SB2012120501 - Multiple vulnerabilities in Wireshark
Published: December 5, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2012-6056)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
2) Input validation error (CVE-ID: CVE-2012-6057)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.
3) Input validation error (CVE-ID: CVE-2012-6058)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.
4) Input validation error (CVE-ID: CVE-2012-6059)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
5) Input validation error (CVE-ID: CVE-2012-6060)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
6) Input validation error (CVE-ID: CVE-2012-6061)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.
7) Input validation error (CVE-ID: CVE-2012-6062)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
8) Information disclosure (CVE-ID: CVE-2012-6052)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
9) Input validation error (CVE-ID: CVE-2012-6053)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.
10) Input validation error (CVE-ID: CVE-2012-6054)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.
11) Input validation error (CVE-ID: CVE-2012-6055)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
Remediation
Install update from vendor's website.
References
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sctp.c?r1=45355&r2=45354&pathrev=45355
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45355
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
- http://rhn.redhat.com/errata/RHSA-2014-0341.html
- http://www.wireshark.org/security/wnpa-sec-2012-33.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7802
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16139
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408
- http://www.wireshark.org/security/wnpa-sec-2012-34.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459
- http://www.wireshark.org/security/wnpa-sec-2012-40.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16075
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510
- http://www.wireshark.org/security/wnpa-sec-2012-35.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15239
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-iscsi.c?r1=45524&r2=45523&pathrev=45524
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45524
- http://www.wireshark.org/security/wnpa-sec-2012-36.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7858
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16038
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-wtp.c?r1=45614&r2=45613&pathrev=45614
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45614
- http://www.wireshark.org/security/wnpa-sec-2012-37.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15253
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtcp.c?r1=45717&r2=45716&pathrev=45717
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45717
- http://www.wireshark.org/security/wnpa-sec-2012-38.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7879
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15894
- http://www.wireshark.org/security/wnpa-sec-2012-30.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16040
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310
- http://www.wireshark.org/security/wnpa-sec-2012-31.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15915
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sflow.c?r1=45324&r2=45323&pathrev=45324
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45324
- http://www.wireshark.org/security/wnpa-sec-2012-32.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15764
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-3g-a11.c?r1=45337&r2=45336&pathrev=45337
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45337
- http://www.wireshark.org/security/wnpa-sec-2012-39.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7801
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16044