Security Advisory Moderate: wireshark security update

Advisory: RHSA-2008:0890-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-10-01
Last updated on: 2008-10-01
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080890.xml
CVEs (cve.mitre.org): CVE-2008-1070
CVE-2008-1071
CVE-2008-1072
CVE-2008-1561
CVE-2008-1562
CVE-2008-1563
CVE-2008-3137
CVE-2008-3138
CVE-2008-3141
CVE-2008-3145
CVE-2008-3146
CVE-2008-3932
CVE-2008-3933
CVE-2008-3934

Details

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
wireshark-gnome-1.0.3-4.el5_2.i386.rpm     50b5986debbcc28cb56cf211db29a2f7
 
x86_64:
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm     28751efc521150c5b2378f1ac944b596
 
Red Hat Desktop (v. 3)
SRPMS:
wireshark-1.0.3-EL3.3.src.rpm     70e84e80e24df3d008875f9c71ade1d4
 
IA-32:
wireshark-1.0.3-EL3.3.i386.rpm     6705179792ab6e44a665c61a831fac0b
wireshark-gnome-1.0.3-EL3.3.i386.rpm     e6b851f239c47e535db3365b7d848b46
 
x86_64:
wireshark-1.0.3-EL3.3.x86_64.rpm     64f2107227af85ee757a2f69e0055bae
wireshark-gnome-1.0.3-EL3.3.x86_64.rpm     a16530d96836c8f3ce7bb015520b76f9
 
Red Hat Desktop (v. 4)
SRPMS:
wireshark-1.0.3-3.el4_7.src.rpm     e22ce0e624b7f8df0042a7abfd322192
 
IA-32:
wireshark-1.0.3-3.el4_7.i386.rpm     717f661dfd186159d495ccd946a69c85
wireshark-gnome-1.0.3-3.el4_7.i386.rpm     ffd1a47c7c733a786090c0708a6acebb
 
x86_64:
wireshark-1.0.3-3.el4_7.x86_64.rpm     bea76860869826c5f2be129d153f344a
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm     9f66a8d1e9425406ba99d67bbacf778a
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
wireshark-1.0.3-4.el5_2.src.rpm     679a0d9c39ba1bd2aa9ba068233bd48d
 
IA-32:
wireshark-1.0.3-4.el5_2.i386.rpm     3833998457529eb2af1547b2cc4587d1
wireshark-gnome-1.0.3-4.el5_2.i386.rpm     50b5986debbcc28cb56cf211db29a2f7
 
IA-64:
wireshark-1.0.3-4.el5_2.ia64.rpm     d942b5fb1b04ebc0d0338b5169d91c39
wireshark-gnome-1.0.3-4.el5_2.ia64.rpm     802a907f7bd37cf78a93bc50a60b6c8f
 
PPC:
wireshark-1.0.3-4.el5_2.ppc.rpm     c7c5efd18bbb9d36f76b14c01f0e17ca
wireshark-gnome-1.0.3-4.el5_2.ppc.rpm     7b06ba8acf2235f55f36c59093e81c64
 
s390x:
wireshark-1.0.3-4.el5_2.s390x.rpm     c5855b3cf16dac815209197e232ec8ee
wireshark-gnome-1.0.3-4.el5_2.s390x.rpm     9730ad3dbd6890dc7c7bba78e4f589cf
 
x86_64:
wireshark-1.0.3-4.el5_2.x86_64.rpm     6f07c6ff181a52a511e4eed55411cfc8
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm     28751efc521150c5b2378f1ac944b596
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
wireshark-1.0.3-EL3.3.src.rpm     70e84e80e24df3d008875f9c71ade1d4
 
IA-32:
wireshark-1.0.3-EL3.3.i386.rpm     6705179792ab6e44a665c61a831fac0b
wireshark-gnome-1.0.3-EL3.3.i386.rpm     e6b851f239c47e535db3365b7d848b46
 
