oss-security - Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 01 Jun 2011 10:27:19 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple
 DoS issues

On 06/01/2011 05:24 AM, Kurt Seifried wrote:
> I didn't see any CVE's in the Wireshark Bug tracking/advisory nor
> could I find these in the Red Hat Bugzilla (but I'm guessing as a CNA
> they have CVE #'s assigned?)
> 
Red Hat did not assign any CVE ids yet, since most of the work mentioned
below was done by me on my personal time :)


> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Diameter dictionary file could crash Wireshark.
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
This is a memory corruption flaw caused by using a custom config files.
You will normally have to social engineer the victim to use a malicious
config file and then run wireshark
> 
> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted snoop file could crash Wireshark. (Bug 5912)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
> 
> 
> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Visual Networks file could crash Wireshark. (Bug
> 5934)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
> 
Both of the above are integer overflow issues, which cause subsequent
memory corruption.
> 
> http://www.wireshark.org/security/wnpa-sec-2011-07.html
> http://www.wireshark.org/security/wnpa-sec-2011-08.html
> 
Steve, could you please assign CVE ids to the issues mentioned in the
above URLs? thanks.

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.