Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0924 -- [RedHat] Low: wireshark security and bug fix update 16 November 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wireshark Publisher: Red Hat Operating System: Red Hat Linux 4 Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-3393 CVE-2007-3392 CVE-2007-3391 CVE-2007-3390 CVE-2007-3389 Ref: ESB-2007.0882 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0709.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: wireshark security and bug fix update Advisory ID: RHSA-2007:0709-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0709.html Issue date: 2007-11-15 Updated on: 2007-11-15 Product: Red Hat Enterprise Linux Keywords: HTTP iSeries DCP ETSI SSL MMS DHCP BOOTP crash loop DoS IPMI CVE Names: CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 - - --------------------------------------------------------------------- 1. Summary: New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.6, which correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic 245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic 245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic 246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic 246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic 246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-0.99.6-EL4.1.src.rpm 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm ppc: 851e28e735d2cca81f036e84c10592de wireshark-0.99.6-EL4.1.ppc.rpm c1aa1b3e309e1246d2b2067811b759fe wireshark-debuginfo-0.99.6-EL4.1.ppc.rpm ca38499152427371121737fcfe545a1a wireshark-gnome-0.99.6-EL4.1.ppc.rpm s390: deaa06304c3926eed158bed8a15b2e2b wireshark-0.99.6-EL4.1.s390.rpm c63f46b2598583595ca4d4d38d7e44b0 wireshark-debuginfo-0.99.6-EL4.1.s390.rpm 2020932bacbcdbbad055735ac0b0100e wireshark-gnome-0.99.6-EL4.1.s390.rpm s390x: dc81c1505a3040328ab53cd449b388cd wireshark-0.99.6-EL4.1.s390x.rpm a22957a9c7bdf4976edcd2f6d7c0c5d2 wireshark-debuginfo-0.99.6-EL4.1.s390x.rpm 88a5ef4d0cf176f18fcf0381c8e80d2e wireshark-gnome-0.99.6-EL4.1.s390x.rpm x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-0.99.6-EL4.1.src.rpm 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-0.99.6-EL4.1.src.rpm 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-0.99.6-EL4.1.src.rpm 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393 http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHPF/rXlSAg2UNWIIRAoyzAJ9K/9B3CENYFAyN3PqCV08IxqkCnQCfWV2p GVjI6MegPzphK0NEzD+n/6U= =6t+M - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRzz9Gyh9+71yA2DNAQJmdgP/SPJBrdXc8yXoVSnbeTDuTrgIeDJJ+EAo dBiSXVr5h72pbdV0XgKuXsgO4IvPdN1WR+FfPHAKALIVo+6YYcVO2dvL4O009oV0 cfJO8vylAtuR3RqzM/At88JXlN5cObYWnCqVZ72mAM/RgWvW7Q1zFMLnbkW3Pw10 itlxSNyiObM= =Lj6e -----END PGP SIGNATURE-----