Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2165 Multiple vulnerabilities have been identified in Wireshark prior to versions 2.4.1, 2.2.9 and 2.0.15 30 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Publisher: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade Original Bulletin: https://www.wireshark.org/security/wnpa-sec-2017-38.html https://www.wireshark.org/security/wnpa-sec-2017-39.html https://www.wireshark.org/security/wnpa-sec-2017-40.html https://www.wireshark.org/security/wnpa-sec-2017-41.html Comment: This bulletin contains four (4) Wireshark security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- wnpa-sec-2017-38 · MSDP dissector infinite loop Summary Name: MSDP dissector infinite loop Docid: wnpa-sec-2017-38 Date: August 29, 2017 Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14 Fixed versions: 2.4.1, 2.2.9, 2.0.15 References: Wireshark bug 13933 Details Description The MSDP dissector could go into an infinite loop. Discovered by Zhangwangjunjie and Marco Grass. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.1, 2.2.9, 2.0.15 or later. - --- wnpa-sec-2017-39 · Profinet I/O buffer overrun Summary Name: Profinet I/O buffer overrun Docid: wnpa-sec-2017-39 Date: August 29, 2017 Affected versions: 2.4.0, 2.2.0 to 2.2.8 Fixed versions: 2.4.1, 2.2.9 References: Wireshark bug 13847 Details Description The Profinet I/O dissector could overrun a buffer. Discovered by ulf33286. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.1, 2.2.9 or later - --- wnpa-sec-2017-40 · Modbus dissector crash Summary Name: Modbus dissector crash Docid: wnpa-sec-2017-40 Date: August 29, 2017 Affected versions: 2.4.0 Fixed versions: 2.4.1 References: Wireshark bug 13925 Details Description The Modbus dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.1 or later. - --- wnpa-sec-2017-41 · IrCOMM dissector buffer overrun Summary Name: IrCOMM dissector buffer overrun Docid: wnpa-sec-2017-41 Date: August 29, 2017 Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14 Fixed versions: 2.4.1, 2.2.9, 2.0.15 References: Wireshark bug 13929 Details Description The IrCOMM dissector could read past the end of a buffer. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.1, 2.2.9, 2.0.15 or later. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWaYw/4x+lLeg9Ub1AQj8qg//SEmoVhVKYm/5b6yD1umhz9Zbb0lAnjK6 ExrJo7frMSvl8tg23FyQNgh2aqJJIvroUqQZIcO5pogH07Ei+mW+5G8PX+Nphhtt a9sujihll5BaYaJWTHUS1kSpMjMfQvBpXPCKxYAskcPt7H+mNhxD1y+y007jQ1jR tdEiHi4mZlqA/9U2UOJ84Owz6IcdYxcYDs+wyXu5GrxUzvdrwh76P8XDlgIQkSJA nvCeeV2Twc1iCuXeyS98ZHWMtKhbYVRh4+JEGqA9PQOikSHcXW5OpkUHrd9ID3hl gRM8BjSfckPW6XsVjfyYQB0fbHTG61MlU3CZE0x5DHwmL4p2pusMNVihupi3vX1a fNAkcmfN2Gz78sBF78E2v1iLovg0MMkEOUyLnGUl9s0luTWQChRkiEsmrLQE/aR6 HZL46vz/BvBNEP2Srg2JzhAwTdHY1M9pUgMfUsRmt/kXhx/QNLne12HVaI/cIPgO QYXWCnIRXJX1Z3AyEcTQ6b7OJkG0bL1oG+VG9x/ILcR75uEpSG0Y2A5NrxJavBN/ zOn4/uOoZ4Y9MprEOeZgQOa+F0AbpYQ6d7LVUwBtW2foZEVO2xPh+DUOKaJEKA1O kjjIF4yZJRZpxIgUmZT+99aWXU/1eArixa5wMfsxzMF4MuzK52EbezkQZ+CAp6zr 0bZ61fLD5kU= =Sa4O -----END PGP SIGNATURE-----