Bug 3103 - Security issues in wireshark
Summary: Security issues in wireshark
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2011-10-18 21:58 CEST by Nicolas Vigier
Modified: 2011-10-22 22:45 CEST (History)
3 users (show)

See Also:
Source RPM: wireshark
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Vigier 2011-10-18 21:58:11 CEST 
Wireshark 1.4.9 fix CVE-2011-3266 and other security issues :
http://www.wireshark.org/lists/wireshark-announce/201109/msg00001.html
Anssi Hannula 2011-10-18 22:05:53 CEST

Assignee: anssi.hannula => doktor5000

Comment 1 Florian Hubold 2011-10-19 02:07:05 CEST 
Citing from: http://www.wireshark.org/lists/wireshark-announce/201109/msg00001.html

   The following vulnerabilities have been fixed.

     o wnpa-sec-2011-13
       A malformed IKE packet could consume excessive resources.
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
       CVE-2011-3266

     o wnpa-sec-2011-14
       A malformed capture file could result in an invalid root
       tvbuff and cause a crash. (Bug 6135)
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.

     o wnpa-sec-2011-15
       Wireshark could run arbitrary Lua scripts. (Bug 6136)
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.


Working on CVE-2011-3266, the other two issues were already fixed with the last wireshark update.

Status: NEW => ASSIGNED

Comment 2 Florian Hubold 2011-10-21 16:12:43 CEST 
There is now wireshark-1.4.6-2.2.mga1 in core/updates_testing to validate
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the following CVEs:

- CVE-2011-3266


Wireshark is prone to a denial-of-service vulnerability because it fails to properly handle specially crafted IKE packets. An attacker can exploit this issue to trigger an infinite loop, which causes the affected application to crash, denying service to legitimate users.

This issue was reported by the penetration test team Of NCNIPC (China) [1]

[1] http://www.securityfocus.com/archive/1/archive/1/519049/100/0/threaded

-------------------------------------------------------
Steps to reproduce:

- install/update to update candidate
- exploit or proof of concept does not seem to be publicly available

Assignee: doktor5000 => qa-bugs

Comment 3 Dave Hodgins 2011-10-22 04:36:52 CEST 
Testing complete on i586 for the srpm
wireshark-1.4.6-2.2.mga1.src.rpm.

Just testing basic capture, and display of info.

CC: (none) => davidwhodgins

Comment 4 claire robinson 2011-10-22 13:05:19 CEST 
Testing complete x86_64

Advisory:
-----------------------
This update addresses the following CVEs:

- CVE-2011-3266


Wireshark is prone to a denial-of-service vulnerability because it fails to
properly handle specially crafted IKE packets. An attacker can exploit this
issue to trigger an infinite loop, which causes the affected application to
crash, denying service to legitimate users.

This issue was reported by the penetration test team Of NCNIPC (China) [1]

[1] http://www.securityfocus.com/archive/1/archive/1/519049/100/0/threaded

-----------------------

SRPM: wireshark-1.4.6-2.2.mga1.src.rpm

Sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2011-10-22 22:45:18 CEST 
Update pushed.

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.