Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0082
Five vulnerabilities in Wireshark
21 September 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3484 CVE-2011-3483 CVE-2011-3482
CVE-2011-3360 CVE-2011-3266
Member content until: Friday, October 21 2011
OVERVIEW
Five vulnerabilities have been corrected in Wireshark. [1,2,3,4,5]
IMPACT
The vulnerabilities, as stated by Wireshark, are:
"A large loop in the OpenSafety dissector could cause a crash." [1]
"A malformed IKE packet could consume excessive resources." [2]
"A malformed capture file could result in an invalid root tvbuff and
cause a crash." [3]
"Wireshark could run arbitrary Lua scripts." [4]
"An uninitialized variable in the CSN.1 dissector could cause a crash." [5]
MITIGATION
Upgrade to Wireshark 1.6.2 [6]
REFERENCES
[1] Wireshark OpenSafety dissector vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-12.html
[2] Wireshark IKE dissector vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-13.html
[3] Wireshark buffer exception handling vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-14.html
[4] Wireshark Lua script execution vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-15.html
[5] Wireshark CSN.1 dissector vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-16.html
[6] Get Wireshark
http://www.wireshark.org/download.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTnlnBu4yVqjM2NGpAQKiiBAAteBr6K5JvUfcdrRO2tygGXAMilDRXKIG
rbAtt7a+fD3GguonUGWjzKcdrzKg0Gu2mkepRMHPQsQRvKSg3nv63mIdKHrJCBuw
NMVA6WKxyCu4hjMKcWw4AFZcvbJvrL+/hCldayCE0QYXiaUuRkFpzVtD5m3apNQg
5xB5ulfnSfQa4lEpg2VFZ1zYVrBP+yPRgGUdXIJ0qJKxOQHunjGoRXUQPwae0Se3
TS+ElQVaQqcO+gpksL34V88ImbL0BrxHgkrtCMnKYdff2lrzoMI/jgwkhkfiHFI8
EvpBxfo3iwPwIlN8JIlWWKw/aYH1uh/hQMuF2Bs3dpGszR9tgYFNvY2Z0OFDIshk
DNi+X+lb9vJ7UN6FPUoGljJwzwSSSbAyBdHYMmzbKy8kvN12y9xOTF/hgBEPTrKE
qAMc2n2I/wKzxvewfponRxdviF3xm/qt8OdPkAa84/FVWnym4IhS7da++QW+o5hR
bD92eZjk77EV+mRS53IlUM6wgv6AtVIx0bTWEg0uB57ZbSniAi5JPtumsN/GEHg4
kqW8ITFLrLgVuc5WuiH+75J6yaUkbyjN4X7TBqpkSMCEhLW9F2njpycA9i6GRyNj
6fR0shLdjU6kUzYfP+hwacMDWMR8IusZ7bebbML1Y4JuvfOmHPbQmVbdCOYq17p5
5wU9CxYGof8=
=Pqaq
-----END PGP SIGNATURE-----