Bug 1026538 (CVE-2013-6337) - CVE-2013-6337 wireshark: NBAP dissector crash (wnpa-sec-2013-62)
Summary: CVE-2013-6337 wireshark: NBAP dissector crash (wnpa-sec-2013-62)
Status: CLOSED ERRATA
Alias: CVE-2013-6337
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20131101,repor...
Keywords: Security
Depends On: 1026544 1026546 1074925 1074926
Blocks: 1026543
TreeView+ depends on / blocked
 
Reported: 2013-11-04 22:35 UTC by Vincent Danen
Modified: 2015-11-25 10:01 UTC (History)
6 users (show)

Fixed In Version: wireshark 1.10.2, wireshark 1.8.10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-25 16:34:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0342 normal SHIPPED_LIVE Moderate: wireshark security update 2014-03-31 20:36:59 UTC

Description Vincent Danen 2013-11-04 22:35:31 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6337 to
the following vulnerability:

Name: CVE-2013-6337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
Assigned: 20131031
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168

Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x
before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to
cause a denial of service (application crash) via a crafted packet.


External References:

http://www.wireshark.org/security/wnpa-sec-2013-62.html

Comment 2 Vincent Danen 2013-11-04 22:53:42 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1026546]

Comment 3 Fedora Update System 2013-11-08 04:34:56 UTC
wireshark-1.10.3-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2013-11-11 02:28:06 UTC
wireshark-1.10.3-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2013-11-13 02:12:07 UTC
wireshark-1.10.3-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Huzaifa S. Sidhpurwala 2013-11-25 06:40:11 UTC
Looking at the commits made to packet-nbap.c (specially because the bug continues to be private), it seems this should roughly match the following:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51228

Comment 7 Huzaifa S. Sidhpurwala 2013-11-25 06:41:51 UTC
Statement:

This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.

Comment 10 errata-xmlrpc 2014-03-31 16:37:42 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html


Note You need to log in before you can comment on or make changes to this bug.