Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4936 to the following vulnerability: The dissect_smtp function in epan/dissectors/packet-smtp.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. References: [1] http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=50472&r2=50471&pathrev=50472 [2] http://anonsvn.wireshark.org/viewvc?view=revision&revision=50472 [3] http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html [4] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904 [5] https://www.wireshark.org/security/wnpa-sec-2013-53.html
The patches mentioned in comment #0 are not correct. The correct patch which corrects this flaw is: http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651
Statement: This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1569 https://rhn.redhat.com/errata/RHSA-2013-1569.html
(In reply to Huzaifa S. Sidhpurwala from comment #2) > Statement: > > This issue affects the version of wireshark as shipped with Red Hat > Enterprise Linux 5. The Red Hat Security Response Team has rated this issue > as having low security impact, a future update may address this flaw. Using wireshark-1.0.15-5.el5 Having looked at the upstream bug report, I can't make tshark crash using provided capture file. The code doesn't dereference mentioned pointers. IsDFP_Frame() isn't even present. Can you, please, investigate this flaw again?