Wireshark Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1027404 |
|
SecurityTracker URL: http://securitytracker.com/id/1027404
|
|
CVE Reference:
CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298
(Links to External Site)
|
Date: Aug 15 2012
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to versions 1.4.15, 1.6.10, 1.8.2
|
Description:
Multiple vulnerability were reported in Wireshark. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can trigger a divide by zero error in the DCP ETSI dissector [CVE-2012-4285]. Laurent Butti reported this vulnerability.
A remote user can trigger a divide by zero error in the pcap-ng file parser [CVE-2012-4286]. Versions 1.8.0 to 1.8.1 are affected.
A remote user can cause the MongoDB dissector to consume excessive CPU resources on the target system [CVE-2012-4287]. Versions 1.8.0 to 1.8.1 are affected. Ben Schmidt reported this vulnerability.
A remote user can cause the XTP dissector to enter an infinite loop [CVE-2012-4288]. Ben Schmidt reported this vulnerability.
A remote user can cause the AFP dissector to consume excessive CPU resources on the target system [CVE-2012-4289]. Stefan Cornelius reported this vulnerability.
A remote user can cause the CTDB dissector to consume excessive CPU resources on the target system [CVE-2012-4290]. Ben Schmidt reported this vulnerability.
A remote user can cause the CIP dissector to consume all available system memory [CVE-2012-4291]. Ben Schmidt reported this vulnerability.
A remote user can cause the STUN dissector to crash [CVE-2012-4292]. Laurent Butti reported this vulnerability.
A remote user can cause the EtherCAT Mailbox dissector to abort [CVE-2012-4293]. Laurent Butti reported this vulnerability.
A remote user can trigger a buffer overflow in the ERF dissector to execute arbitrary code on the target system [CVE-2012-4294, CVE-2012-4295]. Versions 1.8.0 to 1.8.1 are affected. Laurent Butti reported this vulnerability.
A remote user can trigger a buffer overflow in the RTPS2 dissector to execute arbitrary code on the target system [CVE-2012-4296]. Laurent Butti reported this vulnerability.
A remote user can trigger a buffer overflow in the GSM RLC MAC dissector to execute arbitrary code on the target system [CVE-2012-4297]. Versions 1.6.0 to 1.6.9 and 1.8.0 to 1.8.1 are affected. Laurent Butti reported this vulnerability.
A remote user can trigger a buffer overflow in the Ixia IxVeriWave file parser to execute arbitrary code on the target system [CVE-2012-4298]. Versions 1.8.0 to 1.8.1 are affected.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can the target dissector to crash, consume excessive CPU resources, or consume all available system memory.
|
Solution:
The vendor has issued a fix (1.4.15, 1.6.10, 1.8.2).
The vendor's advisories are available at:
http://www.wireshark.org/security/wnpa-sec-2012-14.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-16.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/security/wnpa-sec-2012-24.html
http://www.wireshark.org/security/wnpa-sec-2012-25.html
|
Vendor URL: www.wireshark.org/security/wnpa-sec-2012-14.html (Links to External Site)
|
Cause:
Boundary error, Resource error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 15 Aug 2012 21:48:36 +0000
Subject: Wireshark
|
http://www.wireshark.org/security/wnpa-sec-2012-14.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-16.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/security/wnpa-sec-2012-24.html
http://www.wireshark.org/security/wnpa-sec-2012-25.html
CVE-2012-4285
CVE-2012-4286
CVE-2012-4287
CVE-2012-4288
CVE-2012-4288
CVE-2012-4289
CVE-2012-4290
CVE-2012-4291
CVE-2012-4292
CVE-2012-4293
CVE-2012-4294
CVE-2012-4295
CVE-2012-4296
CVE-2012-4297
CVE-2012-4298
|
|
