As per the CVE's. All releases up to 1.0.3 are affected by these bugs. These POC are taken from the original wireshark bug tracker and just renamed to easier identify which belongs to which CVE.
All of these bugs were always reproducible, except for CVE_2008-4685 which happened intermittently. I also built a test build to remove wiresharks memory overflow and underflow detection and protection routine as some of these are actually trapped there. More details: http://wiki.wireshark.org/Development/Canary To reproduce (tested on current Intrepid version 1.0.3 - will test others) For each test with EP_DEBUG_FREE and SE_DEBUG_FREE defined. - 2008-4680 - Open the attached .pcap file. - 2008-4681 - Open the attached .pcap file. - 2008-4682 - Open the attached .ncf file. - 2008-4683 - Open the attached .pcap file twice. - 2008-4684 - Open the attached .pcap file. Click Analyze - Enabled Protocols - Disable all protocols - Apply - Ok Click Analyze - Enabled Protocols - Enable all protocols - Apply - Ok - 2008-4685 - This crash was intermittent. Ensure packet colourization is on. Open the main .pcap file, open the 1 and 2 version. And then the main again. Sometimes would crash. From the author of the patch - "Still, it's a dangling pointer we're dealing with here, so it may all come down to the specifics of the platform and compiler as to how the bug hits" - More details can be found here - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870 -- [CVE 2008-468[1-5] - Wireshark up to 1.0.3 affected by multiple security vulnerabilities https://bugs.launchpad.net/bugs/290716 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
