oss-sec mailing list archives

Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop

From: Stuart Henderson <stu () spacehopper org>
Date: Tue, 12 May 2015 11:13:55 +0100

On 2015/05/11 17:20, Mgr. Martin Žember wrote:

Hello,

I would like to request a CVE for the following issue:

wireshark crashes on a sample capture file genbroad.snoop

References:
   https://bugzilla.redhat.com/show_bug.cgi?id=1219409


Given the nature of the task (decoding network traffic, which is quite
often truncated or malicious, in C) and the wide protocol support, it's
no big surprise that this type of bug shows up so frequently.

I always thought it was a pity that Wireshark's privilege separation
only concerns itself with handling captures as root while running the
main body of the program as a normal userid (rather than specifically
running the risky code, i.e. the dissectors, jailed as an unprivileged
user).

Current thread:

CVE Request: wireshark: crash on a sample capture file genbroad.snoop Mgr . Martin Žember (May 11)
- Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Martin Prpic (May 12)
- Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Stuart Henderson (May 12)