Issued:
2008-10-01
Updated:
2008-10-01

RHSA-2008:0890 - Security Advisory

Synopsis

Moderate: wireshark security update

Type/Severity

Security Advisory: Moderate

Topic

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 435481 - CVE-2008-1070 wireshark: SCTP dissector crash
  • BZ - 435482 - CVE-2008-1071 wireshark: SNMP dissector crash
  • BZ - 435483 - CVE-2008-1072 wireshark: TFTP dissector crash
  • BZ - 439943 - CVE-2008-1563 wireshark: crash in SCCP dissector
  • BZ - 440014 - CVE-2008-1561 wireshark: crash in X.509sat and Roofnet dissectors
  • BZ - 440015 - CVE-2008-1562 wireshark: crash in LDAP dissector
  • BZ - 448584 - Don't automatically use stored privileges
  • BZ - 454970 - CVE-2008-3137 wireshark: crash in the GSM SMS dissector
  • BZ - 454971 - CVE-2008-3138 wireshark: unexpected exit in the PANA and KISMET dissectors
  • BZ - 454975 - CVE-2008-3141 wireshark: memory disclosure in the RMI dissector
  • BZ - 454984 - CVE-2008-3145 wireshark: crash in the packet reassembling
  • BZ - 461242 - CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
  • BZ - 461243 - CVE-2008-3932 wireshark: infinite loop in the NCP dissector
  • BZ - 461244 - CVE-2008-3933 wireshark: crash triggered by zlib-compressed packet data
  • BZ - 461245 - CVE-2008-3934 wireshark: crash via crafted Tektronix .rf5 file

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
x86_64
wireshark-1.0.3-4.el5_2.x86_64.rpm SHA-256: 64a1eefb08b5c801f7074a54a47c8a4a5e6747d5da6941ddd1eaf17edefe7b0e
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm SHA-256: 612d0453abb4911fa63bbc608f7e4a70905555808658e2724f5bddc24c59b8e1
ia64
wireshark-1.0.3-4.el5_2.ia64.rpm SHA-256: 2a19135c2387778770c920e57fa5028eb3eb30252bab7454352c70455c82c9b1
wireshark-gnome-1.0.3-4.el5_2.ia64.rpm SHA-256: 247d8f370659fc586f131204e4ae7617fcc1780293e2d58852ce159998f7d7f5
i386
wireshark-1.0.3-4.el5_2.i386.rpm SHA-256: fa3b008954f4a7b13c448166350fc3e5571955842e782d992b9e29bf62775708
wireshark-gnome-1.0.3-4.el5_2.i386.rpm SHA-256: a72241028d9ab6d9ec4eaf2254438ccf6c8233e7e175be771b181a696317ada0

Red Hat Enterprise Linux Server 4

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
x86_64
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
ia64
wireshark-1.0.3-3.el4_7.ia64.rpm SHA-256: a16b1c7d50238df5c8eff688028e4c800726b4801d1a04c2221fa1490659b84b
wireshark-1.0.3-3.el4_7.ia64.rpm SHA-256: a16b1c7d50238df5c8eff688028e4c800726b4801d1a04c2221fa1490659b84b
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm SHA-256: 362a86214e807b734f6d8b04b7356669ed0de144f1df75a6bcf60f4ab9245225
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm SHA-256: 362a86214e807b734f6d8b04b7356669ed0de144f1df75a6bcf60f4ab9245225
i386
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
x86_64
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
ia64
wireshark-1.0.3-3.el4_7.ia64.rpm SHA-256: a16b1c7d50238df5c8eff688028e4c800726b4801d1a04c2221fa1490659b84b
wireshark-1.0.3-3.el4_7.ia64.rpm SHA-256: a16b1c7d50238df5c8eff688028e4c800726b4801d1a04c2221fa1490659b84b
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm SHA-256: 362a86214e807b734f6d8b04b7356669ed0de144f1df75a6bcf60f4ab9245225
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm SHA-256: 362a86214e807b734f6d8b04b7356669ed0de144f1df75a6bcf60f4ab9245225
i386
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9

Red Hat Enterprise Linux Workstation 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
x86_64
wireshark-1.0.3-4.el5_2.x86_64.rpm SHA-256: 64a1eefb08b5c801f7074a54a47c8a4a5e6747d5da6941ddd1eaf17edefe7b0e
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm SHA-256: 612d0453abb4911fa63bbc608f7e4a70905555808658e2724f5bddc24c59b8e1
i386
wireshark-1.0.3-4.el5_2.i386.rpm SHA-256: fa3b008954f4a7b13c448166350fc3e5571955842e782d992b9e29bf62775708
wireshark-gnome-1.0.3-4.el5_2.i386.rpm SHA-256: a72241028d9ab6d9ec4eaf2254438ccf6c8233e7e175be771b181a696317ada0

Red Hat Enterprise Linux Workstation 4

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
x86_64
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
ia64
wireshark-1.0.3-3.el4_7.ia64.rpm SHA-256: a16b1c7d50238df5c8eff688028e4c800726b4801d1a04c2221fa1490659b84b
wireshark-gnome-1.0.3-3.el4_7.ia64.rpm SHA-256: 362a86214e807b734f6d8b04b7356669ed0de144f1df75a6bcf60f4ab9245225
i386
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9

