Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0106
Multiple vulnerabilities have been identified in Wireshark
17 September 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-6432 CVE-2014-6431 CVE-2014-6430
CVE-2014-6429 CVE-2014-6428 CVE-2014-6427
CVE-2014-6426 CVE-2014-6425 CVE-2014-6424
CVE-2014-6423 CVE-2014-6422 CVE-2014-6421
Member content until: Friday, October 17 2014
OVERVIEW
Multiple vulnerabilities have been identified in Wireshark that
affect versions prior to 1.10.10 and 1.12.1. [1 - 8]
IMPACT
The vendor has provided the following details on these
vulnerabilities:
CVE-2014-6421, CVE-2014-6422: "It may be possible to make Wireshark
crash by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file." [1]
CVE-2014-6423: "It may be possible to make Wireshark consume
excessive CPU resources by injecting a malformed packet onto the
wire or by convincing someone to read a malformed packet trace
file." [2]
CVE-2014-6424: "It may be possible to make Wireshark crash by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file." [3]
CVE-2014-6425: "It may be possible to make Wireshark crash by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file." [4]
CVE-2014-6426: "It may be possible to make Wireshark consume
excessive CPU resources by injecting a malformed packet onto the
wire or by convincing someone to read a malformed packet trace
file." [5]
CVE-2014-6427: "It may be possible to make Wireshark crash by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file." [6]
CVE-2014-6428: "It may be possible to make Wireshark crash by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file." [7]
CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432: "It may
be possible to make Wireshark crash by convincing someone to read a
malformed packet trace file." [8]
MITIGATION
The vendor recommends upgrading to the latest version of Wireshark
to correct these issues. [1 - 8]
REFERENCES
[1] wnpa-sec-2014-12 · RTP dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-12.html
[2] wnpa-sec-2014-13 · MEGACO dissector infinite loop
https://www.wireshark.org/security/wnpa-sec-2014-13.html
[3] wnpa-sec-2014-14 · Netflow dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-14.html
[4] wnpa-sec-2014-15 · CUPS dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-15.html
[5] wnpa-sec-2014-16 · HIP infinite loop
https://www.wireshark.org/security/wnpa-sec-2014-16.html
[6] wnpa-sec-2014-17 · RTSP dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-17.html
[7] wnpa-sec-2014-18 · SES dissector crash
https://www.wireshark.org/security/wnpa-sec-2014-18.html
[8] wnpa-sec-2014-19 · Sniffer file parser crash
https://www.wireshark.org/security/wnpa-sec-2014-19.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVBkd0BLndAQH1ShLAQKnsg//bIb0MMR7fD4OF6aLcGUzdLGaocu6YGk4
/82KaRRzDT4ofEBRFa7ULBlixWKy9XqI8PHTZTZQROiSMg7cyxyQp1fxsnkg0Kvq
psRD36rDhIXJKr2qWrLxZThTgiw3B58haM5VeT3l1yhGG5s7OKqwNZe9kjO4QMIZ
hjMx2cyO3tbg4OFA0ceWKAr3Hex6j7gS5JujAaFbBTn3aChqJ3FnK7tucGzRA68J
uKZUs59FrVxb5TmpOYsgsPj69UIwzg5+lyD9QkpJKiRHTInKU4oLnOLFRUWBvwli
GiBJrVlDkgwaG2aFunq5P6iC17OwT/nqVdAPljcusaPANzQKUapJI2B/v4lY3UuU
SNyprBEKvsKHvsA5j6/VBLrMDve4ixRb9Fe/Eb37YejPkSz10o1/QSg5qiKfJNfq
f1UZgWQNwHnH8n6pp/9RVpiTo4BcldyZjGd+hc4W56MX+hvLnrhYV0aOTLKUsQ1t
O9eX9fhBLzqH3SMim3TE/qfd+n307Gt2C+8j47bjPSpNs7FRMCQWXQ88R36Z8QyA
D7kPqBsDEtMmldb1mvnMqYP1XPLliG9EFNni5U6go50d4xy2FY7q5HcXZ0dM8FQj
iHrFrU1Hp5DlNbIHbRZiunWDut5MHxM6olTB92FpWlSaei3RhHqKxLmjRotXYVfo
ZXLuiMZkISI=
=Fr4W
-----END PGP SIGNATURE-----