Bug 246221 - (CVE-2007-3393) CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 247617 247618 247619 247621 247622 247623
  Show dependency treegraph
Reported: 2007-06-29 07:24 EDT by Red Hat Product Security
Modified: 2009-10-23 15:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-25 04:48:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Capture file of BOOTP traffic that crashes Wireshark (577 bytes, application/octet-stream)
2007-06-29 07:24 EDT, Lubomir Kundrak
no flags Details

  None (edit)
Description Lubomir Kundrak 2007-06-29 07:24:02 EDT
Description of problem:

Wireshark was repored to crash with an evidence of a stack corruption when
when dissecting certain BOOTP/DHCP traffic.

Version-Release number of selected component (if applicable):

Wireshark 0.99.5

Additional info:

This is fixed in upstream revision 21947. I was not able to reproduce the
crash on an x86_64 machine either with or without stack protector turned on.
Will try on i386 later. Most likely this is just overflow by one word, so can
not lead to arbitrary code execution.
Comment 1 Lubomir Kundrak 2007-06-29 07:24:03 EDT
Created attachment 158196 [details]
Capture file of BOOTP traffic that crashes Wireshark
Comment 6 Red Hat Product Security 2008-07-25 04:48:34 EDT
This issue was addressed in:

Red Hat Enterprise Linux:

Comment 7 Red Hat Bugzilla 2009-10-23 15:05:59 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.

Note You need to log in before you can comment on or make changes to this bug.