SB2016010402 - Multiple vulnerabilities in Wireshark
Published: January 4, 2016 Updated: March 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2015-8742)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
2) Input validation error (CVE-ID: CVE-2015-8741)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3) Stack-based buffer overflow (CVE-ID: CVE-2015-8740)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector when processing a crafted packet. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Division by zero (CVE-ID: CVE-2015-8738)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted packet.
5) Input validation error (CVE-ID: CVE-2015-8739)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
6) Division by zero (CVE-ID: CVE-2015-8737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted file.
7) Stack-based buffer overflow (CVE-ID: CVE-2015-8736)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser when processing a crafted file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Input validation error (CVE-ID: CVE-2015-8735)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.
9) Input validation error (CVE-ID: CVE-2015-8734)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Remediation
Install update from vendor's website.
References
- http://www.securitytracker.com/id/1034551
- http://www.wireshark.org/security/wnpa-sec-2015-60.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d48b0eff28c995947ac3f8d842ddd9b50dd5798d
- https://security.gentoo.org/glsa/201604-05
- http://www.wireshark.org/security/wnpa-sec-2015-59.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2290eba5cb25f927f9142680193ac1158d35506e
- http://www.securityfocus.com/bid/79382
- http://www.wireshark.org/security/wnpa-sec-2015-58.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e78093f69f1e95df919bbe644baa06c7e4e720c0
- http://www.wireshark.org/security/wnpa-sec-2015-56.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
- http://www.wireshark.org/security/wnpa-sec-2015-57.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
- http://www.wireshark.org/security/wnpa-sec-2015-55.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e3fc691368af60bbbaec9e038ee6a6d3b7707955
- http://www.wireshark.org/security/wnpa-sec-2015-54.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=baa3eab78b422616a92ee38551c1b1510dca4ccb
- http://www.wireshark.org/security/wnpa-sec-2015-53.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
- http://www.wireshark.org/security/wnpa-sec-2015-52.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2c889abe0219fc162659e106c5b95deb6268f3