copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2007.0954 -- [Win][UNIX/Linux][Debian] -- New wireshark packages fix several vulnerabilities

Date: 28 November 2007
References: ESB-2008.0076  

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                ESB-2007.0954 -- [Win][UNIX/Linux][Debian]
            New wireshark packages fix several vulnerabilities
                             28 November 2007


        AusCERT Security Bulletin Summary

Product:              wireshark
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      Debian GNU/Linux 3.1
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-6121 CVE-2007-6120 CVE-2007-6118
                      CVE-2007-6117 CVE-2007-6114

Original Bulletin:

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that adminstrators
         running wireshark check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1414-1                               Moritz Muehlenhoff
November 27, 2007           
- - ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:


    Stefan Esser discovered a buffer overflow in the SSL dissector.
    "Fabiodds" discovered a buffer overflow in the iSeries trace


    A programming error was discovered in the HTTP dissector, which may
    lead to denial of service.


    The MEGACO dissector could be tricked into ressource exhaustion.


    The Bluetooth SDP dissector could be tricked into an endless loop.


    The RPC portmap dissector could be tricked into dereferencing
    a NULL pointer.

For the stable distribution (etch), these problems have been fixed
in version 0.99.4-5.etch.1. Updates packages for sparc will be provided

For the old stable distribution (sarge), these problems have been
fixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be
called Ethereal). Updates packages for sparc and m68k will be provided

We recommend that you upgrade your wireshark/ethereal packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (oldstable)
- - ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:      857 13f70e9eb8c1e2fed6ddeabb44ac1d3a
    Size/MD5 checksum:   178414 82a9fb4100a52b10d70e6bc2dd46ba71
    Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  5473208 67be7f7d2a830e1d67596be0a034acb7
    Size/MD5 checksum:   543316 de8d2e0552b0597aa86909587f7fbdd4
    Size/MD5 checksum:   155344 d0f405c14922bf0947bcaba9f1e1b5b5
    Size/MD5 checksum:   106564 9e173e76cfee54406243122f54fb8736

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   486588 a01a55b5556b78c96edc8be6a03f6164
    Size/MD5 checksum:  5334642 4c11f3efdd48b23115b5a06fa1a2cad4
    Size/MD5 checksum:    99666 e5974fe4027fa34906e9a233cfe79d28
    Size/MD5 checksum:   154610 51ee5b66077bd1824f1c671627623288

arm architecture (ARM)
    Size/MD5 checksum:   472962 3243aa716b6a61aa5059ff40ad74d19c
    Size/MD5 checksum:   155880 2543ccfdacd0ad69e87b58dda3eac422
    Size/MD5 checksum:    96354 ab073d35ef7816c489497a316bce3866
    Size/MD5 checksum:  4684296 861dae74eefe8efac4d3608046fb869a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   489400 4cae5e9cf2847e646c3df2cafa491952
    Size/MD5 checksum:  5787380 9c600f1e3bbaa39b2a5e4a799bbdb9fd
    Size/MD5 checksum:    98554 866f8f5c39a42e11893b8292bcde21b6
    Size/MD5 checksum:   154624 33c6ef867a81e16d3b42b250baf1ab6a

i386 architecture (Intel ia32)
    Size/MD5 checksum:   154588 82db1d1552a6ccf512f6f5ec2e8eed6f
    Size/MD5 checksum:   443758 56a43d004cf577cbf09f06b3990c1c23
    Size/MD5 checksum:  4529320 8ed21cc29d85ca22b07565e531357c59
    Size/MD5 checksum:    90984 36e28654888ed491c0afe8ca0942c1dc

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  6630094 3b4aee38a7f3149c3f2cb80271d3945b
    Size/MD5 checksum:   129266 c60411c1b16b1b4823afe539ff6cc57b
    Size/MD5 checksum:   674538 25dbd3438c8c4a82b7ad257101c670ac
    Size/MD5 checksum:   154596 6bd05ac93b14002e99478f3df87ea689

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  4723420 846bf6114c51724ff12c0708d3e27f34
    Size/MD5 checksum:   462884 065921607b447f0a7077eab8e067e27c
    Size/MD5 checksum:   154634 705ca5dbef162d627e0287662a680e2f
    Size/MD5 checksum:    94858 751305284a78ed0519919a66295346f3