Red Hat Enterprise Linux Desktop 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
x86_64
wireshark-1.0.3-4.el5_2.x86_64.rpm SHA-256: 64a1eefb08b5c801f7074a54a47c8a4a5e6747d5da6941ddd1eaf17edefe7b0e
i386
wireshark-1.0.3-4.el5_2.i386.rpm SHA-256: fa3b008954f4a7b13c448166350fc3e5571955842e782d992b9e29bf62775708

Red Hat Enterprise Linux Desktop 4

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
x86_64
wireshark-1.0.3-3.el4_7.x86_64.rpm SHA-256: 04daa2a0db83b1abc9b3f8e52d47da0f3cadbab91a42b1d267d0a7a9aea9d0e4
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SHA-256: 8cce60194198ef8c6543afb2c123c49040efa540126752c224e8dc0f151dd331
i386
wireshark-1.0.3-3.el4_7.i386.rpm SHA-256: 8bf5401bf4b5f57648125c17f4bdc6af1a9f4540c7229cab967ba94f2f4ae9d9
wireshark-gnome-1.0.3-3.el4_7.i386.rpm SHA-256: 2945d9e8f41ddf063189c250e931e3fc6d98580d09503d7589ebd5f82f4fd6f9

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
s390x
wireshark-1.0.3-4.el5_2.s390x.rpm SHA-256: fd76806acfbaf56d08d582ac2e04c5a9b44c4ce56ad4c2eeea9e01135ad22758
wireshark-gnome-1.0.3-4.el5_2.s390x.rpm SHA-256: bb4189916cfb48e50c590d517949e00f7f32df42d5553e3393a1725134e75670

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
s390x
wireshark-1.0.3-3.el4_7.s390x.rpm SHA-256: 84ee18dc4c4dda6215ec03120681da7eafed371cdee0cdf528afdea88c00c40c
wireshark-gnome-1.0.3-3.el4_7.s390x.rpm SHA-256: cc6ccc8643f208e66298398f0cc9acdca1784c7fe98face67332303b6e780642
s390
wireshark-1.0.3-3.el4_7.s390.rpm SHA-256: 632955cd5e61a9dd300972f85d744de1c0b0b299aedf130549571a8b50175311
wireshark-gnome-1.0.3-3.el4_7.s390.rpm SHA-256: dc3c7d0800eecc538e349581c9dd5233af7f1d95ad2b7cefd48626d725eb0db0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
s390x
wireshark-1.0.3-3.el4_7.s390x.rpm SHA-256: 84ee18dc4c4dda6215ec03120681da7eafed371cdee0cdf528afdea88c00c40c
wireshark-gnome-1.0.3-3.el4_7.s390x.rpm SHA-256: cc6ccc8643f208e66298398f0cc9acdca1784c7fe98face67332303b6e780642
s390
wireshark-1.0.3-3.el4_7.s390.rpm SHA-256: 632955cd5e61a9dd300972f85d744de1c0b0b299aedf130549571a8b50175311
wireshark-gnome-1.0.3-3.el4_7.s390.rpm SHA-256: dc3c7d0800eecc538e349581c9dd5233af7f1d95ad2b7cefd48626d725eb0db0

Red Hat Enterprise Linux for Power, big endian 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
ppc
wireshark-1.0.3-4.el5_2.ppc.rpm SHA-256: c954811099d9f1481c177db739afbed4e1a26513364198940182916a2c63c4d2
wireshark-gnome-1.0.3-4.el5_2.ppc.rpm SHA-256: c0b58f89a501304191fd12bf4c72e32295907690612b31668565459e32041567

Red Hat Enterprise Linux for Power, big endian 4

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
ppc
wireshark-1.0.3-3.el4_7.ppc.rpm SHA-256: e870895e3110451971d185bce20c505d777fc3d489cc93f6e3effaa6e668d9d6
wireshark-gnome-1.0.3-3.el4_7.ppc.rpm SHA-256: d5bde321eb1cb0d5d141e865f96aca1a9972505f18bab09b5b8209f2e6308748

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
wireshark-1.0.3-3.el4_7.src.rpm SHA-256: f645468e575d6d2da7441f032db4c7da9d8b5a5e38ff7eebc7a06f975ac30fa1
ppc
wireshark-1.0.3-3.el4_7.ppc.rpm SHA-256: e870895e3110451971d185bce20c505d777fc3d489cc93f6e3effaa6e668d9d6
wireshark-gnome-1.0.3-3.el4_7.ppc.rpm SHA-256: d5bde321eb1cb0d5d141e865f96aca1a9972505f18bab09b5b8209f2e6308748

Red Hat Enterprise Linux Server from RHUI 5

SRPM
wireshark-1.0.3-4.el5_2.src.rpm SHA-256: 3263109bc2ed263ad36a0c5d15139080dd69a43722f5ba3b5b22d90e62d4ebec
x86_64
wireshark-1.0.3-4.el5_2.x86_64.rpm SHA-256: 64a1eefb08b5c801f7074a54a47c8a4a5e6747d5da6941ddd1eaf17edefe7b0e
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm SHA-256: 612d0453abb4911fa63bbc608f7e4a70905555808658e2724f5bddc24c59b8e1
i386
wireshark-1.0.3-4.el5_2.i386.rpm SHA-256: fa3b008954f4a7b13c448166350fc3e5571955842e782d992b9e29bf62775708
wireshark-gnome-1.0.3-4.el5_2.i386.rpm SHA-256: a72241028d9ab6d9ec4eaf2254438ccf6c8233e7e175be771b181a696317ada0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.