oss-security November 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request for wireshark flaws

Re: [oss-security] CVE request for wireshark flaws

From: Kurt Seifried <kseifried_at_nospam>
Date: Tue Nov 01 2011 - 22:03:33 GMT
To: oss-security@lists.openwall.com

For the record: this is a *perfect* CVE request =). It's descriptive, it
has versions, it has all the links to verify it with the original
sources, all that good stuff.

On 11/01/2011 03:51 PM, Vincent Danen wrote:
> Can I get CVEs assigned to the following wireshark flaws?
>
>
> 1) An uninitialized variable in the CSN.1 dissector could cause a crash.
>
> Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-17.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
> https://bugzilla.redhat.com/show_bug.cgi?id=750643
>
Please use CVE-2011-4100 for this.

>
> 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
> the Infiniband dissector could dereference a NULL pointer.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-18.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
> https://bugzilla.redhat.com/show_bug.cgi?id=750645
>
Please use CVE-2011-4101 for this.
>
> 3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
> buffer overflow in the ERF file reader.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-19.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508
> https://bugzilla.redhat.com/show_bug.cgi?id=750648
>
Please use CVE-2011-4102 for this.

-- -Kurt Seifried / Red Hat Security Response Team