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   458148 92424b86e76671aa039fcebe522bbfc4
    Size/MD5 checksum:    94764 bc6bfe73e35bc3fde71f9fd38b5a7463
    Size/MD5 checksum:  4460978 8ead9a4793611f12ffca619198a8f844
    Size/MD5 checksum:   154652 a94fccae248051cd70470c4a7e4b77ce

powerpc architecture (PowerPC)
    Size/MD5 checksum:  5067716 62f0be94422a471a622899f3f6f11e7c
    Size/MD5 checksum:   154632 b6041c857bed2dbeeb49e21c890264eb
    Size/MD5 checksum:   455806 f6c9db48b4373d84daf858f8dfb275a2
    Size/MD5 checksum:    94406 23b71c5db6f0443ca3db0d072b4bb14b

s390 architecture (IBM S/390)
    Size/MD5 checksum:    99992 30d7eeb09507017a10c42e98f46e1d47
    Size/MD5 checksum:   154572 29756abde9da24dac8254d128d44bd8d
    Size/MD5 checksum:   479760 c0d947771c2ad6b8f12e25812c1e7c5b
    Size/MD5 checksum:  5622238 7d86c0b58dc43c6bd84b88d27e3713c1

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
    Size/MD5 checksum:     1066 12e8146f9cc10fe216e4d1a0a750037f
    Size/MD5 checksum:    42799 61ed409b92000f30877799228daff252

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   117224 d85a0b7e63b0c953b6f152e185fba6a9
    Size/MD5 checksum:    22014 ad8ccffe577de4016acc15866f769829
    Size/MD5 checksum:  9319128 e75f6f5ee1d858b0fc2f9413ee415f5d
    Size/MD5 checksum:    21736 1c5d57697ebe337f34240c9dd342e3d8
    Size/MD5 checksum:   181550 209f75537b0acc9c17b54e6b7cfdac2b
    Size/MD5 checksum:    21744 e9b9909b4528978a75d323d02389eff8
    Size/MD5 checksum:   674254 55b36078f6d6f9f278ff34ff67cae28d
    Size/MD5 checksum:    21748 525cdcc7f345f729181fb9399ca84867

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    22342 2db8ccf0421954242c6b7352503e7cba
    Size/MD5 checksum:  9119562 ae17852ca0431cbb1b8fc6401c81aa21
    Size/MD5 checksum:    22704 aeb68a6daccbd9c1c6cb711f26e93296
    Size/MD5 checksum:   111974 010a55a4127333689fa8416d6214ec94
    Size/MD5 checksum:    22352 cb17e51ae331c059ee2e2c2a71f4aa49
    Size/MD5 checksum:    22360 5ee1e412767f67919ce51d0b534394a8
    Size/MD5 checksum:   181590 44888c58cf54dc4329a30f55c4990d95
    Size/MD5 checksum:   619562 efa93cc7f881dba55c9b5b7cc8cb6e1a

arm architecture (ARM)
    Size/MD5 checksum:    22356 4c49ab66e1e2706808ea9697f72ecfb7
    Size/MD5 checksum:   107198 8a5a6b4ea6cc4e3ab657f31aa1d4e6dc
    Size/MD5 checksum:    22714 0544f54d45e84847e71381a7d43f0003
    Size/MD5 checksum:    22372 be24fc579f74dd24836a9371066a7b79
    Size/MD5 checksum:    22364 d891953d3c4904a3dc4c30408b90d81c
    Size/MD5 checksum:  7739170 f8d2410802c8f03b68f27d9e07a5f962
    Size/MD5 checksum:   600424 cbd6182358b03954f5026bd971073a8c
    Size/MD5 checksum:   181894 76286939d57837fefaa8c0ec3d535eee

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   634494 6be054401a1db64c84e61c1260d01fb6
    Size/MD5 checksum:    22696 be88e7f598274dc6161c8ec6b94c30e7
    Size/MD5 checksum:   109690 97e0c2d2f877d6bc5eb2d766309c01f4
    Size/MD5 checksum:   182482 e075af8dcb3d7a13fca3828de39fd3d9
    Size/MD5 checksum:    22348 866c000ad64e3376d0d9320805119728
    Size/MD5 checksum:    22356 cfcbb7502fdc4020b9aad33f67beb665
    Size/MD5 checksum:  9854626 d36c3a094773a6c812ec0b4e3dc010c9
    Size/MD5 checksum:    22340 45fc4629c3fc77e7987f2179ddfa24be

i386 architecture (Intel ia32)
    Size/MD5 checksum:   564526 4b8eb4fb7d8f606ed1789c8df2cb039a
    Size/MD5 checksum:  7501872 cbdc35a89f36b126c89b478452736cc6
    Size/MD5 checksum:   102150 59cf091877d995796a33b6482ac413ea
    Size/MD5 checksum:    22344 e9e76892435a11ab9f504f044893331d
    Size/MD5 checksum:    22354 6c8610eef3cdb923a5848c3c6e31d0fe
    Size/MD5 checksum:    22698 b2ff8d7600e250a50459ddc964f7dbdf
    Size/MD5 checksum:    22336 b1aad678b3ddf89bf94759f9f3858fe4
    Size/MD5 checksum:   182520 a3d50d0da284264b733f40ee7febd08f

