Skip to navigation

Security Advisory Low: wireshark security and bug fix update

Advisory: RHSA-2007:0709-2
Type: Security Advisory
Severity: Low
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393

Details

New Wireshark packages that fix various security vulnerabilities and
functionality bugs are now available for Red Hat Enterprise Linux 4.
Wireshark was previously known as Ethereal.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Wireshark is a program for monitoring network traffic.

Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP
ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for
Wireshark to crash or stop responding if it read a malformed packet off the
network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,
CVE-2007-3393)

Wireshark would interpret certain completion codes incorrectly when
dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported
as malformed IPMI traffic.

Users of Wireshark should upgrade to these updated packages containing
Wireshark version 0.99.6, which correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
wireshark-0.99.6-EL4.1.src.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2d8ad27725033ac2bbadd5a385b6ae76
 
IA-32:
wireshark-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: 3c6c77126ea4b1999f75a18a283d6499
wireshark-gnome-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: ce5d1420de890fab97bb8c84617d1f25
 
x86_64:
wireshark-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: a42ab0969e973cdab74c439427e21cfe
wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 0c41fb92a893e0e031be4be98d54db3d
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
wireshark-0.99.6-EL4.1.src.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2d8ad27725033ac2bbadd5a385b6ae76
 
IA-32:
wireshark-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: 3c6c77126ea4b1999f75a18a283d6499
wireshark-gnome-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: ce5d1420de890fab97bb8c84617d1f25
 
IA-64:
wireshark-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 1db9e6a01562b42162772472433ec40c
wireshark-gnome-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2be1f400717544434423277057fb8a6a
 
PPC:
wireshark-0.99.6-EL4.1.ppc.rpm
File outdated by:  RHSA-2011:0370
    MD5: 851e28e735d2cca81f036e84c10592de
wireshark-gnome-0.99.6-EL4.1.ppc.rpm
File outdated by:  RHSA-2011:0370
    MD5: ca38499152427371121737fcfe545a1a
 
s390:
wireshark-0.99.6-EL4.1.s390.rpm
File outdated by:  RHSA-2011:0370
    MD5: deaa06304c3926eed158bed8a15b2e2b
wireshark-gnome-0.99.6-EL4.1.s390.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2020932bacbcdbbad055735ac0b0100e
 
s390x:
wireshark-0.99.6-EL4.1.s390x.rpm
File outdated by:  RHSA-2011:0370
    MD5: dc81c1505a3040328ab53cd449b388cd
wireshark-gnome-0.99.6-EL4.1.s390x.rpm
File outdated by:  RHSA-2011:0370
    MD5: 88a5ef4d0cf176f18fcf0381c8e80d2e
 
x86_64:
wireshark-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: a42ab0969e973cdab74c439427e21cfe
wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 0c41fb92a893e0e031be4be98d54db3d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
wireshark-0.99.6-EL4.1.src.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2d8ad27725033ac2bbadd5a385b6ae76
 
IA-32:
wireshark-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: 3c6c77126ea4b1999f75a18a283d6499
wireshark-gnome-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: ce5d1420de890fab97bb8c84617d1f25
 
IA-64:
wireshark-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 1db9e6a01562b42162772472433ec40c
wireshark-gnome-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2be1f400717544434423277057fb8a6a
 
x86_64:
wireshark-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: a42ab0969e973cdab74c439427e21cfe
wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 0c41fb92a893e0e031be4be98d54db3d
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
wireshark-0.99.6-EL4.1.src.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2d8ad27725033ac2bbadd5a385b6ae76
 
IA-32:
wireshark-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: 3c6c77126ea4b1999f75a18a283d6499
wireshark-gnome-0.99.6-EL4.1.i386.rpm
File outdated by:  RHSA-2011:0370
    MD5: ce5d1420de890fab97bb8c84617d1f25
 
IA-64:
wireshark-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 1db9e6a01562b42162772472433ec40c
wireshark-gnome-0.99.6-EL4.1.ia64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 2be1f400717544434423277057fb8a6a
 
x86_64:
wireshark-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: a42ab0969e973cdab74c439427e21cfe
wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
File outdated by:  RHSA-2011:0370
    MD5: 0c41fb92a893e0e031be4be98d54db3d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic
245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic
246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic


References


Keywords

BOOTP, crash, DCP, DHCP, DoS, ETSI, HTTP, IPMI, iSeries, loop, MMS, SSL


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/