Debian Bug report logs -
#384529
wnpa-sec-2006-02: multiple problems in Wireshark/Ethereal version 0.7.9 to 0.99.2
Reported by: Sam Morris <sam@robots.org.uk>
Date: Thu, 24 Aug 2006 22:18:29 UTC
Severity: critical
Tags: fixed, security
Found in version wireshark/0.99.2-5
Fixed in version 0.99.2-5.1
Done: "Steinar H. Gunderson" <sesse@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#384529; Package wireshark.
(full text, mbox, link).
Acknowledgement sent to Sam Morris <sam@robots.org.uk>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wireshark
Version: 0.99.2-5
Severity: critical
Tags: security
Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From <http://www.wireshark.org/security/wnpa-sec-2006-02.html>:
Wireshark 0.99.3 fixes the following vulnerabilities:
* The SCSI dissector could crash.
Versions affected: 0.99.2. CVE: CVE-2006-4330
* If Wireshark was compiled with ESP decryption support, the IPsec
ESP preference parser was susceptible to off-by-one errors. Versions
affected: 0.99.2. CVE: CVE-2006-4331
* The DHCP dissector (and possibly others) in the Windows version of
Wireshark could trigger a bug in Glib and crash.
Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332
* If the SSCOP dissector has a port range configured and the SSCOP
payload protocol is Q.2931, a malformed packet could make the Q.2931
dissector use up available memory. No port range is configured by
default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333
It may be possible to make Wireshark or Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed packet
onto the wire or by convincing someone to read a malformed packet trace
file.
- -- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages wireshark depends on:
ii libadns1 1.1-4 Asynchronous-capable DNS client li
ii libatk1.0-0 1.12.1-1 The ATK accessibility toolkit
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcairo2 1.2.4-1 The Cairo 2D vector graphics libra
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libcomerr2 1.39-1 common error description library
ii libfontconfig1 2.3.2-7 generic font configuration library
ii libglib2.0-0 2.12.2-1 The GLib library of C routines
ii libgnutls13 1.4.2-1 the GNU TLS library - runtime libr
ii libgtk2.0-0 2.8.20-1 The GTK+ graphical user interface
ii libkrb53 1.4.3-9 MIT Kerberos runtime libraries
ii libpango1.0-0 1.12.3-1+b1 Layout and rendering of internatio
ii libpcap0.8 0.9.4-2 System interface for user-level pa
ii libpcre3 6.4-2 Perl 5 Compatible Regular Expressi
ii libx11-6 2:1.0.0-8 X11 client-side library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii wireshark-common 0.99.2-5 network traffic analyser (common f
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages wireshark recommends:
ii gksu 1.9.2-1 graphical frontend to su
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE7hgxshl/216gEHgRAu53AJ9mdfcbd4gDSg+ce54B48jH4ASXtQCeMKOO
RkEzJd3JY+tHSy1EgOZPIJg=
=we6s
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#384529; Package wireshark.
(full text, mbox, link).
Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #10 received at 384529@bugs.debian.org (full text, mbox, reply):
On Thu, Aug 24, 2006 at 10:20:49PM +0100, Sam Morris wrote:
> Wireshark 0.99.3 fixes the following vulnerabilities:
For those backporting fixes for these holes, I've dug up the Subversion
revision numbers (I'll be doing a backport NMU for this instead of NMUing
with a new upstream version, simply because the amount of work/pain needed
for a new-version-NMU with a debian/ directory in there is just too big).
> * The SCSI dissector could crash.
> Versions affected: 0.99.2. CVE: CVE-2006-4330
svn diff -r18831:18832 http://anonsvn.wireshark.org/wireshark/trunk/
> * If Wireshark was compiled with ESP decryption support, the IPsec
> ESP preference parser was susceptible to off-by-one errors. Versions
> affected: 0.99.2. CVE: CVE-2006-4331
svn diff -r18855:18856 http://anonsvn.wireshark.org/wireshark/trunk/ # this also contains unrelated changes, unfortunately
svn diff -r18914:18915 http://anonsvn.wireshark.org/wireshark/trunk/
svn diff -r18942:18943 http://anonsvn.wireshark.org/wireshark/trunk/
> * The DHCP dissector (and possibly others) in the Windows version of
> Wireshark could trigger a bug in Glib and crash.
> Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332
(r18883, but not relevant for us)
> * If the SSCOP dissector has a port range configured and the SSCOP
> payload protocol is Q.2931, a malformed packet could make the Q.2931
> dissector use up available memory. No port range is configured by
> default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333
svn diff -r18991:18992 http://anonsvn.wireshark.org/wireshark/trunk/
/* Steinar */
--
Homepage: http://www.sesse.net/
Tags added: fixed
Request was from sesse@debian.org (Steinar H. Gunderson)
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to "Steinar H. Gunderson" <sesse@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Sam Morris <sam@robots.org.uk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #17 received at 384529-done@bugs.debian.org (full text, mbox, reply):
Version: 0.99.2-5.1
I've NMUed for this bug (fixing the bug to use versioning instead of the
"fixed" tag, to ease tracking through testing); here's the changelog:
> wireshark (0.99.2-5.1) unstable; urgency=medium
> .
> * Non-maintainer upload.
> * Backport security fixes from 0.99.3a (via Subversion); fixes
> CVE-2006-4331, CVE-2006-4333 (CVE-2006-4330 was fixed in last upload,
> and CVE-2006-4332 is not relevant for Debian). (Closes: #384529)
/* Steinar */
--
Homepage: http://www.sesse.net/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 01:41:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:21:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon