Bugzilla – Bug 742815
VUL-0: wireshark more memory/typecast issues
Last modified: 2012-02-03 01:49:55 UTC
We probably also need to fix these (via OSS-sec): (3 new issues + CVE's, see end of the comment) [...] >> Type-cast error: Caused because of casting unsigned to signed int (ws >> bug >> 6663). This leaves the app in an unstable state. >> - >> 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 >> This is a type cast issue, caused because of casting an unsigned int to >> signed >> int. >> In the unfixed version this would throw an exception which the >> application >> would catch, but leave it in an unstable state. The patch makes sure >> that the >> value passed was less than G_MAXINT >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40164 >> >> ======= >> Application crash/Dos because of trying to allocate too large a >> buffer size >> (ws bug 6666, 6667, 6669). >> - >> 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 >> 5Views file format DoS due to request to allocate too large a buffer >> size. >> Normally glib should terminate the application with something like >> "GLib-ERROR **: gmem.c:239: failed to allocate 3221228094 bytes" >> Resolved by clamping the value of packet_size >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165 >> >> 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 >> Same problem and solution but with i4b capture format now >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166 >> >> 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 >> Similar issue with netmon file format. >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40168 >> >> ======= >> Integer underflow causing too large buffer to be allocated and a crash >> (ws bug 6668). >> - >> 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 >> Same problem and solution but with iptrace capture format. Also some >> checks for >> bad file format. >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167 >> >> ======= >> Memory corruption (buffer-overflow) when reading novell capture file >> format. glibc however detects this and terminates the application (ws >> bug 6670) >> - >> 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 >> Similar issue with netmon file format. >> Patch: >> http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169 >> >> ======= >> >> So we already have one CVE assigned for all these, my thought would be >> to use CVE-2012-0041 for the first one (6663) and assign new CVE's for >> the rest. Comments/questions? >> > > > You are correct, we may need to split this into 4 parts: > > > 6663 - typecast flaw Please continue to use CVE-2012-0041 for this issue (6663) > 6666, 6667, 6669 - Dos due to too large buffer alloc requst Please use CVE-2012-0066 for these issues (6666, 6667, 6669) > 6668 - Dos due to integer underflow and too large buffer alloc. request Please use CVE-2012-0067 for this issue (6668) > 6670 - memory corruption due to buffer underflow Please use CVE-2012-0068 for this issue (6670)
We should use MaintenanceTracker-45064 for this. You probably need to resubmit the wireshark packages, so we can fix the bugs all along. :/
bugbot adjusting priority
Duplication of bug #741187. I've updated our package to 1.4.11, all these bugs have been fixed in this version. *** This bug has been marked as a duplicate of bug 741187 ***