ESB-2018.2102 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction 2018-07-19

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2102
        Multiple vulnerabilities have been identified in Wireshark
                               19 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Wireshark
Publisher:         Wireshark
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-14369 CVE-2018-14368 CVE-2018-14367
                   CVE-2018-14344 CVE-2018-14343 CVE-2018-14342
                   CVE-2018-14341 CVE-2018-14340 CVE-2018-14339

Original Bulletin: 
   https://www.wireshark.org/security/wnpa-sec-2018-34
   https://www.wireshark.org/security/wnpa-sec-2018-35
   https://www.wireshark.org/security/wnpa-sec-2018-36
   https://www.wireshark.org/security/wnpa-sec-2018-37
   https://www.wireshark.org/security/wnpa-sec-2018-38
   https://www.wireshark.org/security/wnpa-sec-2018-39
   https://www.wireshark.org/security/wnpa-sec-2018-40
   https://www.wireshark.org/security/wnpa-sec-2018-41
   https://www.wireshark.org/security/wnpa-sec-2018-42

Comment: This bulletin contains nine (9) Wireshark security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Summary

Name: BGP dissector large loop

Docid: wnpa-sec-2018-34

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 13741
CVE-2018-14342

Details

Description

The BGP dissector could go into a large loop. Discovered by the OSS-Fuzz 
project.

Impact

It may be possible to make Wireshark consume excessive CPU resources by 
injecting a malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---

Summary

Name: ISMP dissector crash.

Docid: wnpa-sec-2018-35

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14672
CVE-2018-14344

Details

Description

The ISMP dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---

Summary

Name: Multiple dissectors could crash

Docid: wnpa-sec-2018-36

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14675
CVE-2018-14340

Details

Description

Dissectors that support zlib decompression could crash. Discovered by the 
OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---

Summary

Name: ASN.1 BER and related dissectors crash.

Docid: wnpa-sec-2018-37

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14682
CVE-2018-14343

Details

Description

The ASN.1 BER dissector could crash. Discovered by the OSS-Fuzz project.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---
Summary

Name: MMSE dissector infinite loop

Docid: wnpa-sec-2018-38

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14738
CVE-2018-14339

Details

Description

The MMSE dissector could go into an infinite loop.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later.

- ---

Summary

Name: DICOM dissector large loop

Docid: wnpa-sec-2018-39

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14742
CVE-2018-14341

Details

Description

The DICOM dissector could go into a large or infinite loop.

Impact

It may be possible to make Wireshark consume excessive CPU resources by 
injecting a malformed packet onto the wire or by convincing someone to read a 
malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---

Summary

Name: Bazaar dissector infinite loop

Docid: wnpa-sec-2018-40

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14841
CVE-2018-14368

Details

Description

The Bazaar protocol dissector could go into an infinite loop.

Impact

It may be possible to make Wireshark consume excessive CPU resources by 
injecting a malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later.

- ---

Summary

Name: HTTP2 dissector crash

Docid: wnpa-sec-2018-41

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

References:
Wireshark bug 14869
CVE-2018-14369

Details

Description

The HTTP2 protocol dissector could crash. Discovered by Jyrki Penttinen.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet 
onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8, 2.2.16 or later. 

- ---

Summary

Name: CoAP dissector crash

Docid: wnpa-sec-2018-42

Date: July 18, 2018

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7

Fixed versions: 2.6.2, 2.4.8

References:
Wireshark bug 14966
CVE-2018-14367

Details

Description

The CoAP protocol dissector could crash. Discovered by Bill Nickless.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto 
the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.6.2, 2.4.8 or later.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW1AZb2aOgq3Tt24GAQg+jA/+Ov47Tcg7nftSlDVh4k99sgtSVVdpDsCO
qGYohnuolzvnS2UwsH9lLrCLt3ZXWPwfrUs7zVVgHgMkTZ3NUkcRVTUO8Kp4DWEw
644zkMuyxGrl4Zv0aFajK+VpXZv7ORPIFyXdn29Uk0sTGdnwq2NgLXlCLCBDpjre
CEMDENhpo5z0sJZiCXKOg4UcJk5R37ovT4tW+0Popn2/OLWiA7qfM3pioKemB1kE
S+naaF0QpQRurMT89TIt4dGuRBqA862go/ssBgKeC/XXYJXJqfaH1jwY4qD824CT
S05xfAbPbZq+f1bo5t2pn+Uvz4/MOiBwyufG79B2m7u8WNHSV8FvB8n8jmQ3GtQ2
zIXht6e+VIr86lBzMaMZ34deZvxHiCVHto8D/pgB8SWFtD/99GfCWQ9vYrHkAULz
PJRFBRmapddneryD2ZkVnWnXva+O1qLMH5Z65agEC7AIdk68u7wg7z8euHxC4yDE
D1xUsj2IAT3WA9Tq3SkgxRmdPxPxSOE987Uq52l2wUkAtHnEK4DmRildQsQFA68R
jTDAKimswjBlhjxl7NWyKHDhvym/vtzE5vFgIJkfjX0XjXlY6azbPr3a8/JtBlJR
6Egk4oiVbhfwqTK9YwffX71m8QPCuZ9ml+ZJa72PY66btPyvDnMqoe6b8PVOQlvW
SQT+ZhOxkOw=
=oYGh
-----END PGP SIGNATURE-----

« Back to bulletins