Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 604292 - (CVE-2010-2284) CVE-2010-2284 wireshark: ASN.1 BER dissector stack overrun
CVE-2010-2284 wireshark: ASN.1 BER dissector stack overrun
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20100609,reported=20100609,sou...
: Security
Depends On: 549580 604312 612236 612237 612238 612239
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-15 15:28 EDT by Vincent Danen
Modified: 2015-10-15 17:12 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-22 16:27:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0625 normal SHIPPED_LIVE Moderate: wireshark security update 2010-08-11 16:59:31 EDT

  None (edit)
Description Vincent Danen 2010-06-15 15:28:42 EDT 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2284 to
the following vulnerability:

Name: CVE-2010-2284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284
Assigned: 20100614
Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html
Reference: MANDRIVA:MDVSA-2010:113
Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113
Reference: SECUNIA:40112
Reference: URL: http://secunia.com/advisories/40112
Reference: VUPEN:ADV-2010-1418
Reference: URL: http://www.vupen.com/english/advisories/2010/1418

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13
through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote
attack vectors.

Upstream commits:

trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=32922
trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33046
trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33122
trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33146
Comment 1 Vincent Danen 2010-06-15 16:06:53 EDT 
Created wireshark tracking bugs for this issue

Affects: fedora-all [bug 549580]
Comment 9 Vincent Danen 2010-07-08 10:17:44 EDT 
This is a stack memory exhaustion issue, which means this is a relatively harmless crash.  As a result, this is a low impact issue.
Comment 10 Jan Safranek 2010-07-28 09:53:33 EDT 
Upstream seems to have fixed the recursion issue, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984#c14.

It's reproducible using upstream capture http://www.wireshark.org/download/automated/captures/fuzz-2010-07-12-1799.pcap (loops infinitely) and http://www.wireshark.org/download/automated/captures/fuzz-2010-07-06-23547.pcap (crashes).

Usage:
$ tshark -nVr fuzz-2010-07-06-23547.pcap  "frame.number != 0" >/dev/null
Running as user "root" and group "root". This could be dangerous.
Segmentation fault

Both these issues (endless loop, crash) are reproducible only with unpatched upstream versions of wireshark-1.0.14, our old RHEL-5 version (1.0.8) does not crash!
Comment 11 errata-xmlrpc 2010-08-11 16:59:42 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.