Bug 935157 - (CVE-2015-4651) VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)
(CVE-2015-4651)
VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.2
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-17 19:01 UTC by Andreas Stieger
Modified: 2016-04-27 20:21 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
reproducer capture file (552 bytes, application/vnd.tcpdump.pcap)
2015-06-17 19:01 UTC, Andreas Stieger
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-06-17 19:01:51 UTC
Created attachment 638278 [details]
reproducer capture file

Name: WCCP dissector crash
Docid: wnpa-sec-2015-19
Date: June 17, 2015
Description: The WCCP dissector could crash.
Affected versions: 1.12.0 to 1.12.x
Fixed versions: 1.12.x

(Note: wireshark does not make statements about affectedness of discontinued releases, meaning 1.10.x might be affected)

Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Reproducer (attached):
https://www.wireshark.org/download/automated/captures/fuzz-2015-04-27-18462.pcap

Fix (master):
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=524ed1df6e6126cd63ba419ccb82c83636d77ee4

Fix (master-1.12):
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=92483afff4394a7949667d5176bd038195c0422e

References:
https://www.wireshark.org/security/wnpa-sec-2015-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153
Comment 1 Swamp Workflow Management 2015-06-17 22:00:47 UTC
bugbot adjusting priority
Comment 2 Chunyan Liu 2015-07-01 09:22:38 UTC
Tested with given pcap file on 1.10.14 (SLE-11-SP3 and SLE-12), didn't show problem. So close it.
Comment 3 Chunyan Liu 2015-07-01 09:22:58 UTC
Closing.
Comment 4 Andreas Stieger 2015-07-01 09:40:25 UTC
Verified crash segmentation fault) on openSUSE 13.2 with Wireshark 1.12.5, reopening
Comment 5 Andreas Stieger 2015-07-01 09:41:41 UTC
I'll do an update for at last openSUSE 13.2 unless someone beats me to it. Wanted to fix the Factory qt5 failure first.
Comment 6 Andreas Stieger 2015-07-01 18:08:21 UTC
From openSUSE 13.2 only.
Comment 7 Andreas Stieger 2015-07-01 18:17:33 UTC
https://build.opensuse.org/request/show/314772
Comment 8 Andreas Stieger 2015-07-09 11:23:16 UTC
Fixes released for all affected versions.
Comment 9 Swamp Workflow Management 2015-07-09 12:08:45 UTC
openSUSE-SU-2015:1215-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 935157,935158
CVE References: CVE-2015-4651,CVE-2015-4652
Sources used:
openSUSE 13.2 (src):    wireshark-1.12.6-18.1