Debian Bug report logs - #384529
wnpa-sec-2006-02: multiple problems in Wireshark/Ethereal version 0.7.9 to 0.99.2

version graph

Package: wireshark; Maintainer for wireshark is Balint Reczey <balint@balintreczey.hu>; Source for wireshark is src:wireshark.

Reported by: Sam Morris <sam@robots.org.uk>

Date: Thu, 24 Aug 2006 22:18:29 UTC

Severity: critical

Tags: fixed, security

Found in version wireshark/0.99.2-5

Fixed in version 0.99.2-5.1

Done: "Steinar H. Gunderson" <sesse@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#384529; Package wireshark. Full text and rfc822 format available.

Acknowledgement sent to Sam Morris <sam@robots.org.uk>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sam Morris <sam@robots.org.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wnpa-sec-2006-02: multiple problems in Wireshark/Ethereal version 0.7.9 to 0.99.2
Date: Thu, 24 Aug 2006 22:20:49 +0100
Package: wireshark
Version: 0.99.2-5
Severity: critical
Tags: security
Justification: root security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From <http://www.wireshark.org/security/wnpa-sec-2006-02.html>:

Wireshark 0.99.3 fixes the following vulnerabilities:

    * The SCSI dissector could crash.
	  Versions affected: 0.99.2. CVE: CVE-2006-4330
    * If Wireshark was compiled with ESP decryption support, the IPsec
	  ESP preference parser was susceptible to off-by-one errors. Versions
	  affected: 0.99.2. CVE: CVE-2006-4331
    * The DHCP dissector (and possibly others) in the Windows version of
	  Wireshark could trigger a bug in Glib and crash.
	  Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332
    * If the SSCOP dissector has a port range configured and the SSCOP
	  payload protocol is Q.2931, a malformed packet could make the Q.2931
	  dissector use up available memory. No port range is configured by
	  default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333 

 It may be possible to make Wireshark or Ethereal crash, use up available
 memory, or run arbitrary code by injecting a purposefully malformed packet
 onto the wire or by convincing someone to read a malformed packet trace
 file.

- -- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages wireshark depends on:
ii  libadns1                     1.1-4       Asynchronous-capable DNS client li
ii  libatk1.0-0                  1.12.1-1    The ATK accessibility toolkit
ii  libc6                        2.3.6-15    GNU C Library: Shared libraries
ii  libcairo2                    1.2.4-1     The Cairo 2D vector graphics libra
ii  libcap1                      1:1.10-14   support for getting/setting POSIX.
ii  libcomerr2                   1.39-1      common error description library
ii  libfontconfig1               2.3.2-7     generic font configuration library
ii  libglib2.0-0                 2.12.2-1    The GLib library of C routines
ii  libgnutls13                  1.4.2-1     the GNU TLS library - runtime libr
ii  libgtk2.0-0                  2.8.20-1    The GTK+ graphical user interface 
ii  libkrb53                     1.4.3-9     MIT Kerberos runtime libraries
ii  libpango1.0-0                1.12.3-1+b1 Layout and rendering of internatio
ii  libpcap0.8                   0.9.4-2     System interface for user-level pa
ii  libpcre3                     6.4-2       Perl 5 Compatible Regular Expressi
ii  libx11-6                     2:1.0.0-8   X11 client-side library
ii  libxcursor1                  1.1.5.2-5   X cursor management library
ii  libxext6                     1:1.0.0-4   X11 miscellaneous extension librar
ii  libxfixes3                   1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii  libxi6                       1:1.0.0-5   X11 Input extension library
ii  libxinerama1                 1:1.0.1-4   X11 Xinerama extension library
ii  libxrandr2                   2:1.1.0.2-4 X11 RandR extension library
ii  libxrender1                  1:0.9.0.2-4 X Rendering Extension client libra
ii  wireshark-common             0.99.2-5    network traffic analyser (common f
ii  zlib1g                       1:1.2.3-13  compression library - runtime

Versions of packages wireshark recommends:
ii  gksu                          1.9.2-1    graphical frontend to su

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE7hgxshl/216gEHgRAu53AJ9mdfcbd4gDSg+ce54B48jH4ASXtQCeMKOO
RkEzJd3JY+tHSy1EgOZPIJg=
=we6s
-----END PGP SIGNATURE-----



Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#384529; Package wireshark. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>. Full text and rfc822 format available.

Message #10 received at 384529@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Sam Morris <sam@robots.org.uk>
Cc: 384529@bugs.debian.org
Subject: Re: wnpa-sec-2006-02: multiple problems in Wireshark/Ethereal version 0.7.9 to 0.99.2
Date: Tue, 5 Sep 2006 02:12:46 +0200
On Thu, Aug 24, 2006 at 10:20:49PM +0100, Sam Morris wrote:
> Wireshark 0.99.3 fixes the following vulnerabilities:

For those backporting fixes for these holes, I've dug up the Subversion
revision numbers (I'll be doing a backport NMU for this instead of NMUing
with a new upstream version, simply because the amount of work/pain needed
for a new-version-NMU with a debian/ directory in there is just too big).

>     * The SCSI dissector could crash.
> 	  Versions affected: 0.99.2. CVE: CVE-2006-4330

svn diff -r18831:18832 http://anonsvn.wireshark.org/wireshark/trunk/

>     * If Wireshark was compiled with ESP decryption support, the IPsec
> 	  ESP preference parser was susceptible to off-by-one errors. Versions
> 	  affected: 0.99.2. CVE: CVE-2006-4331

svn diff -r18855:18856 http://anonsvn.wireshark.org/wireshark/trunk/  # this also contains unrelated changes, unfortunately
svn diff -r18914:18915 http://anonsvn.wireshark.org/wireshark/trunk/
svn diff -r18942:18943 http://anonsvn.wireshark.org/wireshark/trunk/

>     * The DHCP dissector (and possibly others) in the Windows version of
> 	  Wireshark could trigger a bug in Glib and crash.
> 	  Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332

(r18883, but not relevant for us)

>     * If the SSCOP dissector has a port range configured and the SSCOP
> 	  payload protocol is Q.2931, a malformed packet could make the Q.2931
> 	  dissector use up available memory. No port range is configured by
> 	  default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333 

svn diff -r18991:18992 http://anonsvn.wireshark.org/wireshark/trunk/

/* Steinar */
-- 
Homepage: http://www.sesse.net/



Tags added: fixed Request was from sesse@debian.org (Steinar H. Gunderson) to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to "Steinar H. Gunderson" <sesse@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Sam Morris <sam@robots.org.uk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 384529-done@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sesse@debian.org>
To: 384529-done@bugs.debian.org
Subject: Re: Fixed in NMU of wireshark 0.99.2-5.1
Date: Tue, 5 Sep 2006 11:51:39 +0200
Version: 0.99.2-5.1

I've NMUed for this bug (fixing the bug to use versioning instead of the
"fixed" tag, to ease tracking through testing); here's the changelog:

>  wireshark (0.99.2-5.1) unstable; urgency=medium
>  .
>    * Non-maintainer upload.
>    * Backport security fixes from 0.99.3a (via Subversion); fixes
>      CVE-2006-4331, CVE-2006-4333 (CVE-2006-4330 was fixed in last upload,
>      and CVE-2006-4332 is not relevant for Debian). (Closes: #384529)

/* Steinar */
-- 
Homepage: http://www.sesse.net/



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 01:41:52 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 12:37:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.