Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0024 A number of vulnerabilities have been identified in Wireshark 10 March 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-2299 CVE-2014-2283 CVE-2014-2282 CVE-2014-2281 Member content until: Wednesday, April 9 2014 OVERVIEW A number of vulnerabilities have been identified in Wireshark prior to versions 1.8.13 and 1.10.6. [1, 2, 3, 4] IMPACT The vendor has provided the following descriptions regarding these vulnerabilities: "wnpa-sec-2014-01 - NFS dissector crash Summary Name: NFS dissector crash Docid: wnpa-sec-2014-01 Date: March 7, 2014 Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 Fixed versions: 1.10.6, 1.8.13 References: Wireshark bug 9672 CVE-2014-2281 Details Description The NFS dissector could crash. Discovered by Moshe Kaplan. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.10.6, 1.8.13 or later." [1] "wnpa-sec-2014-02 - M3UA dissector crash Summary Name: M3UA dissector crash Docid: wnpa-sec-2014-02 Date: March 7, 2014 Affected versions: 1.10.0 to 1.10.5 Fixed versions: 1.10.6 References: Wireshark bug 9699 CVE-2014-2282 Details Description The M3UA dissector could crash. Discovered by Laurent Butti. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.10.6 or later." [2] "wnpa-sec-2014-03 - RLC dissector crash Summary Name: RLC dissector crash Docid: wnpa-sec-2014-03 Date: March 7, 2014 Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 Fixed versions: 1.10.6, 1.8.13 References: Wireshark bug 9730 CVE-2014-2283 Details Description The RLC dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.10.6, 1.8.13 or later." [3] "wnpa-sec-2014-04 - MPEG file parser buffer overflow Summary Name: MPEG file parser buffer overflow Docid: wnpa-sec-2014-04 Date: March 7, 2014 Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 Fixed versions: 1.10.6, 1.8.13 References: Wireshark bug 9843 CVE-2014-2299 Details Description The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen. Impact It may be possible to make Wireshark crash or execute malicious code by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.10.6, 1.8.13 or later." [4] MITIGATION The vendor recommends updating to the latest versions of Wireshark to correct these vulnerabilities. [1, 2, 3, 4] REFERENCES [1] wnpa-sec-2014-01 - NFS dissector crash https://www.wireshark.org/security/wnpa-sec-2014-01.html [2] wnpa-sec-2014-02 - M3UA dissector crash https://www.wireshark.org/security/wnpa-sec-2014-02.html [3] wnpa-sec-2014-03 - RLC dissector crash https://www.wireshark.org/security/wnpa-sec-2014-03.html [4] wnpa-sec-2014-04 - MPEG file parser buffer overflow https://www.wireshark.org/security/wnpa-sec-2014-04.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUx0eYBLndAQH1ShLAQLozw/+MuBRaasTL42npa46T6X+47PEWj5MJItv nLUrHpHxxztoxknfqJJKMb5B0cTlvOH+35T12DEfG6h9PK/oMnme+2bu70BbmP2M SQ+G5NXm0rCVDUalKv1om3VwbQOr5s0n3AaeAquMwon4+RRy6mMmBPa3rE5zyHsr UeHV5IYayUjOUJgYV1ewo/3RrZfvk5gF7ec+NQCO7iF0BF17DKjrEN2LWnjCEX+1 Wij1HLsJ3bO3xKkhsR236mLQwa1LwdxuXY1P9cd4hrC3FeKZTnYDaV9Se6kwm2XV dKpXwL9q/Fk8LR+DEhyeTCWDeUP/EcDZ2pknBJwX/8xZhYXc58a4g3k7PqkHk6Av m5icx7a/3SjoR2e/4WNv/P0r0PB6HjIvUlkWM5V4rLO5hGdA0lEn5hn/I8MqWNTp bMe6tU5bxM2GvILuBOIaN8xYCVKGsSPtNwNoi8n53oPfOay9y7o7nnAtslL2IUc1 ayAIsPDlf/JQRCoI6s/H2y19EbnOc5shJ+WrdJNqaaBf52KhjTgPQFIhK+v2enK+ 3c2ZP9ZfGAUzsxyKQ/s4khbXHq2Zw4XBsc7LIx61iQ/ckEc/OIrGPuPYB76alBVP es6XTNZq14GpBhMNVpMiXVa+evqLj2S0RoTE/w3d3i2StwlP5kX/HKrbRyS831OS iaDbp1CoaBw= =AEUk -----END PGP SIGNATURE-----