Bug 7681 - wireshark new releases 1.6.11 and 1.8.3 fix security issues
: wireshark new releases 1.6.11 and 1.8.3 fix security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: has_procedure MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-03 02:47 CEST by David Walser
Modified: 2012-10-09 13:33 CEST (History)
4 users (show)

See Also:
Source RPM: wireshark-1.6.10-1.mga2.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-10-03 02:47:28 CEST
Announced today (October 2):
http://www.wireshark.org/news/20121002.html
Comment 2 David Walser 2012-10-03 02:59:06 CEST
It's not immediately obvious whether Mageia 1 is affected as Wireshark 1.4 is no longer supported upstream.
Comment 3 David Walser 2012-10-03 03:32:51 CEST
Here's the code change for that vulnerability:
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-drda.c?r1=44749&r2=44748&pathrev=44749

It appears that code is a while loop, looping because "there may be multiple DRDA commands in one frame," but that same code in 1.4 does not run inside of a while loop (so maybe it doesn't support multiple DRDA commands in one frame).

I doubt this vulnerability, which is that the while loop could be infinite, is present in 1.4 given that the while loop itself is not there.  If there's a PoC to test we can confirm this, but it seems highly likely.
Comment 4 David Walser 2012-10-03 04:02:15 CEST
Updated packages uploaded for Mageia 2 and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
http://www.wireshark.org/security/wnpa-sec-2012-28.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html
http://www.wireshark.org/news/20121002.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.11-1.mga2
libwireshark1-1.6.11-1.mga2
libwireshark-devel-1.6.11-1.mga2
wireshark-tools-1.6.11-1.mga2
tshark-1.6.11-1.mga2
rawshark-1.6.11-1.mga2
dumpcap-1.6.11-1.mga2

from wireshark-1.6.11-1.mga2.src.rpm
Comment 5 claire robinson 2012-10-03 09:54:43 CEST
PoC: attached to this bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666

There are also instructions in the bug report, just open the capture file with wireshark or tshark -r
Comment 6 Dave Hodgins 2012-10-04 04:59:54 CEST
Testing complete on Mageia 2 x86-64 and i586.

Thanks for the poc Claire.

I've also confirmed that Mageia 1 is not affected.

Could someone from the sysadmin team push the srpm
wireshark-1.6.11-1.mga2.src.rpm
from Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerability:

Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
http://www.wireshark.org/security/wnpa-sec-2012-28.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html
http://www.wireshark.org/news/20121002.html

https://bugs.mageia.org/show_bug.cgi?id=7681
Comment 7 Thomas Backlund 2012-10-06 17:47:08 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0284
Comment 8 David Walser 2012-10-09 13:33:48 CEST
The CVE has been updated to say that is a duplicate of CVE-2012-3548:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3548

This was also noted by LWN, who posted our advisory:
http://lwn.net/Vulnerabilities/518920/

Could be update the advisory on the wiki and replace the CVE reference?

Note You need to log in before you can comment on or make changes to this bug.