935157 – (CVE-2015-4651) VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)

Bug 935157 (CVE-2015-4651) - VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)

Summary: VUL-1: CVE-2015-4651: wireshark: WCCP dissector crash (wnpa-sec-2015-19)

Status:	RESOLVED FIXED

Alias:	CVE-2015-4651

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-06-17 19:01 UTC by Andreas Stieger
Modified:	2016-04-27 20:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
reproducer capture file (552 bytes, application/vnd.tcpdump.pcap) 2015-06-17 19:01 UTC, Andreas Stieger	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-06-17 19:01:51 UTC

Created attachment 638278 [details]
reproducer capture file

Name: WCCP dissector crash
Docid: wnpa-sec-2015-19
Date: June 17, 2015
Description: The WCCP dissector could crash.
Affected versions: 1.12.0 to 1.12.x
Fixed versions: 1.12.x

(Note: wireshark does not make statements about affectedness of discontinued releases, meaning 1.10.x might be affected)

Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Reproducer (attached):
https://www.wireshark.org/download/automated/captures/fuzz-2015-04-27-18462.pcap

Fix (master):
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=524ed1df6e6126cd63ba419ccb82c83636d77ee4

Fix (master-1.12):
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=92483afff4394a7949667d5176bd038195c0422e

References:
https://www.wireshark.org/security/wnpa-sec-2015-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153

Comment 1 Swamp Workflow Management 2015-06-17 22:00:47 UTC

bugbot adjusting priority

Comment 2 Chunyan Liu 2015-07-01 09:22:38 UTC

Tested with given pcap file on 1.10.14 (SLE-11-SP3 and SLE-12), didn't show problem. So close it.

Comment 3 Chunyan Liu 2015-07-01 09:22:58 UTC

Closing.

Comment 4 Andreas Stieger 2015-07-01 09:40:25 UTC

Verified crash segmentation fault) on openSUSE 13.2 with Wireshark 1.12.5, reopening

Comment 5 Andreas Stieger 2015-07-01 09:41:41 UTC

I'll do an update for at last openSUSE 13.2 unless someone beats me to it. Wanted to fix the Factory qt5 failure first.

Comment 6 Andreas Stieger 2015-07-01 18:08:21 UTC

From openSUSE 13.2 only.

Comment 7 Andreas Stieger 2015-07-01 18:17:33 UTC

https://build.opensuse.org/request/show/314772

Comment 8 Andreas Stieger 2015-07-09 11:23:16 UTC

Fixes released for all affected versions.

Comment 9 Swamp Workflow Management 2015-07-09 12:08:45 UTC

openSUSE-SU-2015:1215-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 935157,935158
CVE References: CVE-2015-4651,CVE-2015-4652
Sources used:
openSUSE 13.2 (src):    wireshark-1.12.6-18.1