ESB-2018.0141 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction 2018-01-12

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0141
        Multiple vulnerabilities have been identified in Wireshark
                              12 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Wireshark
Publisher:         Wireshark
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5336 CVE-2018-5335 CVE-2018-5334
                   CVE-2017-17997  

Original Bulletin: 
   https://www.wireshark.org/security/wnpa-sec-2018-01.html
   https://www.wireshark.org/security/wnpa-sec-2018-02.html
   https://www.wireshark.org/security/wnpa-sec-2018-03.html
   https://www.wireshark.org/security/wnpa-sec-2018-04.html

Comment: This bulletin contains four (4) Wireshark security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

wnpa-sec-2018-01 - Multiple dissectors could crash

Summary

Name: Multiple dissectors could crash

Docid: wnpa-sec-2018-01

Date: January 11, 2018

Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11

Fixed versions: 2.4.4, 2.2.12

References:
Wireshark bug 14253
CVE-2018-5336

Details

Description

The JSON, XML, NTP, XMPP, and GDB dissectors could crash. Discovered by
Kamil Frankowicz.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.4.4, 2.2.12 or later.

- --------------------------------------------------------------------------------
wnpa-sec-2018-02 - MRDISC dissector crash

Summary

Name: MRDISC dissector crash

Docid: wnpa-sec-2018-02

Date: January 11, 2018

Affected versions: 2.2.0 to 2.2.11

Fixed versions: 2.2.12

References:
Wireshark bug 14299
CVE-2017-17997

Details

Description

The MRDISC dissector could crash. Discovered by Young.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.2.12 or later.

- --------------------------------------------------------------------------------
wnpa-sec-2018-03 - IxVeriWave file parser crash

Summary

Name: IxVeriWave file parser crash

Docid: wnpa-sec-2018-03

Date: January 11, 2018

Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11

Fixed versions: 2.4.4, 2.2.12

References:
Wireshark bug 14297
CVE-2018-5334

Details

Description

The IxVeriWave file parser could crash. Discovered by Young.

Impact

It may be possible to make Wireshark crash by convincing someone to read
a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.4.4, 2.2.12 or later.

- --------------------------------------------------------------------------------
wnpa-sec-2018-04 - WCP dissector crash

Summary

Name: WCP dissector crash

Docid: wnpa-sec-2018-04

Date: January 11, 2018

Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11

Fixed versions: 2.4.4, 2.2.12

References:
Wireshark bug 14251
CVE-2018-5335

Details

Description

The WCP dissector could crash. Discovered by Kamil Frankowicz.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.4.4, 2.2.12 or later.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWlgn+Yx+lLeg9Ub1AQhtTBAAlAz9p36D5LvmE8yt0R9aHGhrOwPpg66K
GwPXsjFwFunh2mPfqcpGViP/NzsHPCxoXRNNUsxcOweA/FNs21pq5IV41UpcyoQZ
sbMM20OzaeiryxywNH3DIyrv6CJ42COqPuBwZTfH7fn3fZpiQUJZl1p+wcABDtMP
abSLrSyYmdsk9zkh7j5xnta7uslCwhwGSarNhdWCaqzzUHiZl8CB/tj776TLldM0
7fGV9VHu3fEImA5utzRFMC5U5U9Hd8vfHFy88q+ClfJf+z0XihVjjwC65Wb5nUCf
79BCdYw5sR2MP1BQaCCB9uRVuYcjd2yiq7HEoKv1szmeP0LMiqeSCUWVjje4XuYD
4N4qrhAwdocXc3bOxEowRGIErPEVQj1JHENrZnn6Q4OSbZyHGFmK/imJfwUx8y22
9Q9YcEGWlxoRR6dZk3++hY/WRpgAk35/jH+Wgtz9um3PSr6XNKY2heagAg7NlXB4
cSMhhXXVTuRqYAQxk2QBpd6Qe8iQnWvh1TXRfcGfZA4TxRPUY0Gxp9ZMhhrEVwbY
dUXzccqzNaBXlAPAtZuSFw1UXigJYimBHxaE8svCkEcUUiA/mtQN70HCbMAew4Ba
XwcD79qkwbqc6K90OL/6yuV6fcMzAVwvpgnNHJIMuVDWmIZulfBjZP7u7m+NYOd4
Neww9dTcAZM=
=SV0M
-----END PGP SIGNATURE-----

« Back to bulletins