|Summary:||CVE-2011-1959 wireshark: Stack-based buffer over-read from tvbuff buffer when reading snoop capture files|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||bressers, huzaifas, jsafrane, rvokal|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-01-08 09:01:53 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||809045, 809046, 834180|
|Bug Blocks:||807617, 816611|
Description Jan Lieskovsky 2011-06-02 10:20:46 UTC
A stack-based buffer over-read flaw was found in the way Wireshark performed management of testy, virtualizable buffers. A remote attacker could create a specially-crafted capture file, which once opened, by a local, unsuspecting user could lead to wireshark application crash. References:  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912 (upstream bug report)  https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6335 (public reproducer)  http://www.openwall.com/lists/oss-security/2011/05/31/20 (CVE request)  http://www.wireshark.org/security/wnpa-sec-2011-07.html (upstream advisory) Upstream patch:  http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068
Comment 1 Jan Lieskovsky 2011-06-02 10:22:28 UTC
This issue affects the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the wireshark package, as shipped with Fedora release of 13, 14, and 16.
Comment 2 Huzaifa S. Sidhpurwala 2011-06-03 05:18:56 UTC
Note: This issue is only specific to the snoop capture file format and does not appear to be triggered by any other formats wireshark supports.
Comment 5 errata-xmlrpc 2012-04-23 16:52:15 UTC
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
Comment 6 Vincent Danen 2012-04-23 17:38:19 UTC
Current Fedora has wireshark 1.4.12, which is not affected by this flaw.
Comment 8 Murray McAllister 2012-10-03 04:27:59 UTC
Acknowledgements: This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Comment 10 errata-xmlrpc 2013-01-08 05:00:22 UTC
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Comment 12 Huzaifa S. Sidhpurwala 2013-01-08 09:04:31 UTC