ESB-2017.1785 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction 2017-07-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1785
                    Wireshark: Multiple vulnerabilities
                               20 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Wireshark
Publisher:         Wireshark
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-11411 CVE-2017-11410 CVE-2017-11408
                   CVE-2017-11407 CVE-2017-11406 CVE-2017-9350
                   CVE-2017-7702  

Reference:         ESB-2017.1406

Original Bulletin: 
   https://www.wireshark.org/security/wnpa-sec-2017-13.html
   https://www.wireshark.org/security/wnpa-sec-2017-28.html
   https://www.wireshark.org/security/wnpa-sec-2017-34.html
   https://www.wireshark.org/security/wnpa-sec-2017-35.html
   https://www.wireshark.org/security/wnpa-sec-2017-36.html

Comment: This bulletin contains five (5) Wireshark security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

wnpa-sec-2017-13 WBXML dissector infinite loop

Summary

Name: WBXML dissector infinite loop

Docid: wnpa-sec-2017-13

Date: April 12, 2017

Affected versions: 2.2.0 to 2.2.7, 2.0.0 to 2.0.13

Fixed versions: 2.2.8, 2.0.14

References:

Wireshark bug 13477
Wireshark bug 13796
CVE-2017-7702
CVE-2017-11410

Details

Description

The WBXML dissector could go into an infinite loop. Discovered by Otto
Airamo and Antti Levomaki, Forcepoint.

Impact

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.8, 2.0.14 or later.

Update: July 18, 2017

Updated for Wireshark 2.2.8 and 2.0.14. Added bug 13796.

=========================================================

wnpa-sec-2017-28 openSAFETY dissector memory exhaustion

Summary

Name: openSAFETY dissector memory exhaustion

Docid: wnpa-sec-2017-28

Date: June 1, 2017

Affected versions: 2.2.0 to 2.2.7, 2.0.0 to 2.0.13

Fixed versions: 2.2.8, 2.0.14

References:

Wireshark bug 13649
Wireshark bug 13755
CVE-2017-9350
CVE-2017-11411

Details

Description

The openSAFETY dissector could crash or exhaust system memory. Discovered
by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash or consume excessive CPU resources
by injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.8, 2.0.14 or later.

Update: July 18, 2017

Updated for Wireshark 2.2.8 and 2.0.14. Added bug 13755.

=========================================================

wnpa-sec-2017-34 AMQP dissector crash

Summary

Name: AMQP dissector crash

Docid: wnpa-sec-2017-34

Date: July 18, 2017

Affected versions: 2.2.0 to 2.2.7, 2.0.0 to 2.0.13

Fixed versions: 2.2.8, 2.0.14

References:

Wireshark bug 13780
CVE-2017-11408

Details

Description

The AMQP dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.8, 2.0.14 or later.

=========================================================

wnpa-sec-2017-35 MQ dissector crash

Summary

Name: MQ dissector crash

Docid: wnpa-sec-2017-35

Date: July 18, 2017

Affected versions: 2.2.0 to 2.2.7, 2.0.0 to 2.0.13

Fixed versions: 2.2.8, 2.0.14

References:

Wireshark bug 13792
CVE-2017-11407

Details

Description

The MQ dissector could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.8, 2.0.14 or later.

=========================================================

wnpa-sec-2017-36 DOCSIS infinite loop

Summary

Name: DOCSIS infinite loop

Docid: wnpa-sec-2017-36

Date: July 18, 2017

Affected versions: 2.2.0 to 2.2.7, 2.0.0 to 2.0.13

Fixed versions: 2.2.8, 2.0.14

References:

Wireshark bug 13797
CVE-2017-11406

Details

Description

The DOCSIS dissector could go into an infinite loop.

Impact

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.8, 2.0.14 or later.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXBSIIx+lLeg9Ub1AQjs/A/+M0vGMUCVCI0W+5rr3SdJse4rswrTLmyH
qx1qYib00Hho/amttWneuQXYZiGPRAfpW1FHu224VX5TXsPQckXwpw4NUrrXrbC0
oFyB+GckvR/qUkW30gt4QVRzRSmFEI83zEwGGAwWh3gWKYqN6R439yGytOSB7FII
dNC9+3vLDKmDwRtNwUAi8PebyezECPfb2c/XIwDoaU8F3xr+DYE4mMkoreisYAoy
+aHqT+S66WE2oQc2Qk1RUGdoJY3mMjbMyyhm263izvXXQ7AY/btoQdxXrTNrkoOF
aM+P4HA0gZoEFBHuk8HUOnQ4vhamRvGrhY97MlCGzbYSf8vX1zpu2K6YuA7cl+qL
eEVz3WDoZoSm9doGqRhu9Udt7z0kK4aMwaKKm9/YkqYM0os2cytLJl4QCzt9OBUQ
YwaOWw6zV8djHzuX4Wg8MnDQdz6AvXeAWtpsMkRSK3FTpYvNVywxDHAf2TA7xejM
rrLmTAfWAmYtMTzm7TrIyEkDvR9ZPF9m4HoiHb+qd1bGOnUS+gh7S6VYY+bF3Q/P
jgTVe3mBmgtSAkGZ5vSaX2ltIh7TbavYr/qknIjEtEjEzl7hqg6XVj8gNrl0kx6I
b7Vdu6zYwBWHoVBK9c9afz7kBQf4s5155E0TfS4V5F0ZznLMyC2y4o5xXhPpqEae
VownJ7xQpmo=
=8O/b
-----END PGP SIGNATURE-----

« Back to bulletins