Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0012 A number of vulnerabilities have been identified in Wireshark 30 January 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Friday, March 1 2013 OVERVIEW A number of vulnerabilities have been identified in Wireshark prior to versions 1.8.5 and 1.6.13. [1] IMPACT The vendor has provided the following descriptions regarding these vulnerabilities: "wnpa-sec-2013-01 Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-02 The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-03 The DTN dissector could crash. (Bug 7945) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-04 The MS-MMC dissector (and possibly others) could crash. (Bug 8112) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-05 The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-06 The ROHC dissector could crash. (Bug 7679) Versions affected: 1.8.0 to 1.8.4." [1] "wnpa-sec-2013-07 The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-08 The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197) Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] "wnpa-sec-2013-09 The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Hrnhammar. Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12." [1, 2] MITIGATION The vendor recommends updating to the latest versions of Wireshark to correct these vulnerabilities. [1] REFERENCES [1] Wireshark 1.8.5 Release Notes http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html [2] Wireshark 1.6.13 Release Notes http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUQiMlu4yVqjM2NGpAQLPzw/6Aj8TauQJMsU9e/qpO5ogIMQKHt8y4s6r w+K9MZPE23Sdd0G6ZHdvELOD5Vbgs32xDh8wLXSghs98oezcwlJGhyd/G+RXIBp+ UnwN67brQI4oogvPqU6NqI7EFIrhcs7SsFgdXyrK3RoIv8Uhr+P6NKYpYY29QvD0 v3m60cddJbXhWAWb0aZCbQk3rNCMGVeL//NtvdDCuJUQvrdEsrjMdNWJTgfV4dkZ NHE2xvXseMwxhMPelsBEXKMxyMOEupgdNJdlpxIgUtmFEvhRPsg3wcknPMPO1ByQ y6lodyRhcQOn3EPzf/lrfA24XHw2WyG3fm0dTnN+9ldsFdAmnKLLbc4GBMeM6kK9 REjeOEo3HyxHDXbtIFIEP+OVZiUGi3QY0K2RhEtwgkNQ2J8Xmrn+tH0Asyj7bRra VFcYhRRf5XO1M2iRwMGScVk7pKgsp5kukpwM/Y+qt5E002TIhasCRF8mxaJP+6ls ERhyIomIViAXT3EpUvnyhpD7Qn3lY3T2uZOgEoqSrh/RNmS/cH8upr5R9QLg4t2O Lwsbt29PYrVdP5TzV1egRFkA2RAxQYyK3hkHGgFLbI2w9awoFuX/Aj2GUeNLD/PQ UR2y0jGHX5rW0n5qMAJwENI9dgliZG4Eiih2UlwEqigUi8QRIO7OCdUFhAN6diU9 EpjpA9Y62Tg= =FYor -----END PGP SIGNATURE-----