246221 – (CVE-2007-3393) CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic

Bug 246221 (CVE-2007-3393) - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic

Summary: CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-3393
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://bugs.wireshark.org/bugzilla/sh...
Whiteboard:
Depends On:	247617 247618 247619 247621 247622 247623
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-29 11:24 UTC by Red Hat Product Security
Modified:	2019-09-29 12:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-07-25 08:48:34 UTC
Embargoed:

Attachments	(Terms of Use)
Capture file of BOOTP traffic that crashes Wireshark (577 bytes, application/octet-stream) 2007-06-29 11:24 UTC, Lubomir Kundrak	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0709	normal	SHIPPED_LIVE	Low: wireshark security and bug fix update	2007-11-15 15:00:47 UTC
Red Hat Product Errata	RHSA-2007:0710	normal	SHIPPED_LIVE	Low: wireshark security update	2007-11-07 16:26:59 UTC
Red Hat Product Errata	RHSA-2008:0059	normal	SHIPPED_LIVE	Moderate: wireshark security update	2008-01-21 09:34:35 UTC

Description Lubomir Kundrak 2007-06-29 11:24:02 UTC

Description of problem:

Wireshark was repored to crash with an evidence of a stack corruption when
when dissecting certain BOOTP/DHCP traffic.

Version-Release number of selected component (if applicable):

Wireshark 0.99.5

Additional info:

This is fixed in upstream revision 21947. I was not able to reproduce the
crash on an x86_64 machine either with or without stack protector turned on.
Will try on i386 later. Most likely this is just overflow by one word, so can
not lead to arbitrary code execution.

Comment 1 Lubomir Kundrak 2007-06-29 11:24:03 UTC

Created attachment 158196 [details]
Capture file of BOOTP traffic that crashes Wireshark

Comment 6 Red Hat Product Security 2008-07-25 08:48:34 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0710.html
  http://rhn.redhat.com/errata/RHSA-2007-0709.html
  http://rhn.redhat.com/errata/RHSA-2008-0059.html

Comment 7 Red Hat Bugzilla 2009-10-23 19:05:59 UTC

Reporter changed to security-response-team by request of Jay Turner.

Note You need to log in before you can comment on or make changes to this bug.