Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0106 Multiple vulnerabilities have been identified in Wireshark 17 September 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-6432 CVE-2014-6431 CVE-2014-6430 CVE-2014-6429 CVE-2014-6428 CVE-2014-6427 CVE-2014-6426 CVE-2014-6425 CVE-2014-6424 CVE-2014-6423 CVE-2014-6422 CVE-2014-6421 Member content until: Friday, October 17 2014 OVERVIEW Multiple vulnerabilities have been identified in Wireshark that affect versions prior to 1.10.10 and 1.12.1. [1 - 8] IMPACT The vendor has provided the following details on these vulnerabilities: CVE-2014-6421, CVE-2014-6422: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [1] CVE-2014-6423: "It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [2] CVE-2014-6424: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [3] CVE-2014-6425: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [4] CVE-2014-6426: "It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [5] CVE-2014-6427: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [6] CVE-2014-6428: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file." [7] CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432: "It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file." [8] MITIGATION The vendor recommends upgrading to the latest version of Wireshark to correct these issues. [1 - 8] REFERENCES [1] wnpa-sec-2014-12 · RTP dissector crash https://www.wireshark.org/security/wnpa-sec-2014-12.html [2] wnpa-sec-2014-13 · MEGACO dissector infinite loop https://www.wireshark.org/security/wnpa-sec-2014-13.html [3] wnpa-sec-2014-14 · Netflow dissector crash https://www.wireshark.org/security/wnpa-sec-2014-14.html [4] wnpa-sec-2014-15 · CUPS dissector crash https://www.wireshark.org/security/wnpa-sec-2014-15.html [5] wnpa-sec-2014-16 · HIP infinite loop https://www.wireshark.org/security/wnpa-sec-2014-16.html [6] wnpa-sec-2014-17 · RTSP dissector crash https://www.wireshark.org/security/wnpa-sec-2014-17.html [7] wnpa-sec-2014-18 · SES dissector crash https://www.wireshark.org/security/wnpa-sec-2014-18.html [8] wnpa-sec-2014-19 · Sniffer file parser crash https://www.wireshark.org/security/wnpa-sec-2014-19.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVBkd0BLndAQH1ShLAQKnsg//bIb0MMR7fD4OF6aLcGUzdLGaocu6YGk4 /82KaRRzDT4ofEBRFa7ULBlixWKy9XqI8PHTZTZQROiSMg7cyxyQp1fxsnkg0Kvq psRD36rDhIXJKr2qWrLxZThTgiw3B58haM5VeT3l1yhGG5s7OKqwNZe9kjO4QMIZ hjMx2cyO3tbg4OFA0ceWKAr3Hex6j7gS5JujAaFbBTn3aChqJ3FnK7tucGzRA68J uKZUs59FrVxb5TmpOYsgsPj69UIwzg5+lyD9QkpJKiRHTInKU4oLnOLFRUWBvwli GiBJrVlDkgwaG2aFunq5P6iC17OwT/nqVdAPljcusaPANzQKUapJI2B/v4lY3UuU SNyprBEKvsKHvsA5j6/VBLrMDve4ixRb9Fe/Eb37YejPkSz10o1/QSg5qiKfJNfq f1UZgWQNwHnH8n6pp/9RVpiTo4BcldyZjGd+hc4W56MX+hvLnrhYV0aOTLKUsQ1t O9eX9fhBLzqH3SMim3TE/qfd+n307Gt2C+8j47bjPSpNs7FRMCQWXQ88R36Z8QyA D7kPqBsDEtMmldb1mvnMqYP1XPLliG9EFNni5U6go50d4xy2FY7q5HcXZ0dM8FQj iHrFrU1Hp5DlNbIHbRZiunWDut5MHxM6olTB92FpWlSaei3RhHqKxLmjRotXYVfo ZXLuiMZkISI= =Fr4W -----END PGP SIGNATURE-----