Bug 1044509 – CVE-2013-7113 wireshark: BSSGP dissector could crash (wnpa-sec-2013-67)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1044509 - (CVE-2013-7113) CVE-2013-7113 wireshark: BSSGP dissector could crash (wnpa-sec-2013-67)

Summary:	CVE-2013-7113 wireshark: BSSGP dissector could crash (wnpa-sec-2013-67)

Status:	CLOSED NOTABUG

Aliases:	CVE-2013-7113

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20131217,reported=2...
Keywords:	Reopened, Security

Depends On:	1044512 1044662
Blocks:	1044516
	Show dependency tree / graph

Reported:	2013-12-18 08:22 EST by Ratul Gupta
Modified:	2015-10-15 14:08 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:	wireshark 1.10.4
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-12-18 13:56:34 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Ratul Gupta 2013-12-18 08:22:15 EST

Wireshark recently made an announcement on their website about new version launched, which also included some security fixes:
Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html


Quoted from their website for CVE-2013-7113:
"wnpa-sec-2013-67
  The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488)
  Versions affected: 1.10.0 to 1.10.3
  CVE-2013-7113."

References:
https://bugs.gentoo.org/show_bug.cgi?id=494612

Comment 1 Ratul Gupta 2013-12-18 08:24:28 EST

Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1044512]

Comment 2 Peter Lemenkov 2013-12-18 09:37:54 EST

Fix was backported to 1.10.3 already.

Comment 3 Vincent Danen 2013-12-18 13:15:12 EST

(In reply to Peter Lemenkov from comment #2)
> Fix was backported to 1.10.3

That's fantastic news but doesn't mean you can close the bug.  Please leave it open.  This affects more than Fedora (if Fedora is fixed, feel free to note that in the _Fedora_ bug, not this one).

Thanks.

Comment 4 Vincent Danen 2013-12-18 13:54:01 EST

External References:

http://www.wireshark.org/security/wnpa-sec-2013-67.html

Comment 5 Vincent Danen 2013-12-18 13:55:12 EST

This only affects wireshark 1.10.x, so Red Hat Enterprise Linux 6 is not affected.

Comment 6 Vincent Danen 2013-12-18 13:56:34 EST

Statement:

Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 5 and 6.

Comment 8 Huzaifa S. Sidhpurwala 2013-12-19 03:07:47 EST

Upstream patch:

http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803

Note You need to log in before you can comment on or make changes to this bug.