A NULL pointer dereference flaw was found in the Wireshark's InfiniBand dissector. A remote attacker could provide a specially-crafted InfiniBand packet capture file, which once opened by an unsuspecting user would lead to denial of service (Wireshark crash). References: ----------- http://www.wireshark.org/security/wnpa-sec-2009-04.html Upstream patch: --------------- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-infiniband.c?r1=28839&r2=28838&pathrev=28839&view=patch
This issue affects the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the versions of the wireshark package, as shipped with Fedora releases of 10, 11, and Rawhide.
MITRE's CVE-2009-2563 entry: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. References: ---------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 http://www.wireshark.org/security/wnpa-sec-2009-04.html http://www.securityfocus.com/bid/35748 http://secunia.com/advisories/35884 http://www.vupen.com/english/advisories/2009/1970
Official statement from Red Hat Security Response Team regarding this issue: ---------------------------------------------------------------------------- The Red Hat Security Response Team has rated this issue as having low security impact, a future Wireshark package update may address this flaw in Red Hat Enterprise Linux 3, 4, and 5. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
wireshark-1.2.2-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.2.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This has been corrected upstream in the 1.0.x branch (1.0.11): The Infiniband dissector could crash on some platforms. Fixed in trunk: r28839 Fixed in trunk-1.2: r29099 Fixed in trunk-1.0: r31671 Versions affected: 1.0.6 to 1.0.10, 1.2.0 CVE-2009-2563
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Via RHSA-2010:0360 https://rhn.redhat.com/errata/RHSA-2010-0360.html