oss-sec mailing list archives

Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request


From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 17 Sep 2009 17:44:26 +0200

Hello Gerald, Steve, vendors,

  this is due:

    http://www.wireshark.org/security/wnpa-sec-2009-05.html
    http://www.wireshark.org/security/wnpa-sec-2009-06.html

  Gerald, could you please confirm, that:

    A, The AFS dissector could crash.   (Bug 3564)
       Versions affected: 0.9.2 to 1.0.8, 1.2.0

      is already assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562 and

    B, The Infiniband dissector could crash on some platforms.
       Versions affected: 0.9.2 to 1.0.8, 1.2.0

       is already assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563  ?

  Steve, once confirmed, could you please allocate CVE ids for
  the remaining three issues:

  * The OpcUa dissector could use excessive CPU and memory.   (Bug 3986)
    Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1

    Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986
    Upstream patch: http://anonsvn.wireshark.org/viewvc?view=rev&revision=29813

  * The GSM A RR dissector could crash.   (Bug 3893)
    Versions affected: 1.2.0 to 1.2.1

    Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3893
    Upstream patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_rr.c?view=log&pathrev=29403

   * The TLS dissector could crash on some platforms.   (Bug 4008)
     Versions affected: 1.2.0 to 1.2.1

     Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008
     Upstream patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtls.c?view=log&pathrev=29906


Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team





Current thread: