Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0082 Five vulnerabilities in Wireshark 21 September 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-3484 CVE-2011-3483 CVE-2011-3482 CVE-2011-3360 CVE-2011-3266 Member content until: Friday, October 21 2011 OVERVIEW Five vulnerabilities have been corrected in Wireshark. [1,2,3,4,5] IMPACT The vulnerabilities, as stated by Wireshark, are: "A large loop in the OpenSafety dissector could cause a crash." [1] "A malformed IKE packet could consume excessive resources." [2] "A malformed capture file could result in an invalid root tvbuff and cause a crash." [3] "Wireshark could run arbitrary Lua scripts." [4] "An uninitialized variable in the CSN.1 dissector could cause a crash." [5] MITIGATION Upgrade to Wireshark 1.6.2 [6] REFERENCES [1] Wireshark OpenSafety dissector vulnerability http://www.wireshark.org/security/wnpa-sec-2011-12.html [2] Wireshark IKE dissector vulnerability http://www.wireshark.org/security/wnpa-sec-2011-13.html [3] Wireshark buffer exception handling vulnerability http://www.wireshark.org/security/wnpa-sec-2011-14.html [4] Wireshark Lua script execution vulnerability http://www.wireshark.org/security/wnpa-sec-2011-15.html [5] Wireshark CSN.1 dissector vulnerability http://www.wireshark.org/security/wnpa-sec-2011-16.html [6] Get Wireshark http://www.wireshark.org/download.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTnlnBu4yVqjM2NGpAQKiiBAAteBr6K5JvUfcdrRO2tygGXAMilDRXKIG rbAtt7a+fD3GguonUGWjzKcdrzKg0Gu2mkepRMHPQsQRvKSg3nv63mIdKHrJCBuw NMVA6WKxyCu4hjMKcWw4AFZcvbJvrL+/hCldayCE0QYXiaUuRkFpzVtD5m3apNQg 5xB5ulfnSfQa4lEpg2VFZ1zYVrBP+yPRgGUdXIJ0qJKxOQHunjGoRXUQPwae0Se3 TS+ElQVaQqcO+gpksL34V88ImbL0BrxHgkrtCMnKYdff2lrzoMI/jgwkhkfiHFI8 EvpBxfo3iwPwIlN8JIlWWKw/aYH1uh/hQMuF2Bs3dpGszR9tgYFNvY2Z0OFDIshk DNi+X+lb9vJ7UN6FPUoGljJwzwSSSbAyBdHYMmzbKy8kvN12y9xOTF/hgBEPTrKE qAMc2n2I/wKzxvewfponRxdviF3xm/qt8OdPkAa84/FVWnym4IhS7da++QW+o5hR bD92eZjk77EV+mRS53IlUM6wgv6AtVIx0bTWEg0uB57ZbSniAi5JPtumsN/GEHg4 kqW8ITFLrLgVuc5WuiH+75J6yaUkbyjN4X7TBqpkSMCEhLW9F2njpycA9i6GRyNj 6fR0shLdjU6kUzYfP+hwacMDWMR8IusZ7bebbML1Y4JuvfOmHPbQmVbdCOYq17p5 5wU9CxYGof8= =Pqaq -----END PGP SIGNATURE-----