Ubuntu
wireshark package

CVE-2010-4300 and CVE-2010-3445

Bug #682549 reported by Micah Gersten
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Medium
Unassigned
Maverick
Fix Released
Medium
Jamie Strandboge

Bug Description

Binary package hint: wireshark

http://www.wireshark.org/security/wnpa-sec-2010-11.html
Description

Wireshark 1.2.12 fixes the following vulnerability:

    The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0. CVE-2010-3445

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.2.12 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.

--------------------------------------------------
http://www.wireshark.org/security/wnpa-sec-2010-13.html

Description

Wireshark 1.2.13 fixes the following vulnerability:

    Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318) Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1. CVE-2010-4300

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution

Upgrade to Wireshark 1.2.13 or later.

If are running Wireshark 1.2.12 or earlier (including Ethereal) and cannot upgrade, you can work around each of the problems listed above by doing the following:

    Disable the LDSS dissector:
        Select Analyze→Enabled Protocols... from the menu.
        Make sure "LDSS" is un-checked.
        Click "Save", then click "OK".

CVE References

Revision history for this message
Micah Gersten (micahg) wrote :
Changed in wireshark (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Micah Gersten (micahg) wrote :

This was fixed with 1.2.11-4 in Natty.

Changed in wireshark (Ubuntu):
status: Confirmed → Fix Released
Changed in wireshark (Ubuntu Maverick):
importance: Undecided → Medium
status: New → Confirmed
Jamie Strandboge (jdstrand)
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your patch Micah!

In comparing your debdiff with Debian's 1.2.11-4, I noticed that Debian also contains 27_fix-RPC-crash.patch, which doesn't have a CVE yet but does seem to be security relevant. Would you mind adding 27_fix-RPC-crash.patch to your debdiff. Also it would be great if you gave more credit to Debian in the changelog. You did a fine job with that in the DEP-3 comments, but a simple 'Patch thanks to Debian' or similar in the changelog would be good.

Unsubscribing ubuntu-security-sponsors. Please resubscribe ubuntu-security-sponsors and set the status to 'NEW' when the changes are complete. Thanks again!

Changed in wireshark (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
status: Confirmed → Incomplete
Revision history for this message
Micah Gersten (micahg) wrote :

Per discussion with jdstrand in #ubuntu-hardened, we're going to fakesync 1.2.11-4 from Debian unstable

Changed in wireshark (Ubuntu Maverick):
assignee: Micah Gersten (micahg) → Jamie Strandboge (jdstrand)
status: Incomplete → In Progress
Jamie Strandboge (jdstrand)
Changed in wireshark (Ubuntu Maverick):
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

$ $UQT/security-tools/unembargo wireshark
Loading Ubuntu Distribution ...
Loading Ubuntu Archive ...
Loading ubuntu-security 'ppa' PPA ...
Locating wireshark ...
 Publishing wireshark 1.2.11-4build0.10.10.1 to ubuntu/primary maverick (Security)...

Changed in wireshark (Ubuntu Maverick):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in wireshark (Ubuntu Lucid):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in wireshark (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.