Bug 246221 (CVE-2007-3393) - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
Summary: CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-3393
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://bugs.wireshark.org/bugzilla/sh...
Whiteboard:
Depends On: 247617 247618 247619 247621 247622 247623
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-29 11:24 UTC by Red Hat Product Security
Modified: 2019-09-29 12:20 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-25 08:48:34 UTC


Attachments (Terms of Use)
Capture file of BOOTP traffic that crashes Wireshark (577 bytes, application/octet-stream)
2007-06-29 11:24 UTC, Lubomir Kundrak
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0709 0 normal SHIPPED_LIVE Low: wireshark security and bug fix update 2007-11-15 15:00:47 UTC
Red Hat Product Errata RHSA-2007:0710 0 normal SHIPPED_LIVE Low: wireshark security update 2007-11-07 16:26:59 UTC
Red Hat Product Errata RHSA-2008:0059 0 normal SHIPPED_LIVE Moderate: wireshark security update 2008-01-21 09:34:35 UTC

Description Lubomir Kundrak 2007-06-29 11:24:02 UTC
Description of problem:

Wireshark was repored to crash with an evidence of a stack corruption when
when dissecting certain BOOTP/DHCP traffic.

Version-Release number of selected component (if applicable):

Wireshark 0.99.5

Additional info:

This is fixed in upstream revision 21947. I was not able to reproduce the
crash on an x86_64 machine either with or without stack protector turned on.
Will try on i386 later. Most likely this is just overflow by one word, so can
not lead to arbitrary code execution.

Comment 1 Lubomir Kundrak 2007-06-29 11:24:03 UTC
Created attachment 158196 [details]
Capture file of BOOTP traffic that crashes Wireshark

Comment 6 Red Hat Product Security 2008-07-25 08:48:34 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0710.html
  http://rhn.redhat.com/errata/RHSA-2007-0709.html
  http://rhn.redhat.com/errata/RHSA-2008-0059.html



Comment 7 Red Hat Bugzilla 2009-10-23 19:05:59 UTC
Reporter changed to security-response-team@redhat.com by request of Jay Turner.


Note You need to log in before you can comment on or make changes to this bug.