- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200607-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Wireshark: Multiple vulnerabilities Date: July 25, 2006 Bugs: #140856 ID: 200607-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Wireshark (formerly known as Ethereal) is vulnerable to several security issues, potentially allowing the execution of arbitrary code by a remote attacker. Background ========== Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 0.99.2 >= 0.99.2 2 net-analyzer/ethereal <= 0.99.0-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact ====== Running an affected version of Wireshark or Ethereal could allow for a remote attacker to execute arbitrary code on the user's computer by sending specially crafted packets. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2" All Ethereal users should migrate to Wireshark: # emerge --sync # emerge --ask --unmerge net-analyzer/ethereal # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2" To keep the [saved] configuration from Ethereal and reuse it with Wireshark: # mv ~/.ethereal ~/.wireshark References ========== [ 1 ] Wireshark wnpa-sec-2006-01 http://www.wireshark.org/security/wnpa-sec-2006-01.html [ 2 ] CVE-2006-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3627 [ 3 ] CVE-2006-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3628 [ 4 ] CVE-2006-3629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3629 [ 5 ] CVE-2006-3630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3630 [ 6 ] CVE-2006-3631 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3631 [ 7 ] CVE-2006-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3632 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200607-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5