Bug 590613 - (CVE-2010-1455) CVE-2010-1455 wireshark: DOCSIS dissector crash
CVE-2010-1455 wireshark: DOCSIS dissector crash
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20100505,reported=20100505,sou...
: Security
Depends On: 590615 612236 612237 612238 612239
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-10 06:24 EDT by Tomas Hoger
Modified: 2015-07-31 02:26 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-22 16:26:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2010-05-10 06:24:32 EDT
Upstream wireshark versions 1.0.13 and 1.2.8 fix a flaw in the DOCSIS dissector.  This dissector used incorrect format string specified when printing certain values (%s was used to print numeric values, causing numeric value to be used as pointer), which could cause wireshark to crash or create garbaged output.

Upstream advisories:
1.0.13 http://www.wireshark.org/security/wnpa-sec-2010-03.html
1.2.8 http://www.wireshark.org/security/wnpa-sec-2010-04.html

Upstream bug reports:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646

Upstream commits:
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32396
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32398
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32400
Comment 2 Tomas Hoger 2010-05-10 06:29:57 EDT
As the impact of this flaw is limited to application crash, this rated as having low security impact and the issue may get addressed in future wireshark updates in Red Hat Enterprise Linux 3, 4 and 5.
Comment 3 Tomas Hoger 2010-05-14 02:52:56 EDT
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Comment 5 errata-xmlrpc 2010-08-11 16:59:47 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html

Note You need to log in before you can comment on or make changes to this bug.