SB20170613106 - Fedora 26 update for wireshark

Description

This security bulletin contains information about 12 vulnerabilities.

1) Null pointer dereference (CVE-ID: CVE-2017-9343)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the MSNIP dissector when validating an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-msnip.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Divide by zero (CVE-ID: CVE-2017-9344)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to divide by zero in the Bluetooth L2CAP dissector when validating an interval value. A remote attacker can inject a malformed packet epan/dissectors/packet-btl2cap.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Infinite loop (CVE-ID: CVE-2017-9345)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the DNS dissector when trying to detect self-referencing pointers. A remote attacker can inject a malformed packet epan/dissectors/packet-dns.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Infinite loop (CVE-ID: CVE-2017-9346)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the SoulSeek dissector when making loop bounds more explicit. A remote attacker can inject a malformed packet epan/dissectors/packet-slsk.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Null pointer dereference (CVE-ID: CVE-2017-9347)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the ROS dissector when validating an OID. A remote attacker can inject a malformed packet epan/dissectors/asn1/ros/packet-ros-template.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Out-of-bounds read (CVE-ID: CVE-2017-9348)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the DOF dissector when validating a size value. A remote attacker can inject a malformed packet epan/dissectors/packet-dof.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Infinite loop (CVE-ID: CVE-2017-9349)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the DICOM dissector when validating a length value. A remote attacker can inject a malformed packet epan/dissectors/packet-dcm.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Memory corruption (CVE-ID: CVE-2017-9350)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory corruption in the DICOM dissector when checking for a negative length. A remote attacker can inject a malformed packet epan/dissectors/packet-opensafety.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

9) Out-of-bounds read (CVE-ID: CVE-2017-9351)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory corruption in the DHCP dissector. A remote attacker can inject a malformed packet epan/dissectors/packet-bootp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

10) Infinite loop (CVE-ID: CVE-2017-9352)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the Bazaar dissector could when backwards parsing. A remote attacker can inject a malformed packet epan/dissectors/packet-bzr.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Denial of service (CVE-ID: CVE-2017-9353)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the IPv6 dissector due to improper validation of an IPv6 address. A remote attacker can inject a malformed packet epan/dissectors/packet-ipv6.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

12) Denial of service (CVE-ID: CVE-2017-9354)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the RGMP dissector due to improper validation of an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-rgmp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f15bf15cf