RHSA-2008:0890 - Security Advisory

Topic

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux for Power, big endian 3 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 435481 - CVE-2008-1070 wireshark: SCTP dissector crash
• BZ - 435482 - CVE-2008-1071 wireshark: SNMP dissector crash
• BZ - 435483 - CVE-2008-1072 wireshark: TFTP dissector crash
• BZ - 439943 - CVE-2008-1563 wireshark: crash in SCCP dissector
• BZ - 440014 - CVE-2008-1561 wireshark: crash in X.509sat and Roofnet dissectors
• BZ - 440015 - CVE-2008-1562 wireshark: crash in LDAP dissector
• BZ - 448584 - Don't automatically use stored privileges
• BZ - 454970 - CVE-2008-3137 wireshark: crash in the GSM SMS dissector
• BZ - 454971 - CVE-2008-3138 wireshark: unexpected exit in the PANA and KISMET dissectors
• BZ - 454975 - CVE-2008-3141 wireshark: memory disclosure in the RMI dissector
• BZ - 454984 - CVE-2008-3145 wireshark: crash in the packet reassembling
• BZ - 461242 - CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
• BZ - 461243 - CVE-2008-3932 wireshark: infinite loop in the NCP dissector
• BZ - 461244 - CVE-2008-3933 wireshark: crash triggered by zlib-compressed packet data
• BZ - 461245 - CVE-2008-3934 wireshark: crash via crafted Tektronix .rf5 file

CVEs

• CVE-2008-1561
• CVE-2008-1563
• CVE-2008-1562
• CVE-2008-3932
• CVE-2008-3933
• CVE-2008-3141
• CVE-2008-3934
• CVE-2008-3137
• CVE-2008-3145
• CVE-2008-3146
• CVE-2008-3138
• CVE-2008-1072
• CVE-2008-1071
• CVE-2008-1070

References

• http://www.redhat.com/security/updates/classification/#moderate
• http://www.wireshark.org/docs/relnotes/
• http://www.wireshark.org/security/