IA-64:
wireshark-1.0.3-EL3.3.ia64.rpm     8652afdf1d51e2a1e60383e004c24883
wireshark-gnome-1.0.3-EL3.3.ia64.rpm     3efea201a8a4520964252576ae84cebf
 
PPC:
wireshark-1.0.3-EL3.3.ppc.rpm     c4faf64086f28e0fa21605fce251d73c
wireshark-gnome-1.0.3-EL3.3.ppc.rpm     30f41a2b0dfd1eafe700f092870363ef
 
s390:
wireshark-1.0.3-EL3.3.s390.rpm     1810e6ff014d00fe6cd537005eecfd29
wireshark-gnome-1.0.3-EL3.3.s390.rpm     ec078a0b2988da02fcbcc62f46fc1335
 
s390x:
wireshark-1.0.3-EL3.3.s390x.rpm     123ae975bcd251e8f80200aded760501
wireshark-gnome-1.0.3-EL3.3.s390x.rpm     ff69bf567aebdcffa0210b4b7fd5b9d6
 
x86_64:
wireshark-1.0.3-EL3.3.x86_64.rpm     64f2107227af85ee757a2f69e0055bae
wireshark-gnome-1.0.3-EL3.3.x86_64.rpm     a16530d96836c8f3ce7bb015520b76f9
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
wireshark-1.0.3-3.el4_7.src.rpm     e22ce0e624b7f8df0042a7abfd322192
 
IA-32:
wireshark-1.0.3-3.el4_7.i386.rpm     717f661dfd186159d495ccd946a69c85
wireshark-gnome-1.0.3-3.el4_7.i386.rpm     ffd1a47c7c733a786090c0708a6acebb
 
IA-64:
wireshark-1.0.3-3.el4_7.ia64.rpm     80583e3eab6c3b271a7ee4e2b765ea3e
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm     df4c79fcc74da2508253fc66f9caca14
 
PPC:
wireshark-1.0.3-3.el4_7.ppc.rpm     7881af93a6a093ff54ded936233860ad
wireshark-gnome-1.0.3-3.el4_7.ppc.rpm     4b3171e162dce16e7e39d18f6e4f41db
 
s390:
wireshark-1.0.3-3.el4_7.s390.rpm     fbdcb81abfcd064512b020b18fdb3c3d
wireshark-gnome-1.0.3-3.el4_7.s390.rpm     518005a3492f497de0a2a8d6c2cec452
 
s390x:
wireshark-1.0.3-3.el4_7.s390x.rpm     1ea807deff415552dcdbdef98b146719
wireshark-gnome-1.0.3-3.el4_7.s390x.rpm     cc09bd3ffec79da1297f42e6be888cbc
 
x86_64:
wireshark-1.0.3-3.el4_7.x86_64.rpm     bea76860869826c5f2be129d153f344a
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm     9f66a8d1e9425406ba99d67bbacf778a
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
wireshark-1.0.3-4.el5_2.src.rpm     679a0d9c39ba1bd2aa9ba068233bd48d
 
IA-32:
wireshark-1.0.3-4.el5_2.i386.rpm     3833998457529eb2af1547b2cc4587d1
 
x86_64:
wireshark-1.0.3-4.el5_2.x86_64.rpm     6f07c6ff181a52a511e4eed55411cfc8
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
wireshark-1.0.3-EL3.3.src.rpm     70e84e80e24df3d008875f9c71ade1d4
 
IA-32:
wireshark-1.0.3-EL3.3.i386.rpm     6705179792ab6e44a665c61a831fac0b
wireshark-gnome-1.0.3-EL3.3.i386.rpm     e6b851f239c47e535db3365b7d848b46
 
IA-64:
wireshark-1.0.3-EL3.3.ia64.rpm     8652afdf1d51e2a1e60383e004c24883
wireshark-gnome-1.0.3-EL3.3.ia64.rpm     3efea201a8a4520964252576ae84cebf
 
x86_64:
wireshark-1.0.3-EL3.3.x86_64.rpm     64f2107227af85ee757a2f69e0055bae
wireshark-gnome-1.0.3-EL3.3.x86_64.rpm     a16530d96836c8f3ce7bb015520b76f9
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
wireshark-1.0.3-3.el4_7.src.rpm     e22ce0e624b7f8df0042a7abfd322192
 
