-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2012.0165.2
        Multiple vulnerabilities have been identified in Wireshark
                              6 December 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Wireshark
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Denial of Service        -- Remote with User Interaction
                      Access Confidential Data -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-6062 CVE-2012-6061 CVE-2012-6060
                      CVE-2012-6059 CVE-2012-6058 CVE-2012-6057
                      CVE-2012-6056 CVE-2012-6055 CVE-2012-6054
                      CVE-2012-6053 CVE-2012-6052 
Member content until: Saturday, December 29 2012

Revision History:     December  6 2012: Added additional vulnerabilities and CVE references
                      November 29 2012: Initial Release

OVERVIEW

        Multiple vulnerabilities have been identified in Wireshark prior to 
        versions 1.8.4 and 1.6.12.


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities fixed in Wireshark 1.8.4:
        
        "Wireshark could leak potentially sensitive host name resolution 
        information when working with multiple pcap-ng files. Discovered by
        Laura Chappell." [1]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [2]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [3]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [4]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [5]
        
        The vendor has provided the following details regarding the 
        vulnerabilities fixed in Wireshark 1.8.4 and 1.6.12:
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [6]
        
        "It may be possible to make Wireshark crash by injecting a malformed
        packet onto the wire or by convincing someone to read a malformed 
        packet trace file." [7]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [8]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [9]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [10]
        
        "It may be possible to make Wireshark consume excessive CPU 
        resources by injecting a malformed packet onto the wire or by 
        convincing someone to read a malformed packet trace file." [11]


MITIGATION

        The vendor recommends updating to the latest version of Wireshark
        to correct this issue. [1]


REFERENCES

        [1] Wireshark pcap-ng host name disclosure
            http://www.wireshark.org/security/wnpa-sec-2012-30.html

        [2] Wireshark sFlow dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-32.html

        [3] Wireshark SCTP dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-33.html

        [4] Wireshark EIGRP dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-34.html

        [5] Wireshark 3GPP2 A11 dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-39.html

        [6] Wireshark USB dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-31.html

        [7] Wireshark ISAKMP dissector crash
            http://www.wireshark.org/security/wnpa-sec-2012-35.html

        [8] Wireshark iSCSI dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-36.html

        [9] Wireshark WTP dissector infinite loop
            http://www.wireshark.org/security/wnpa-sec-2012-37.html

        [10] Wireshark RTCP dissector inifinte loop
             http://www.wireshark.org/security/wnpa-sec-2012-38.html

        [11] Wireshark ICMPv6 dissector infinite loop
             http://www.wireshark.org/security/wnpa-sec-2012-40.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUL/rz+4yVqjM2NGpAQINgA//TkxBo/UsROcwKx7/Rkc9Y2AAeIkAHbv+
pha/3nyiIikuBHc8IPybhOv9M0ZY/eWA7bIxPDgi0kNxEvLp1wCQFcguWDYo6MX7
uX3WOUhvXVZImJkvHDxrRiz9FsuS8vj00QcW7rleSVVXz5xtPJsjLKPIQ+NrxvQi
qcVe3p9+PAMoM9tIkFXgnIu6SaBlmKET8vyrg5gONq1ttAxoDtzYqPzq7cA4iDXX
ZeTdL8zf8vg6Za8zbtF2tprj08lNcSFBod0hBKVXtwBspPhZdv2GQYWIVkkvm7iq
h2dhOCg+UrcTl9b7yhugvWIVyO6Gfdrx06pgjFLPQAEJcLlfcWhLpRLDwFB4NeeE
YIdkHOGlxFPL0GHNZlATTYcIPtW9rZzYlc8yO2ef0KuhE4nAaZk+i9wRBKUOKJsp
4Aydx/Cq2+P+zFRfO5r7SmSXZYrzU97bO/IBNnre6JTlrg1rd/kcjEHiq+JQ7l/c
oW5LDA7bgjp9d8TcHVlsE2Hat0ANqJ06NTOIIdBtA0pUdymZhFgkzEaiHAW4lcPO
vJyRixTOQ9+sd4NQovLf2/QT9KamkFKtEaW1FLR4RbIKtkzyaXqy15XsVykizImT
cBxGCy7tCnhhU49yo9odsfLOJ/N4iXHhxdoZhdhmG8qepqP0BHWXneYrrZ6tEA/y
hUf5F58iT+E=
=bL0B
-----END PGP SIGNATURE-----