Bug 1044510 (CVE-2013-7114)

Summary: CVE-2013-7114 wireshark: NTLMSSP v2 dissector could crash (wnpa-sec-2013-68)
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: huzaifas, jkurik, lemenkov, pfrields, phatina, rvokal
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 1.8.12, wireshark 1.10.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-25 16:24:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1044512, 1044662, 1074925, 1074926    
Bug Blocks: 1044516    

Description Ratul Gupta 2013-12-18 13:22:23 UTC 
Wireshark recently made an announcement on their website about new versions launched, which also included some security fixes:
Wireshark 1.8.12: http://www.wireshark.org/lists/wireshark-announce/201312/msg00001.html
Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html


Quoted from their website for CVE-2013-7114:
"wnpa-sec-2013-68
  The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. (Bug 9488: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488)
  Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
  CVE-2013-7114."

References:
https://bugs.gentoo.org/show_bug.cgi?id=494612
Comment 1 Ratul Gupta 2013-12-18 13:25:01 UTC 
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1044512]
Comment 2 Peter Lemenkov 2013-12-18 14:40:30 UTC 
Fix was backported to 1.10.3 already.
Comment 3 Vincent Danen 2013-12-18 18:15:46 UTC 
(In reply to Peter Lemenkov from comment #2)
> Fix was backported to 1.10.3

That's fantastic news but doesn't mean you can close the bug.  Please leave it open.  This affects more than Fedora (if Fedora is fixed, feel free to note that in the _Fedora_ bug, not this one).

Thanks.
Comment 4 Vincent Danen 2013-12-18 18:59:38 UTC 
External References:

http://www.wireshark.org/security/wnpa-sec-2013-68.html
Comment 6 Huzaifa S. Sidhpurwala 2013-12-19 06:16:29 UTC 
Upstream patch:

http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=53626
Comment 7 Huzaifa S. Sidhpurwala 2013-12-19 06:18:35 UTC 
Statement:

This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.
Comment 11 errata-xmlrpc 2014-03-31 16:38:03 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html