Operating System:

[WIN][UNIX/Linux]

Published:

12 April 2012

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ASB-2012.0043.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2012.0043.2
       A number of vulnerabilities have been identified in Wireshark
                               12 April 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Wireshark
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Denial of Service -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-1596 CVE-2012-1595 CVE-2012-1594
                      CVE-2012-1593  
Member content until: Friday, April 27 2012

Comment: NB: There is a mistake on the Wireshark website, wnpa-sec-2012-07 should
         be bug ID 6833.

Revision History:     April 12 2012: Added CVEs, added typo comments
                      March 28 2012: Initial Release

OVERVIEW

        A number of vulnerabilities have been identified in Wireshark prior
        to versions 1.6.6 and 1.4.2.


IMPACT

        The vendor has provided the following details regarding these
        vulnerabilities:
        
        "The following vulnerabilities have been fixed.
        
        o wnpa-sec-2012-04
        
        The ANSI A dissector could dereference a NULL pointer and
        crash. (Bug 6823)
        
        Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
        
        o wnpa-sec-2012-05
        
        The IEEE 802.11 dissector could go into an infinite loop. (Bug
        6809)
        
        Versions affected: 1.6.0 to 1.6.5.
        
        o wnpa-sec-2012-06
        
        The pcap and pcap-ng file parsers could crash trying to read
        ERF data. (Bug 6804)
        
        Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
        
        o wnpa-sec-2012-07
        
        The MP2T dissector could try to allocate too much memory and
        crash. (Bug 6804)
        
        Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
        
        o The Windows installers now include GnuTLS 1.12.18, which fixes
        several vulnerabilities." [1,2]


MITIGATION

        The vendor recommends upgrading to the latest version of the 1.4 and 1.6
        branches of Wireshark to correct these issues.


REFERENCES

        [1] Wireshark-announce: [Wireshark-announce] Wireshark 1.6.6 is now
            available
            http://www.wireshark.org/lists/wireshark-announce/201203/msg00000.html

        [2] Wireshark-announce: [Wireshark-announce] Wireshark 1.4.12 is now
            available
            http://www.wireshark.org/lists/wireshark-announce/201203/msg00001.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT4Yyou4yVqjM2NGpAQIAUw//bVZ1AWkaVuoJ5X68Ozy/Jw9aKfIrPwAw
OrCvbIAX88vEp1X6N5vOs0RK8oSt2sahomiAt6uafb912AzvqIYVXnMi6VD1qS5n
mnyGTxUJLkBFvtMsCAUU+U8QkFzwXmL7gLkMfF5MnRUTLc3WpMdhfRPR9EDSHYaV
Xv5B3fbLcFvqj4syXBaEq+mGoQqoTZAeL/+9NHXqyvHVwFUYqqcVQfdayIILu4QM
wP2jRaqTvt1fDiYqPuxct0RcLMo3mZ8SGtI79mBqtsmQdT8Jb6f3LSnY3fIdybO2
7b5LW1nwwhXNpREMcrfJzalPAkOwYsG93w8RqlJ5asVG0Atgizo3xXYZU+4ZHgkI
jGA+1I7G77azFidIvAYV1yMWDIreRU4yjI2AwArQzq9c2KfW3TxdS5h60Puz1a8t
FG6IQNWVYutDQSOGmTcSY86BJJnQvD5zj5/vh4BcmL5GV83tK9qZtVrmd0UWRFig
AprfmAkRuJtOktNNlWoljyaoEG2WAx6w1+WRJwxA5arafFcsuHimBblmFicEnvYb
6bfqFsBwFzrhB4ZF6cheXvMlM4GUFpyG1l6uBgF7y3q76LbV6Tg7S5WwpICw+lt8
uekQsh3rM0zqG4jdCeM73/buYK8OEXUKU8SFINd2NkvIVL5mLbVnGiiYNXBtsjvf
ZFt+O4XvIO8=
=odW+
-----END PGP SIGNATURE-----