Bug 1086033 (CVE-2014-4174)

Summary: CVE-2014-4174 libpcap: file parser crash (wnpa-sec-2014-05)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: falonso, mruprich, msekleta, pfrields, thozza
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 1.10.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-05 16:24:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1086034    

Description Vincent Danen 2014-04-10 00:36:46 UTC 
It was reported that the libpcap file parser could crash.  It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

This is reported to affect Wireshark versions 1.10.0 to 1.10.3 and is fixed in 1.10.4.  According to the upstream bug report, it was only ever reproduced in Windows, however the upstream advisory does not indicate that it is Windows-only.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753


External References:

http://www.wireshark.org/security/wnpa-sec-2014-05.html
Comment 1 Vincent Danen 2014-06-18 20:13:33 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4174 to
the following vulnerability:

Name: CVE-2014-4174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4174
Assigned: 20140617
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390
Reference: http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123
Reference: http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123
Reference: http://www.wireshark.org/security/wnpa-sec-2014-05.html
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x
before 1.10.4 allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted packet-trace file that includes a large packet.
Comment 2 Vincent Danen 2015-02-05 16:22:49 UTC 
Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.