Bug 706728 – VUL-1: wireshark: new updates fix two DoS issues

Bug 706728 - VUL-1: wireshark: new updates fix two DoS issues


Summary:	VUL-1: wireshark: new updates fix two DoS issues

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:	. maint:released:11.3:43640 maint:rel...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2011-07-19 13:32 UTC by Sebastian Krahmer
Modified:	2011-11-21 11:13 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2011-07-19 13:32:13 UTC

As this seems some GSM/UMTS dissector issue, its probably
enough to be handled as VUL-1:

Via OSS-sec:

Date: Tue, 19 Jul 2011 14:41:12 +0200
From: Jan Lieskovsky

Hello Josh, Steve, vendors,

  an infinite loop was found in the way ANSI A Interface (IS-634/IOS)
dissector of the Wireshark network traffic analyzer processed certain
ANSI A MAP capture files. If Wireshark read a malformed packet off a
network or opened a malicious packet capture file, it could lead to
denial of service (Wireshark hang).

Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044

Public PoC:
[2]
http://www.wireshark.org/download/automated/captures/fuzz-2011-06-20-22762.pcap

Relevant upstream patch:
[3] http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930

References:
[4] http://www.wireshark.org/security/
[5] http://www.wireshark.org/security/wnpa-sec-2011-11.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-10.html
[7] https://bugzilla.redhat.com/show_bug.cgi?id=723215

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 1 Sebastian Krahmer 2011-07-20 07:22:21 UTC

CVE-2011-2698

Comment 2 Sebastian Krahmer 2011-07-20 14:29:29 UTC

Seems like there was another CVE fixed along (CVE-2011-2597)
with the new wireshark releases:

http://www.wireshark.org/lists/wireshark-announce/201107/msg00001.html

Comment 3 Chunyan Liu 2011-08-19 06:07:46 UTC

Fixed package submitted to ibs (SLES-11sp1,10sp3,10sp4) and obs (opensuse-11.3,11.4,Factory)

Comment 4 Swamp Workflow Management 2011-10-17 09:35:28 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)

Comment 5 Swamp Workflow Management 2011-10-17 13:28:31 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 6 Swamp Workflow Management 2011-10-17 15:59:56 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 7 Swamp Workflow Management 2011-10-17 17:04:08 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 8 Swamp Workflow Management 2011-11-15 11:15:33 UTC

The SWAMPID for this issue is 44170.
This issue was rated as important.
Please submit fixed packages until 2011-11-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 9 Swamp Workflow Management 2011-11-18 12:26:42 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)

Comment 10 Swamp Workflow Management 2011-11-18 15:13:30 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 11 Swamp Workflow Management 2011-11-18 15:38:47 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 12 Swamp Workflow Management 2011-11-20 17:59:24 UTC

Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 13 Matthias Weckbecker 2011-11-21 11:13:28 UTC

released