exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-238

Mandriva Linux Security Advisory 2013-238
Posted Sep 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-238 - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service via a crafted packet. epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service via a crafted packet. Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. This advisory provides the latest supported version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-5718, CVE-2013-5719, CVE-2013-5720, CVE-2013-5721, CVE-2013-5722
SHA-256 | 59f514761be19fd8610b15bd6386922bee2038f6ecab24aabefb8b76061ac264

Mandriva Linux Security Advisory 2013-238

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:238
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : September 19, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was found and corrected in Wireshark:

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c
in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x
before 1.10.2 does not restrict the dch_id value, which allows
remote attackers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-5718).

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark
1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers
to cause a denial of service (infinite loop) via a crafted packet
(CVE-2013-5719).

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10
and 1.10.x before 1.10.2 allows remote attackers to cause a denial
of service (application crash) via a crafted packet (CVE-2013-5720).

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ
dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
does not properly determine when to enter a certain loop, which allows
remote attackers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-5721).

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x
before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to
cause a denial of service (application crash) via a crafted packet
(CVE-2013-5722).

This advisory provides the latest supported version of Wireshark
(1.8.10) which is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722
https://www.wireshark.org/security/wnpa-sec-2013-55.html
https://www.wireshark.org/security/wnpa-sec-2013-56.html
https://www.wireshark.org/security/wnpa-sec-2013-57.html
https://www.wireshark.org/security/wnpa-sec-2013-58.html
https://www.wireshark.org/security/wnpa-sec-2013-59.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
de61ebb8817cb8039504ca524781c497 mes5/i586/dumpcap-1.8.10-0.1mdvmes5.2.i586.rpm
d829f01a5a5f860a6169131be9323981 mes5/i586/libwireshark2-1.8.10-0.1mdvmes5.2.i586.rpm
b68baa4354238f3193dce302690f3787 mes5/i586/libwireshark-devel-1.8.10-0.1mdvmes5.2.i586.rpm
c6ec2e0ece2af0f1fb61d9733e621f45 mes5/i586/rawshark-1.8.10-0.1mdvmes5.2.i586.rpm
1bee6bed84baba1cac9902f654213c76 mes5/i586/tshark-1.8.10-0.1mdvmes5.2.i586.rpm
c35b5c79b6a025dfe6d283a1a26409bf mes5/i586/wireshark-1.8.10-0.1mdvmes5.2.i586.rpm
a671049d8adb62f53db78830c5fd0e27 mes5/i586/wireshark-tools-1.8.10-0.1mdvmes5.2.i586.rpm
443c2e9cdc43786df065aba00f629d47 mes5/SRPMS/wireshark-1.8.10-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
d1b79b99e14e7d71cfab1f043fbf6724 mes5/x86_64/dumpcap-1.8.10-0.1mdvmes5.2.x86_64.rpm
2094e86f1dd8f0908b5931814b03d280 mes5/x86_64/lib64wireshark2-1.8.10-0.1mdvmes5.2.x86_64.rpm
41a032e6ea9401c3ba49c5b2a2a670bc mes5/x86_64/lib64wireshark-devel-1.8.10-0.1mdvmes5.2.x86_64.rpm
3dc07fa084199ba1cc6ebe6287e03583 mes5/x86_64/rawshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
05b4625a36bf25b343574f30d9538029 mes5/x86_64/tshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
02c751957b73bbe139523f4141d677fb mes5/x86_64/wireshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
d8f93640400df0bb2f4823165cd8b738 mes5/x86_64/wireshark-tools-1.8.10-0.1mdvmes5.2.x86_64.rpm
443c2e9cdc43786df065aba00f629d47 mes5/SRPMS/wireshark-1.8.10-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
7e3729b680262732e67fe8235615fcdb mbs1/x86_64/dumpcap-1.8.10-1.mbs1.x86_64.rpm
cf73b7aef79429ed8e703e3aa8b62fa1 mbs1/x86_64/lib64wireshark2-1.8.10-1.mbs1.x86_64.rpm
1e65c4a4df9e4808ff6d5142851603b4 mbs1/x86_64/lib64wireshark-devel-1.8.10-1.mbs1.x86_64.rpm
772a7e69de64fe6523f0a9360132a251 mbs1/x86_64/rawshark-1.8.10-1.mbs1.x86_64.rpm
18f520b096e6a90e36c07253e3f06cd1 mbs1/x86_64/tshark-1.8.10-1.mbs1.x86_64.rpm
8153e002e9ad7cf5a9ba5e878e8a1dc1 mbs1/x86_64/wireshark-1.8.10-1.mbs1.x86_64.rpm
3b10fffd6e77b81865b05c77460a21e5 mbs1/x86_64/wireshark-tools-1.8.10-1.mbs1.x86_64.rpm
f573422739b5d540b16831abeea42823 mbs1/SRPMS/wireshark-1.8.10-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSOsGdmqjQ0CJFipgRAjK7AJ481D98QuxscNqsQ3c4kTXFoD6dtQCg3/D4
UzUbyx2R+kXWR7StnovHZrg=
=fLCc
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close