ESB-2018.1596 - [Win][UNIX/Linux] Wireshark: Multiple vulnerabilities 2018-05-28

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1596
                   Fuzzing reveals crashes in Wireshark
                                28 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Wireshark
Publisher:         Wireshark Foundation
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-11361 CVE-2018-11360 CVE-2018-11359
                   CVE-2018-11358 CVE-2018-11357 CVE-2018-11356
                   CVE-2018-11355 CVE-2018-11354 

Original Bulletin: 
   https://www.wireshark.org/security/wnpa-sec-2018-26.html
   https://www.wireshark.org/security/wnpa-sec-2018-27.html
   https://www.wireshark.org/security/wnpa-sec-2018-28.html
   https://www.wireshark.org/security/wnpa-sec-2018-29.html
   https://www.wireshark.org/security/wnpa-sec-2018-30.html
   https://www.wireshark.org/security/wnpa-sec-2018-31.html
   https://www.wireshark.org/security/wnpa-sec-2018-32.html
   https://www.wireshark.org/security/wnpa-sec-2018-33.html

Comment: This bulletin contains eight (8) Wireshark Foundation security 
         advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

wnpa-sec-2018-26 - IEEE 1905.1a dissector crash

Summary

Name: IEEE 1905.1a dissector crash

Docid: wnpa-sec-2018-26

Date: May 22, 2018

Affected versions: 2.6.0

Fixed versions: 2.6.1

References:
Wireshark bug 14647
CVE-2018-11354

Details

Description

The IEEE 1905.1a dissector could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-27 - RTCP dissector crash

Summary

Name: RTCP dissector crash

Docid: wnpa-sec-2018-27

Date: May 22, 2018

Affected versions: 2.6.0

Fixed versions: 2.6.1

References:
Wireshark bug 14673
CVE-2018-11355

Details

Description

The RTCP dissector could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-28 - Multiple dissectors could consume excessive memory

Summary

Name: Multiple dissectors could consume excessive memory

Docid: wnpa-sec-2018-28

Date: May 22, 2018

Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14

Fixed versions: 2.6.1, 2.4.7, 2.2.15

References:
Wireshark bug 14678
CVE-2018-11357

Details

Description

The LTP dissector and other dissectors could consume excessive memory.
Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-29 - DNS dissector crash

Summary

Name: DNS dissector crash

Docid: wnpa-sec-2018-29

Date: May 22, 2018

Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14

Fixed versions: 2.6.1, 2.4.7, 2.2.15

References:
Wireshark bug 14681
CVE-2018-11356

Details

Description

The DNS dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-30 - GSM A DTAP dissector crash

Summary

Name: GSM A DTAP dissector crash

Docid: wnpa-sec-2018-30

Date: May 22, 2018

Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14

Fixed versions: 2.6.1, 2.4.7, 2.2.15

References:
Wireshark bug 14688
CVE-2018-11360

Details

Description

The GSM A DTAP dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-31 ? Q.931 dissector crash

Summary

Name: Q.931 dissector crash

Docid: wnpa-sec-2018-31

Date: May 22, 2018

Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14

Fixed versions: 2.6.1, 2.4.7, 2.2.15

References:
Wireshark bug 14689
CVE-2018-11358

Details

Description

The Q.931 dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-32 - IEEE 802.11 dissector crash

Summary

Name: IEEE 802.11 dissector crash

Docid: wnpa-sec-2018-32

Date: May 22, 2018

Affected versions: 2.6.0

Fixed versions: 2.6.1

References:
Wireshark bug 14686
CVE-2018-11361

Details

Description

The IEEE 802.11 dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1 or later.

- --------------------------------------------------------------------------------

wnpa-sec-2018-33 - Multiple dissectors could crash

Summary

Name: Multiple dissectors could crash

Docid: wnpa-sec-2018-33

Date: May 22, 2018

Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14

Fixed versions: 2.6.1, 2.4.7, 2.2.15

References:
Wireshark bug 14703
CVE-2018-11359

Details

Description

The RRC dissector and other dissectors could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWwtIYWaOgq3Tt24GAQgzLBAAy4dn2BoCCE4nKBxv7ZzPS4+c9SEN+eh/
xIuK/fvwOKISLb9DIl4Hcj3S6OtwUbkNak7rkyyKaGUUoZCuE+hxq7acJiDIPTAC
D9e53qtKStx9MeHU/481CYYD9Kg+7pYpzoSE2bj9JZ+ZlP+Y8IDPyltLdm+Eh300
KbHuLsYtPIzhTehwdhlKu7BGin00VJZtLMHRekvi02TtMuSJOgC74D8jQcbFApbh
Dypel2h/0TABmmU6etL5ry7L40IvL0EC+Up058sjobhxKvbATUSRJ+JCxbOE0LJ0
psFvXMPnULOWO2YhkwNPN0opGbQCA442zgXRBS4c8I8QS/pk7Tlx27oAqgdxVtW6
Eyhm25s0FMQ4O61grm+JOxXLf7fUdkIp6X5ND7vh70fyz9fkXRA+YOo24xQAk2q8
Lvrl39PObvnt1rYEIfm+NXYVnLQKyLvUFNuWUsKmXPQBko/3781hgtYrv60+EAsJ
bF4AQxsBSsM5lD7YXyO1POgzOXC5kKXem+U50h9qsH+6Vftm2VyO6+p36AgywthJ
vbORYoN4gwBMYPfXzsKFTaBnEnvt0ZHzzFWz42EJJMD7q8ZSKUuPpK0OoXjjsUyn
kPwk+mgmQZ0wEfB0CIoAZfbmkydLi2/2fA7tyv7c5X/nTqBK8Ra5sZG6lwwMqFJb
thMYX67Gcqk=
=Xitv
-----END PGP SIGNATURE-----

« Back to bulletins