Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.1596
Fuzzing reveals crashes in Wireshark
28 May 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Publisher: Wireshark Foundation
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-11361 CVE-2018-11360 CVE-2018-11359
CVE-2018-11358 CVE-2018-11357 CVE-2018-11356
CVE-2018-11355 CVE-2018-11354
Original Bulletin:
https://www.wireshark.org/security/wnpa-sec-2018-26.html
https://www.wireshark.org/security/wnpa-sec-2018-27.html
https://www.wireshark.org/security/wnpa-sec-2018-28.html
https://www.wireshark.org/security/wnpa-sec-2018-29.html
https://www.wireshark.org/security/wnpa-sec-2018-30.html
https://www.wireshark.org/security/wnpa-sec-2018-31.html
https://www.wireshark.org/security/wnpa-sec-2018-32.html
https://www.wireshark.org/security/wnpa-sec-2018-33.html
Comment: This bulletin contains eight (8) Wireshark Foundation security
advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
wnpa-sec-2018-26 - IEEE 1905.1a dissector crash
Summary
Name: IEEE 1905.1a dissector crash
Docid: wnpa-sec-2018-26
Date: May 22, 2018
Affected versions: 2.6.0
Fixed versions: 2.6.1
References:
Wireshark bug 14647
CVE-2018-11354
Details
Description
The IEEE 1905.1a dissector could crash.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-27 - RTCP dissector crash
Summary
Name: RTCP dissector crash
Docid: wnpa-sec-2018-27
Date: May 22, 2018
Affected versions: 2.6.0
Fixed versions: 2.6.1
References:
Wireshark bug 14673
CVE-2018-11355
Details
Description
The RTCP dissector could crash.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-28 - Multiple dissectors could consume excessive memory
Summary
Name: Multiple dissectors could consume excessive memory
Docid: wnpa-sec-2018-28
Date: May 22, 2018
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
Wireshark bug 14678
CVE-2018-11357
Details
Description
The LTP dissector and other dissectors could consume excessive memory.
Discovered by the OSS-Fuzz project.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-29 - DNS dissector crash
Summary
Name: DNS dissector crash
Docid: wnpa-sec-2018-29
Date: May 22, 2018
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
Wireshark bug 14681
CVE-2018-11356
Details
Description
The DNS dissector could crash. Discovered by the OSS-Fuzz project.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-30 - GSM A DTAP dissector crash
Summary
Name: GSM A DTAP dissector crash
Docid: wnpa-sec-2018-30
Date: May 22, 2018
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
Wireshark bug 14688
CVE-2018-11360
Details
Description
The GSM A DTAP dissector could crash. Discovered by the OSS-Fuzz project.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-31 ? Q.931 dissector crash
Summary
Name: Q.931 dissector crash
Docid: wnpa-sec-2018-31
Date: May 22, 2018
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
Wireshark bug 14689
CVE-2018-11358
Details
Description
The Q.931 dissector could crash. Discovered by the OSS-Fuzz project.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-32 - IEEE 802.11 dissector crash
Summary
Name: IEEE 802.11 dissector crash
Docid: wnpa-sec-2018-32
Date: May 22, 2018
Affected versions: 2.6.0
Fixed versions: 2.6.1
References:
Wireshark bug 14686
CVE-2018-11361
Details
Description
The IEEE 802.11 dissector could crash. Discovered by the OSS-Fuzz project.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1 or later.
- --------------------------------------------------------------------------------
wnpa-sec-2018-33 - Multiple dissectors could crash
Summary
Name: Multiple dissectors could crash
Docid: wnpa-sec-2018-33
Date: May 22, 2018
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
Wireshark bug 14703
CVE-2018-11359
Details
Description
The RRC dissector and other dissectors could crash.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.6.1, 2.4.7, 2.2.15 or later.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWwtIYWaOgq3Tt24GAQgzLBAAy4dn2BoCCE4nKBxv7ZzPS4+c9SEN+eh/
xIuK/fvwOKISLb9DIl4Hcj3S6OtwUbkNak7rkyyKaGUUoZCuE+hxq7acJiDIPTAC
D9e53qtKStx9MeHU/481CYYD9Kg+7pYpzoSE2bj9JZ+ZlP+Y8IDPyltLdm+Eh300
KbHuLsYtPIzhTehwdhlKu7BGin00VJZtLMHRekvi02TtMuSJOgC74D8jQcbFApbh
Dypel2h/0TABmmU6etL5ry7L40IvL0EC+Up058sjobhxKvbATUSRJ+JCxbOE0LJ0
psFvXMPnULOWO2YhkwNPN0opGbQCA442zgXRBS4c8I8QS/pk7Tlx27oAqgdxVtW6
Eyhm25s0FMQ4O61grm+JOxXLf7fUdkIp6X5ND7vh70fyz9fkXRA+YOo24xQAk2q8
Lvrl39PObvnt1rYEIfm+NXYVnLQKyLvUFNuWUsKmXPQBko/3781hgtYrv60+EAsJ
bF4AQxsBSsM5lD7YXyO1POgzOXC5kKXem+U50h9qsH+6Vftm2VyO6+p36AgywthJ
vbORYoN4gwBMYPfXzsKFTaBnEnvt0ZHzzFWz42EJJMD7q8ZSKUuPpK0OoXjjsUyn
kPwk+mgmQZ0wEfB0CIoAZfbmkydLi2/2fA7tyv7c5X/nTqBK8Ra5sZG6lwwMqFJb
thMYX67Gcqk=
=Xitv
-----END PGP SIGNATURE-----