Arch Linux Security Advisory ASA-201810-9
========================================
Severity: High
Date    : 2018-10-12
CVE-ID  : CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227
Package : wireshark-cli
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-779

Summary
======
The package wireshark-cli before version 2.6.4-1 is vulnerable to
multiple issues including arbitrary code execution and denial of
service.

Resolution
=========
Upgrade to 2.6.4-1.

# pacman -Syu "wireshark-cli>=2.6.4-1"

The problems have been fixed upstream in version 2.6.4.

Workaround
=========
None.

Description
==========
- CVE-2018-12086 (arbitrary code execution)

A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the
OpcUa dissector where a specially crafted structured request could lead
to stack overflow. This could be used by an attacker to crash wireshark
or execute arbitrary code on the affected host by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.

- CVE-2018-18225 (denial of service)

A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the
CoAP dissector where an invalid frame could lead to NULL-pointer
dereference. This could be used by an attacker to crash wireshark by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2018-18226 (denial of service)

A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the
Steam IHS Discovery dissector where dynamically allocated memory was
not properly freed on exception. This could be used by an attacker to
crash wireshark by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.

- CVE-2018-18227 (denial of service)

A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the
MS-WSP dissector where an invalid type could lead to an assertion
failure. This could be used by an attacker to crash wireshark by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

Impact
=====
An attacker can crash wireshark or execute arbitrary code on the
affected host by injecting a malformed packet onto the wire or by
convincing a local user to read a malformed packet trace file.

References
=========
https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html
https://www.wireshark.org/security/wnpa-sec-2018-50
https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
;a=commitdiff;h=fc956747a139269a6fb4f67c639e12b3f4e9ccd9
https://www.wireshark.org/security/wnpa-sec-2018-49
https://gitlab.com/wireshark/wireshark/-/issues/15172
;a=commitdiff;h=b2bbd9fdf209911d94b23cc33f4daccbceb7fa8a
https://www.wireshark.org/security/wnpa-sec-2018-48
https://gitlab.com/wireshark/wireshark/-/issues/15171
;a=commitdiff;h=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7
https://www.wireshark.org/security/wnpa-sec-2018-47
https://gitlab.com/wireshark/wireshark/-/issues/15119
;a=commitdiff;h=536fb9403a5f6bcc060aaa2a1f35d8d0225bb1fd
https://security.archlinux.org/CVE-2018-12086
https://security.archlinux.org/CVE-2018-18225
https://security.archlinux.org/CVE-2018-18226
https://security.archlinux.org/CVE-2018-18227

ArchLinux: 201810-9: wireshark-cli: multiple issues

October 12, 2018

Summary

- CVE-2018-12086 (arbitrary code execution) A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the OpcUa dissector where a specially crafted structured request could lead to stack overflow. This could be used by an attacker to crash wireshark or execute arbitrary code on the affected host by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2018-18225 (denial of service)
A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the CoAP dissector where an invalid frame could lead to NULL-pointer dereference. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2018-18226 (denial of service)
A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the Steam IHS Discovery dissector where dynamically allocated memory was not properly freed on exception. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2018-18227 (denial of service)
A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the MS-WSP dissector where an invalid type could lead to an assertion failure. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to 2.6.4-1. # pacman -Syu "wireshark-cli>=2.6.4-1"
The problems have been fixed upstream in version 2.6.4.

References

https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html https://www.wireshark.org/security/wnpa-sec-2018-50 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf ;a=commitdiff;h=fc956747a139269a6fb4f67c639e12b3f4e9ccd9 https://www.wireshark.org/security/wnpa-sec-2018-49 https://gitlab.com/wireshark/wireshark/-/issues/15172 ;a=commitdiff;h=b2bbd9fdf209911d94b23cc33f4daccbceb7fa8a https://www.wireshark.org/security/wnpa-sec-2018-48 https://gitlab.com/wireshark/wireshark/-/issues/15171 ;a=commitdiff;h=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7 https://www.wireshark.org/security/wnpa-sec-2018-47 https://gitlab.com/wireshark/wireshark/-/issues/15119 ;a=commitdiff;h=536fb9403a5f6bcc060aaa2a1f35d8d0225bb1fd https://security.archlinux.org/CVE-2018-12086 https://security.archlinux.org/CVE-2018-18225 https://security.archlinux.org/CVE-2018-18226 https://security.archlinux.org/CVE-2018-18227

Severity
Package : wireshark-cli
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-779

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved