Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0024
A number of vulnerabilities have been identified in Wireshark
10 March 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-2299 CVE-2014-2283 CVE-2014-2282
CVE-2014-2281
Member content until: Wednesday, April 9 2014
OVERVIEW
A number of vulnerabilities have been identified in Wireshark prior
to versions 1.8.13 and 1.10.6. [1, 2, 3, 4]
IMPACT
The vendor has provided the following descriptions regarding these
vulnerabilities:
"wnpa-sec-2014-01 - NFS dissector crash
Summary
Name: NFS dissector crash
Docid: wnpa-sec-2014-01
Date: March 7, 2014
Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
Fixed versions: 1.10.6, 1.8.13
References:
Wireshark bug 9672
CVE-2014-2281
Details
Description
The NFS dissector could crash. Discovered by Moshe Kaplan.
Impact
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
Resolution
Upgrade to Wireshark 1.10.6, 1.8.13 or later." [1]
"wnpa-sec-2014-02 - M3UA dissector crash
Summary
Name: M3UA dissector crash
Docid: wnpa-sec-2014-02
Date: March 7, 2014
Affected versions: 1.10.0 to 1.10.5
Fixed versions: 1.10.6
References:
Wireshark bug 9699
CVE-2014-2282
Details
Description
The M3UA dissector could crash. Discovered by Laurent Butti.
Impact
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
Resolution
Upgrade to Wireshark 1.10.6 or later." [2]
"wnpa-sec-2014-03 - RLC dissector crash
Summary
Name: RLC dissector crash
Docid: wnpa-sec-2014-03
Date: March 7, 2014
Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
Fixed versions: 1.10.6, 1.8.13
References:
Wireshark bug 9730
CVE-2014-2283
Details
Description
The RLC dissector could crash.
Impact
It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.
Resolution
Upgrade to Wireshark 1.10.6, 1.8.13 or later." [3]
"wnpa-sec-2014-04 - MPEG file parser buffer overflow
Summary
Name: MPEG file parser buffer overflow
Docid: wnpa-sec-2014-04
Date: March 7, 2014
Affected versions: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
Fixed versions: 1.10.6, 1.8.13
References:
Wireshark bug 9843
CVE-2014-2299
Details
Description
The MPEG file parser could overflow a buffer. Discovered by Wesley
Neelen.
Impact
It may be possible to make Wireshark crash or execute malicious
code by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 1.10.6, 1.8.13 or later." [4]
MITIGATION
The vendor recommends updating to the latest versions of Wireshark
to correct these vulnerabilities. [1, 2, 3, 4]
REFERENCES
[1] wnpa-sec-2014-01 - NFS dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-01.html
[2] wnpa-sec-2014-02 - M3UA dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-02.html
[3] wnpa-sec-2014-03 - RLC dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-03.html
[4] wnpa-sec-2014-04 - MPEG file parser buffer overflow
https://www.wireshark.org/security/wnpa-sec-2014-04.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUx0eYBLndAQH1ShLAQLozw/+MuBRaasTL42npa46T6X+47PEWj5MJItv
nLUrHpHxxztoxknfqJJKMb5B0cTlvOH+35T12DEfG6h9PK/oMnme+2bu70BbmP2M
SQ+G5NXm0rCVDUalKv1om3VwbQOr5s0n3AaeAquMwon4+RRy6mMmBPa3rE5zyHsr
UeHV5IYayUjOUJgYV1ewo/3RrZfvk5gF7ec+NQCO7iF0BF17DKjrEN2LWnjCEX+1
Wij1HLsJ3bO3xKkhsR236mLQwa1LwdxuXY1P9cd4hrC3FeKZTnYDaV9Se6kwm2XV
dKpXwL9q/Fk8LR+DEhyeTCWDeUP/EcDZ2pknBJwX/8xZhYXc58a4g3k7PqkHk6Av
m5icx7a/3SjoR2e/4WNv/P0r0PB6HjIvUlkWM5V4rLO5hGdA0lEn5hn/I8MqWNTp
bMe6tU5bxM2GvILuBOIaN8xYCVKGsSPtNwNoi8n53oPfOay9y7o7nnAtslL2IUc1
ayAIsPDlf/JQRCoI6s/H2y19EbnOc5shJ+WrdJNqaaBf52KhjTgPQFIhK+v2enK+
3c2ZP9ZfGAUzsxyKQ/s4khbXHq2Zw4XBsc7LIx61iQ/ckEc/OIrGPuPYB76alBVP
es6XTNZq14GpBhMNVpMiXVa+evqLj2S0RoTE/w3d3i2StwlP5kX/HKrbRyS831OS
iaDbp1CoaBw=
=AEUk
-----END PGP SIGNATURE-----