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   182478 17b94fb0f374818cdd5ff7fffb814e3c
    Size/MD5 checksum: 10650318 867330a74271726f25ec7cb437881675
    Size/MD5 checksum:   145608 712a2349fd200a7d786416ed2e90b888
    Size/MD5 checksum:    22350 db12f448877fa43dc8d16cf9f1bc0e76
    Size/MD5 checksum:    22336 eab2d2ff1a049de7b0c350df34c49c6b
    Size/MD5 checksum:    22344 4eebff3e87f1ef9410592a749c3d2542
    Size/MD5 checksum:   827424 0b3cf3ee033095dc2b77b5e4c7a031fb
    Size/MD5 checksum:    22690 c5c429e114db82106e54b6b850eee18b

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    22338 0959e956ec8a654df5783d41f25fe097
    Size/MD5 checksum:  8025014 79b62949c040c67c4bcab05f54b140a4
    Size/MD5 checksum:    22692 473b7ab46163aa2eec6fc283d4d8b326
    Size/MD5 checksum:    22354 93832d797079af2c7ed673eb8605ad08
    Size/MD5 checksum:   182502 abb2e923e897c8e5737a3304ff879ed7
    Size/MD5 checksum:   104892 7e25d3d517b0eb9ced49791660866358
    Size/MD5 checksum:   588506 fed1a6a3a87b13a2cf706849b1cfab8b
    Size/MD5 checksum:    22350 b1d818602719192cd5438c849b31ed4d

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    22338 d7abb1c1005e8c57f6d9e9d74a32a8fa
    Size/MD5 checksum:   104400 ca6d57ab13113dbaa3887a15dd65b6ea
    Size/MD5 checksum:   575842 47be3916d499a906a4fe36b57c0cd17b
    Size/MD5 checksum:    22690 910a891b06d9a04be03c69b70ae9cc9a
    Size/MD5 checksum:  7406172 1385d56073bbd6ed2cfe42b1184937ac
    Size/MD5 checksum:    22350 97e7d6303d485700ea905521a4e46a6f
    Size/MD5 checksum:    22358 9d188ba3e2989713f6eb406a56602588
    Size/MD5 checksum:   182486 28a53abb380114393defbff0ec50df65

powerpc architecture (PowerPC)
    Size/MD5 checksum:    22692 2f49b7a64f01b0a1037b61c36a015ed3
    Size/MD5 checksum:   104106 3418723376cbb0c3c18570ff68799836
    Size/MD5 checksum:    22338 99363115fa0dd4224dda0bc0e2e4762b
    Size/MD5 checksum:   182508 32eeaf5941336b48467accf6d14ea9ce
    Size/MD5 checksum:   583462 dc78a9149389f6bc886a0211247e3539
    Size/MD5 checksum:    22352 47332c4cbce63f538b5b9d4f610b0a24
    Size/MD5 checksum:    22356 38c932a69d2a5ef6ba577d82b1b16857
    Size/MD5 checksum:  8605364 a431421901f9019bff4ce868f4e46c40

s390 architecture (IBM S/390)
    Size/MD5 checksum:    22694 fa6f3fc7a39dc1b8b6030452488bf12a
    Size/MD5 checksum:    22334 9c6cd498668d092e4b9794c40356466f
    Size/MD5 checksum:  9755928 444aa912362bae9470537dd497bd60a3
    Size/MD5 checksum:    22338 24797312504679250cdd8b893e0996d4
    Size/MD5 checksum:   182454 fe98e9d9ad70ceb84d66657815bd6778
    Size/MD5 checksum:   640886 c4eb7212909a6ad41cb1becf8bfe3656
    Size/MD5 checksum:   115478 7761780c7281fd5d3c488fc16df95a1e
    Size/MD5 checksum:    22354 75e8c12f8e5530ce95fdcbea118ec269

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.6 (GNU/Linux)


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.