SB2018060403 - Debian update for wireshark

Security Bulletin ID SB2018060403

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 vulnerabilities.

1) Memory leak (CVE-ID: CVE-2018-9273)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-pcp.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.

2) Memory corruption (CVE-ID: CVE-2018-7320)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c within SIGCOMP protocol dissector. A remote attacker can perform a denial of service (DoS) attack.

3) Memory corruption (CVE-ID: CVE-2018-7334)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-umts_mac.c when rejecting of a certain reserved value. A remote attacker can cause UMTS MAC dissector to crash.

4) Memory corruption (CVE-ID: CVE-2018-7335)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/crypt/airpdcap.c when rejecting lengths that are too small. A remote attacker can cause the IEEE 802.11 dissector to crash.

5) Memory corruption (CVE-ID: CVE-2018-7419)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/asn1/nbap/nbap.cnf when DCH ID initialization. A remote attacker can cause the NBAP dissector to crash.

6) Heap-based buffer overflow (CVE-ID: CVE-2018-9261)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-nbap.c due to prohibiting the self-linking of DCH-IDs. A remote attacker can trick the victim into opening a specially crafted packet trace file, trigger infinite loop and heap-based buffer overflow and cause the NBAP dissector to crash.

7) Heap-based buffer overflow (CVE-ID: CVE-2018-9264)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-adb.c due to checking for a length inconsistency. A remote attacker can trick the victim into opening a specially crafted packet trace file, trigger heap-based buffer overflow and cause the ADB dissector to crash.

8) Use-after-free error (CVE-ID: CVE-2018-11358)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-q931.c due to use-after-free memory error. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the Q.931 dissector and other dissectors to crash.

9) Buffer overflow (CVE-ID: CVE-2018-11360)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-gsm_a_dtap.c due to off-by-one error. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger buffer overflow and cause the GSM A DTAP dissector to crash.

10) Buffer over-read (CVE-ID: CVE-2018-11362)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-ldss.c due to buffer over-read upon encountering a missing '' character. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the LDSS dissector to crash.

Remediation

Install update from vendor's website.

References

https://www.debian.org/security/2018/dsa-4217

SB2018060403 - Debian update for wireshark

Breakdown by Severity

Description

Remediation

References

Please verify you're human