IA-32:
wireshark-1.0.3-3.el4_7.i386.rpm     717f661dfd186159d495ccd946a69c85
wireshark-gnome-1.0.3-3.el4_7.i386.rpm     ffd1a47c7c733a786090c0708a6acebb
 
IA-64:
wireshark-1.0.3-3.el4_7.ia64.rpm     80583e3eab6c3b271a7ee4e2b765ea3e
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm     df4c79fcc74da2508253fc66f9caca14
 
x86_64:
wireshark-1.0.3-3.el4_7.x86_64.rpm     bea76860869826c5f2be129d153f344a
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm     9f66a8d1e9425406ba99d67bbacf778a
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
wireshark-1.0.3-EL3.3.src.rpm     70e84e80e24df3d008875f9c71ade1d4
 
IA-32:
wireshark-1.0.3-EL3.3.i386.rpm     6705179792ab6e44a665c61a831fac0b
wireshark-gnome-1.0.3-EL3.3.i386.rpm     e6b851f239c47e535db3365b7d848b46
 
IA-64:
wireshark-1.0.3-EL3.3.ia64.rpm     8652afdf1d51e2a1e60383e004c24883
wireshark-gnome-1.0.3-EL3.3.ia64.rpm     3efea201a8a4520964252576ae84cebf
 
x86_64:
wireshark-1.0.3-EL3.3.x86_64.rpm     64f2107227af85ee757a2f69e0055bae
wireshark-gnome-1.0.3-EL3.3.x86_64.rpm     a16530d96836c8f3ce7bb015520b76f9
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
wireshark-1.0.3-3.el4_7.src.rpm     e22ce0e624b7f8df0042a7abfd322192
 
IA-32:
wireshark-1.0.3-3.el4_7.i386.rpm     717f661dfd186159d495ccd946a69c85
wireshark-gnome-1.0.3-3.el4_7.i386.rpm     ffd1a47c7c733a786090c0708a6acebb
 
IA-64:
wireshark-1.0.3-3.el4_7.ia64.rpm     80583e3eab6c3b271a7ee4e2b765ea3e
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm     df4c79fcc74da2508253fc66f9caca14
 
x86_64:
wireshark-1.0.3-3.el4_7.x86_64.rpm     bea76860869826c5f2be129d153f344a
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm     9f66a8d1e9425406ba99d67bbacf778a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

435481 - CVE-2008-1070 wireshark: SCTP dissector crash
435482 - CVE-2008-1071 wireshark: SNMP dissector crash
435483 - CVE-2008-1072 wireshark: TFTP dissector crash
439943 - CVE-2008-1563 wireshark: crash in SCCP dissector
440014 - CVE-2008-1561 wireshark: crash in X.509sat and Roofnet dissectors
440015 - CVE-2008-1562 wireshark: crash in LDAP dissector
448584 - Don't automatically use stored privileges
454970 - CVE-2008-3137 wireshark: crash in the GSM SMS dissector
454971 - CVE-2008-3138 wireshark: unexpected exit in the PANA and KISMET dissectors
454975 - CVE-2008-3141 wireshark: memory disclosure in the RMI dissector
454984 - CVE-2008-3145 wireshark: crash in the packet reassembling
461242 - CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
461243 - CVE-2008-3932 wireshark: infinite loop in the NCP dissector
461244 - CVE-2008-3933 wireshark: crash triggered by zlib-compressed packet data
461245 - CVE-2008-3934 wireshark: crash via crafted Tektronix .rf5 file


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934
http://www.redhat.com/security/updates/classification/#moderate
http://www.wireshark.org/docs/relnotes/
http://www.wireshark.org/security/

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/