-52.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html http://www.wireshark.org/news/20130726.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.16-1.1.mga2 libwireshark1-1.6.16-1.1.mga2 libwireshark-devel-1.6.16-1.1.mga2 wireshark-tools-1.6.16-1.1.mga2 tshark-1.6.16-1.1.mga2 rawshark-1.6.16-1.1.mga2 dumpcap-1.6.16-1.1.mga2 wireshark-1.8.9-1.mga3 libwireshark2-1.8.9-1.mga3 libwireshark-devel-1.8.9-1.mga3 wireshark-tools-1.8.9-1.mga3 tshark-1.8.9-1.mga3 rawshark-1.8.9-1.mga3 dumpcap-1.8.9-1.mga3 from SRPMS: wireshark-1.6.16-1.1.mga2.src.rpm wireshark-1.8.9-1.mga3.src.rpm Reproducible: Steps to Reproduce:
Because of a licensing issue, wireshark on Mageia 3 needs to be built against gnutls >= 3.1.10, so this update needs to be pushed after or with the gnutls update in Bug 10857.
Depends on: (none) => 10857Whiteboard: (none) => MGA2TOO
Advisory 10858.adv uploaded to svn
CC: (none) => davidwhodgins
MGA3-32-OK for me in VirtualBox default install wireshark-1.8.8-1.mga3.i586 from core release [root@localhost wilcal]# urpmi wireshark Package wireshark-1.8.8-1.mga3.i586 is already installed Tested using eth0 accessing both WAN and LAN sites. All successful and generate report install wireshark-1.8.9-1.mga3.i586 from core updates_testing Rerun testing with the same above tests. All successful [root@localhost wilcal]# urpmi wireshark Package wireshark-1.8.9-1.mga3.i586 is already installed Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox version: virtualbox-4.2.16-1.mga3.x86_64
CC: (none) => wilcal.int
MGA3-64-OK for me in VirtualBox default install wireshark-1.8.8-1.mga3.x86_64 from core release [root@localhost wilcal]# urpmi wireshark Package wireshark-1.8.8-1.mga3.x86_64 is already installed Tested using eth0 accessing both WAN and LAN sites. All successful and generate report install wireshark-1.8.9-1.mga3.x86_64 from core updates_testing Rerun testing with the same above tests. All successful [root@localhost wilcal]# urpmi wireshark Package wireshark-1.8.9-1.mga3.x86_64 is already installed Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox version: virtualbox-4.2.16-1.mga3.x86_64
MGA2-32-OK for me in VirtualBox default install wireshark-1.6.16-1.mga2.i586 from core release [root@localhost wilcal]# urpmi wireshark Package wireshark-1.6.16-1.mga2.i586 is already installed Tested using eth0 accessing both WAN and LAN sites. All successful and generate report install wireshark-1.6.16-1.1.mga2.i586 from core updates_testing Rerun testing with the same above tests. All successful [root@localhost wilcal]# urpmi wireshark Package wireshark-1.6.16-1.1.mga2.i586 is already installed Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox version: virtualbox-4.2.16-1.mga3.x86_64
MGA2-64-OK for me in VirtualBox default install wireshark-1.6.16-1.mga2.x86_64 from core release [root@localhost wilcal]# urpmi wireshark Package wireshark-1.6.16-1.mga2.x86_64 is already installed Tested using eth0 accessing both WAN and LAN sites. All successful and generate report install wireshark-1.6.16-1.1.mga2.x86_64 from core updates_testing Rerun testing with the same above tests. All successful [root@localhost wilcal]# urpmi wireshark Package wireshark-1.6.16-1.1.mga2.x86_64 is already installed Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox version: virtualbox-4.2.16-1.mga3.x86_64
Thanks for testing. Please do check out the PoCs for the security issues. If you look at the wireshark 1.8.9 release notes page linked in the advisory reference, there are links to bug reports for all of the security issues, and they should all have a .pcap file attached to them that you can use to reproduce the issues (generally just by opening them). They generally cause wireshark to crash or hang, but should not cause that to happen in the update candidates.
The qa wiki currently only describes how to test a new version of wireshark, rather then a security update. For security updates, we have to go to each of the wnpa-sec links, then the wireshark bug link, download the capture file, and make note of whether it's a tshark bug, or a wireshark bug, and if any special parameters or actions are needed. If it's tshark, and doesn't say otherwise, test with "tshark -nr $filename". If it's wireshark, and doesn't say otherwise, test with "wireshark $filename". This testing has to be done before installing the updated version, with notes taken as to the results of each test. Typically the result will either be a crash, or high cpu usage, requiring the command to be killed (use "killall tshark" or "killall wireshark", if needed). Not all tests will result in obvious problems. After installing the updated version, confirm that there are no more obvious problems, when repeating the tests. In addition, the update has to be tested for basic normal usage, as currently in the wiki. I'll update the wiki in the next day or two, and will start testing the existing version, and the updates testing version shortly. The below lists the cve, wireshark bug, link to the capture file to be used for the test, the file name resulting from clicking on the download of the capture, and the command to be used for the test. CVE-2013-4927 - Wireshark bug 8831 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11032 /home/dave/ws/packet-btsdp.pcap tshark -nr packet-btsdp.pcap CVE-2013-4929 - Wireshark bug 8911 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11164 /home/dave/ws/fuzz-2013-07-08-10651.pcap tshark -nr fuzz-2013-07-08-10651.pcap CVE-2013-4930 - Wireshark bug 8916 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11172 /home/dave/ws/test.pcap tshark -nr test.pcap CVE-2013-4931 - Wireshark bug 8923 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11188 /home/dave/ws/fuzz-2013-07-10-1226.pcap tshark -nr fuzz-2013-07-10-1226.pcap CVE-2013-4932 - Wireshark bug 8940 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11212 /home/dave/ws/fuzz-2013-07-15-22842.pcap tshark -nVxr fuzz-2013-07-15-22842.pcap CVE-2013-4933 and CVE-2013-4934 - Wireshark bug 8742X https://bugs.wireshark.org/bugzilla/attachment.cgi?id=10883 /home/dave/ws/7c51012f016f3e7d168fbf194fa1e932.cap tshark -nr /home/dave/ws/7c51012f016f3e7d168fbf194fa1e932.cap CVE-2013-4935 - Wireshark bug 8722 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=10853 /home/dave/ws/crash1.pcap To reproduce the crash, open the file in Wireshark, select a packet and decode as ULP.
