Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 May 2015 11:13:55 +0100
From: Stuart Henderson <stu@...cehopper.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: wireshark: crash on a sample capture
 file genbroad.snoop

On 2015/05/11 17:20, Mgr. Martin Žember wrote:
> Hello,
> 
> I would like to request a CVE for the following issue:
> 
> wireshark crashes on a sample capture file genbroad.snoop
> 
> References:
>    https://bugzilla.redhat.com/show_bug.cgi?id=1219409

Given the nature of the task (decoding network traffic, which is quite
often truncated or malicious, in C) and the wide protocol support, it's
no big surprise that this type of bug shows up so frequently.

I always thought it was a pity that Wireshark's privilege separation
only concerns itself with handling captures as root while running the
main body of the program as a normal userid (rather than specifically
running the risky code, i.e. the dissectors, jailed as an unprivileged
user).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.