Bug 590613 (CVE-2010-1455) - CVE-2010-1455 wireshark: DOCSIS dissector crash
Summary: CVE-2010-1455 wireshark: DOCSIS dissector crash
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-1455
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 590615 612236 612237 612238 612239
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-10 10:24 UTC by Tomas Hoger
Modified: 2021-02-24 23:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-22 20:26:06 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0625 0 normal SHIPPED_LIVE Moderate: wireshark security update 2010-08-11 20:59:31 UTC

Description Tomas Hoger 2010-05-10 10:24:32 UTC
Upstream wireshark versions 1.0.13 and 1.2.8 fix a flaw in the DOCSIS dissector.  This dissector used incorrect format string specified when printing certain values (%s was used to print numeric values, causing numeric value to be used as pointer), which could cause wireshark to crash or create garbaged output.

Upstream advisories:
1.0.13 http://www.wireshark.org/security/wnpa-sec-2010-03.html
1.2.8 http://www.wireshark.org/security/wnpa-sec-2010-04.html

Upstream bug reports:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646

Upstream commits:
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32396
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32398
http://anonsvn.wireshark.org/viewvc?view=rev&revision=32400

Comment 2 Tomas Hoger 2010-05-10 10:29:57 UTC
As the impact of this flaw is limited to application crash, this rated as having low security impact and the issue may get addressed in future wireshark updates in Red Hat Enterprise Linux 3, 4 and 5.

Comment 3 Tomas Hoger 2010-05-14 06:52:56 UTC
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Comment 5 errata-xmlrpc 2010-08-11 20:59:47 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html


Note You need to log in before you can comment on or make changes to this bug.