246225 – (CVE-2007-3390) CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic

Bug 246225 (CVE-2007-3390) - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic

Summary: CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-3390
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://bugs.wireshark.org/bugzilla/sh...
Whiteboard:
Depends On:	247617 247618 247619 247621 247622 247623
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-29 11:57 UTC by Red Hat Product Security
Modified:	2019-09-29 12:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-07-25 08:47:46 UTC
Embargoed:

Attachments	(Terms of Use)
Capture file of iSeries traffic that was reported to crash Wireshark (275.69 KB, application/octet-stream) 2007-06-29 11:57 UTC, Lubomir Kundrak	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0709	normal	SHIPPED_LIVE	Low: wireshark security and bug fix update	2007-11-15 15:00:47 UTC
Red Hat Product Errata	RHSA-2007:0710	normal	SHIPPED_LIVE	Low: wireshark security update	2007-11-07 16:26:59 UTC
Red Hat Product Errata	RHSA-2008:0059	normal	SHIPPED_LIVE	Moderate: wireshark security update	2008-01-21 09:34:35 UTC

Description Lubomir Kundrak 2007-06-29 11:57:58 UTC

Description of problem:

Wireshark was reported to crash due after triggering a debug trap when
attempting to dissect iSeries traffic.

Version-Release number of selected component (if applicable):

Wireshark 0.99.5

Additional info:

This is fixed in upstream revision 21034.
I was not able to reproduce this on an x86_64 architecture box, nor have I
tried on i386. Moreover I can not imagine a situation when a bug would result
into getting a TRAP signal other than careful and targeted explotation -- but
as this is not the case I am probably missing something.

Comment 1 Lubomir Kundrak 2007-06-29 11:57:58 UTC

Created attachment 158200 [details]
Capture file of iSeries traffic that was reported to crash Wireshark

Comment 6 Red Hat Product Security 2008-07-25 08:47:46 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0710.html
  http://rhn.redhat.com/errata/RHSA-2007-0709.html
  http://rhn.redhat.com/errata/RHSA-2008-0059.html

Comment 7 Red Hat Bugzilla 2009-10-23 19:06:02 UTC

Reporter changed to security-response-team by request of Jay Turner.

Note You need to log in before you can comment on or make changes to this bug.