(RHSA-2008:0890) Moderate: wireshark security update

2008-10-0100:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.0%

JSON

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHat4ppcwireshark< 1.0.3-3.el4_7wireshark-1.0.3-3.el4_7.ppc.rpm
RedHat5ppcwireshark< 1.0.3-4.el5_2wireshark-1.0.3-4.el5_2.ppc.rpm
RedHat5ppcwireshark-gnome< 1.0.3-4.el5_2wireshark-gnome-1.0.3-4.el5_2.ppc.rpm
RedHat4i386wireshark< 1.0.3-3.el4_7wireshark-1.0.3-3.el4_7.i386.rpm
RedHat5x86_64wireshark-gnome< 1.0.3-4.el5_2wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm
RedHat5ia64wireshark< 1.0.3-4.el5_2wireshark-1.0.3-4.el5_2.ia64.rpm
RedHat4s390xwireshark< 1.0.3-3.el4_7wireshark-1.0.3-3.el4_7.s390x.rpm
RedHat5s390xwireshark< 1.0.3-4.el5_2wireshark-1.0.3-4.el5_2.s390x.rpm
RedHat5i386wireshark< 1.0.3-4.el5_2wireshark-1.0.3-4.el5_2.i386.rpm
RedHat5i386wireshark-gnome< 1.0.3-4.el5_2wireshark-gnome-1.0.3-4.el5_2.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	ppc	wireshark	< 1.0.3-3.el4_7	wireshark-1.0.3-3.el4_7.ppc.rpm
RedHat	5	ppc	wireshark	< 1.0.3-4.el5_2	wireshark-1.0.3-4.el5_2.ppc.rpm
RedHat	5	ppc	wireshark-gnome	< 1.0.3-4.el5_2	wireshark-gnome-1.0.3-4.el5_2.ppc.rpm
RedHat	4	i386	wireshark	< 1.0.3-3.el4_7	wireshark-1.0.3-3.el4_7.i386.rpm
RedHat	5	x86_64	wireshark-gnome	< 1.0.3-4.el5_2	wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm
RedHat	5	ia64	wireshark	< 1.0.3-4.el5_2	wireshark-1.0.3-4.el5_2.ia64.rpm
RedHat	4	s390x	wireshark	< 1.0.3-3.el4_7	wireshark-1.0.3-3.el4_7.s390x.rpm
RedHat	5	s390x	wireshark	< 1.0.3-4.el5_2	wireshark-1.0.3-4.el5_2.s390x.rpm
RedHat	5	i386	wireshark	< 1.0.3-4.el5_2	wireshark-1.0.3-4.el5_2.i386.rpm
RedHat	5	i386	wireshark-gnome	< 1.0.3-4.el5_2	wireshark-gnome-1.0.3-4.el5_2.i386.rpm