Results before installing the updates testing version. CVE-2013-4927 - Wireshark bug 8831 tshark -nr packet-btsdp.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4929 - Wireshark bug 8911 tshark -nr fuzz-2013-07-08-10651.pcap Before updating i2 100%cpu usage, requires killing or ctrl+c x2 100%cpu usage, requires killing or ctrl+c i3 100%cpu usage, requires killing or ctrl+c x3 100%cpu usage, requires killing or ctrl+c CVE-2013-4930 - Wireshark bug 8916 tshark -nr test.pcap i2 no obvious problems x2 no obvious problems i3 GLib-ERROR **: gmem.c:165: failed to allocate 4294967295 bytes x3 GLib-ERROR **: gmem.c:165: failed to allocate 4294967295 bytes CVE-2013-4931 - Wireshark bug 8923 tshark -nr fuzz-2013-07-10-1226.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4932 - Wireshark bug 8940 tshark -nVxr fuzz-2013-07-15-22842.pcap i2 no obvious problems x2 segfault i3 no obvious problems x3 segfault CVE-2013-4933 and CVE-2013-4934 - Wireshark bug 8742X tshark -nr 7c51012f016f3e7d168fbf194fa1e932.cap i2 segfault x2 Aborted i3 Aborted x3 Aborted CVE-2013-4935 - Wireshark bug 8722 To reproduce the crash, open crash1.pcap in Wireshark, select a packet and decode as ULP. (Found decode under the analyze menu, and ULP under the transport dropdown). i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems I'll install the updates testing version and test those shortly.
Results after installing the updates testing version. CVE-2013-4927 - Wireshark bug 8831 tshark -nr packet-btsdp.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4929 - Wireshark bug 8911 tshark -nr fuzz-2013-07-08-10651.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4930 - Wireshark bug 8916 tshark -nr test.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4931 - Wireshark bug 8923 tshark -nr fuzz-2013-07-10-1226.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4932 - Wireshark bug 8940 tshark -nVxr fuzz-2013-07-15-22842.pcap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4933 and CVE-2013-4934 - Wireshark bug 8742X tshark -nr 7c51012f016f3e7d168fbf194fa1e932.cap i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems CVE-2013-4935 - Wireshark bug 8722 To reproduce the crash, open crash1.pcap in Wireshark, select a packet and decode as ULP. (Found decode under the analyze menu, and ULP under the transport dropdown). i2 no obvious problems x2 no obvious problems i3 no obvious problems x3 no obvious problems As William has already tested normal usage, I'll skip those tests. Validating the update will be held till bug 10857 has been validated. It would be easier to install the updates testing versions, if both wireshark and tshark had versioned requires on the libs they need.
Whiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK
bug 10857 has now been validated. Could someone from the sysadmin team push 10858.adv to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Have you tested the PoCs on the Mageia 2 update?
Seems like it David. I think Dave's version shorthand is i2 = Mga2 i586, x2 = Mga2 x86_64, etc. Feel free to confirm the tests yourself.
Update pushed; http://advisories.mageia.org/MGASA-2013-0236.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/561318/
====================================================== Name: CVE-2013-4920 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4920 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50083 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8826 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-42.html The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4921 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4921 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee80211-radiotap.c?r1=50090&r2=50089&pathrev=50090 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50090 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8830 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-43.html Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4922 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4922 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50094&r2=50093&pathrev=50094 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50094 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-44.html Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4923 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4923 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50094&r2=50093&pathrev=50094 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50094 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-44.html Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. ====================================================== Name: CVE-2013-4924 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4924 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50432&r2=50431&pathrev=50432 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50432 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-44.html epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. ====================================================== Name: CVE-2013-4925 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4925 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-44.html Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. ====================================================== Name: CVE-2013-4926 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4926 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-44.html epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4927 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4927 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-btsdp.c?r1=50134&r2=50133&pathrev=50134 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50134 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8831 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-45.html Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. ====================================================== Name: CVE-2013-4928 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4928 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-btobex.c?r1=50258&r2=50257&pathrev=50258 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50258 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8875 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-46.html Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. ====================================================== Name: CVE-2013-4929 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4929 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dis-pdus.c?r1=50450&r2=50449&pathrev=50450 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50450 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8911 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-47.html The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. ====================================================== Name: CVE-2013-4930 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4930 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dvbci.c?r1=50474&r2=50473&pathrev=50474 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50474 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8916 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-48.html The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. ====================================================== Name: CVE-2013-4931 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4931 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-49.html epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. ====================================================== Name: CVE-2013-4932 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4932 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-50.html Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4933 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4933 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49673&r2=49672&pathrev=49673 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49673 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-51.html The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. ====================================================== Name: CVE-2013-4934 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4934 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-51.html The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. ====================================================== Name: CVE-2013-4935 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4935 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-52.html The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4936 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4936 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130726 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=50472&r2=50471&pathrev=50472 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=50472 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904 Reference: CONFIRM:https://www.wireshark.org/security/wnpa-sec-2013-.html The dissect_smtp function in epan/dissectors/packet-smtp.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
CC: (none) => oe