Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 May 2015 11:13:55 +0100
From: Stuart Henderson <stu@...cehopper.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: wireshark: crash on a sample capture
 file genbroad.snoop

On 2015/05/11 17:20, Mgr. Martin ┼Żember wrote:
> Hello,
> 
> I would like to request a CVE for the following issue:
> 
> wireshark crashes on a sample capture file genbroad.snoop
> 
> References:
>    https://bugzilla.redhat.com/show_bug.cgi?id=1219409

Given the nature of the task (decoding network traffic, which is quite
often truncated or malicious, in C) and the wide protocol support, it's
no big surprise that this type of bug shows up so frequently.

I always thought it was a pity that Wireshark's privilege separation
only concerns itself with handling captures as root while running the
main body of the program as a normal userid (rather than specifically
running the risky code, i.e. the dissectors, jailed as an unprivileged
user).

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