- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: August 29, 2006 Bugs: #144946 ID: 200608-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Wireshark is vulnerable to several security issues that may lead to a Denial of Service and/or the execution of arbitrary code. Background ========== Wireshark is a feature-rich network protocol analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 0.99.3 >= 0.99.3 Description =========== The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact ====== An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround ========== Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled protocols" menus. Make sure the ESP decryption is disabled, with the "Edit -> Preferences -> Protocols -> ESP" menu. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.3" References ========== [ 1 ] CVE-2006-4330 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4330 [ 2 ] CVE-2006-4331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4331 [ 3 ] CVE-2006-4332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4332 [ 4 ] CVE-2006-4333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4333 [ 5 ] Wireshark official advisory http://www.wireshark.org/security/wnpa-sec-2006-02.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200608-26.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
pgpXY2wXM8heN.pgp
Description: PGP signature