oss-sec mailing list archives
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 29 Aug 2012 12:25:05 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/29/2012 09:39 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, Gerald, vendors, a denial of service flaw was found in the way Distributed Relational Database Architecture (DRDA) dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially-crafted capture file that, when opened could lead to wireshark executable to consume excessive amount of CPU time and hang with an infinite loop. Issue found by: Martin Wilck Upstream bug report: [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 Reproducer: [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666#c0 References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=849926 Affected versions: Seems to affect wireshark 1.6.x versions and later (1.0.x and 1.2.x definitely aren't affected) Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-3548 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQPl6BAAoJEBYNRVNeJnmTV/0QAJyDsp6OHvnADeErcigT7Kxg E0W2fLtb635roZdDV7Qo8k1R/huY0P89VZjDM7cyOH6FqjAx9GpFfbFf/QUOVjjR 3rFBNx9p0iChyyIUtC8z2jNRO+d0EhcuhbF348remhNKAf5fbxd/J+C2j4VVxf+L X8n3OpZsAJMh94jmKxt2JfJppVN8gDfAL8TlUItLsZeN5DyfTOXMPoaGSQxhjgxy SjE3/WGzQUrNLwzBjMseIq3fKa6SI7+Owy3YYAS+w/tXxAlr+c8BzD6x5ej0PG1H NJI2xbnl1na2WL2Cf8C2QbK57vQAE6qF/ApEicM/oRB0H8abR+uAJzheg+ciRTl+ Ulc614pXJVdRRVP0/J2J/Iie60HD1zS9YOHFPGVsUMoKCOAWBlgys/+Sgyo9hBwl 9bZlN2wSsp3Q1bm+BU/i7+f9BI0CKREM8CIzlJmZKXNSGPZ0JXryDx+Spm1+qezG DJlWdhPa2IlLQJH5f8U9qUKZbocQPkaDo1+mai5MzOId3uVQuWBhLz9uTCbL0y+Y 8to53q/QJ0isHAnBripJkDk4krgr0O36ZKisnBSUcnEHtCKNRElUhdyWvmdEYYog rBElX0caPyqrh8Ul9ATqIJJeSa1lSgxWYqPndP8E9g+ypGqMvpLlhrqXiSPX1uvH uBhGnDzTdDnT5XBJfZJu =jqeq -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Jan Lieskovsky (Aug 29)
- Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried (Aug 29)
- Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin (Aug 31)