Bug 513027

Summary: CVE-2009-2560 Wireshark: Past-the-buffer read in the MIOP dissector
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3652
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-12 10:00:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2009-07-21 17:17:08 UTC 
An insufficient user-provided input validation flaw was found
in the Wireshark's MIOP dissector. A remote attacker could
provide a specially-crafted MIOP packet capture file, which
once opened by an unsuspecting user, would attempt to read
past the bounds of allocated buffer, leading to application
(Wireshark) abort.

References:
----------
http://www.wireshark.org/security/wnpa-sec-2009-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3652

Reproducer:
-----------
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3243

Upstream patch:
---------------
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ziop.c?r1=29095&r2=29094&pathrev=29095&view=patch
Comment 1 Jan Lieskovsky 2009-07-21 17:18:34 UTC 
This issue does NOT affect the versions of the wireshark package, 
as shipped with Red Hat Enterprise Linux 3, 4, and 5.

This issue does NOT affect the version of the wireshark package,
as shipped with Fedora release of 10.

This issue affects the versions of the wireshark package, 
as shipped with Fedora releases of 11 and Rawhide.
Comment 2 Jan Lieskovsky 2009-07-21 19:57:00 UTC 
MITRE's CVE-2009-2560 entry:

Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote
attackers to cause a denial of service (crash) via unspecified vectors
in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors.

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560
http://www.wireshark.org/security/wnpa-sec-2009-04.html
http://www.securityfocus.com/bid/35748
http://secunia.com/advisories/35884
http://www.vupen.com/english/advisories/2009/1970
Comment 3 Jan Lieskovsky 2009-08-12 10:00:16 UTC 

*** This bug has been marked as a duplicate of bug 513008 ***