ESB-2017.2165 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction 2017-08-30

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2165
        Multiple vulnerabilities have been identified in Wireshark
                 prior to versions 2.4.1, 2.2.9 and 2.0.15
                              30 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Wireshark
Publisher:         Wireshark
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://www.wireshark.org/security/wnpa-sec-2017-38.html
   https://www.wireshark.org/security/wnpa-sec-2017-39.html
   https://www.wireshark.org/security/wnpa-sec-2017-40.html
   https://www.wireshark.org/security/wnpa-sec-2017-41.html

Comment: This bulletin contains four (4) Wireshark security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

wnpa-sec-2017-38 · MSDP dissector infinite loop
Summary

Name: MSDP dissector infinite loop

Docid: wnpa-sec-2017-38

Date: August 29, 2017

Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14

Fixed versions: 2.4.1, 2.2.9, 2.0.15

References: 
Wireshark bug 13933

Details

Description
The MSDP dissector could go into an infinite loop. Discovered by Zhangwangjunjie and Marco Grass.

Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 2.4.1, 2.2.9, 2.0.15 or later.

- ---

wnpa-sec-2017-39 · Profinet I/O buffer overrun
Summary

Name: Profinet I/O buffer overrun

Docid: wnpa-sec-2017-39

Date: August 29, 2017

Affected versions: 2.4.0, 2.2.0 to 2.2.8

Fixed versions: 2.4.1, 2.2.9

References: 
Wireshark bug 13847

Details

Description
The Profinet I/O dissector could overrun a buffer. Discovered by ulf33286.

Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 2.4.1, 2.2.9 or later

- ---

wnpa-sec-2017-40 · Modbus dissector crash
Summary

Name: Modbus dissector crash

Docid: wnpa-sec-2017-40

Date: August 29, 2017

Affected versions: 2.4.0

Fixed versions: 2.4.1

References: 
Wireshark bug 13925

Details

Description
The Modbus dissector could crash.

Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 2.4.1 or later.

- ---

wnpa-sec-2017-41 · IrCOMM dissector buffer overrun
Summary

Name: IrCOMM dissector buffer overrun

Docid: wnpa-sec-2017-41

Date: August 29, 2017

Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14

Fixed versions: 2.4.1, 2.2.9, 2.0.15

References: 
Wireshark bug 13929

Details

Description
The IrCOMM dissector could read past the end of a buffer.

Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 2.4.1, 2.2.9, 2.0.15 or later.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWaYw/4x+lLeg9Ub1AQj8qg//SEmoVhVKYm/5b6yD1umhz9Zbb0lAnjK6
ExrJo7frMSvl8tg23FyQNgh2aqJJIvroUqQZIcO5pogH07Ei+mW+5G8PX+Nphhtt
a9sujihll5BaYaJWTHUS1kSpMjMfQvBpXPCKxYAskcPt7H+mNhxD1y+y007jQ1jR
tdEiHi4mZlqA/9U2UOJ84Owz6IcdYxcYDs+wyXu5GrxUzvdrwh76P8XDlgIQkSJA
nvCeeV2Twc1iCuXeyS98ZHWMtKhbYVRh4+JEGqA9PQOikSHcXW5OpkUHrd9ID3hl
gRM8BjSfckPW6XsVjfyYQB0fbHTG61MlU3CZE0x5DHwmL4p2pusMNVihupi3vX1a
fNAkcmfN2Gz78sBF78E2v1iLovg0MMkEOUyLnGUl9s0luTWQChRkiEsmrLQE/aR6
HZL46vz/BvBNEP2Srg2JzhAwTdHY1M9pUgMfUsRmt/kXhx/QNLne12HVaI/cIPgO
QYXWCnIRXJX1Z3AyEcTQ6b7OJkG0bL1oG+VG9x/ILcR75uEpSG0Y2A5NrxJavBN/
zOn4/uOoZ4Y9MprEOeZgQOa+F0AbpYQ6d7LVUwBtW2foZEVO2xPh+DUOKaJEKA1O
kjjIF4yZJRZpxIgUmZT+99aWXU/1eArixa5wMfsxzMF4MuzK52EbezkQZ+CAp6zr
0bZ61fLD5kU=
=Sa4O
-----END PGP SIGNATURE-----

« Back to bulletins