Comment 8 for bug 290716

Stefan Lesicnik (stefanlsd) wrote :

As per the CVE's. All releases up to 1.0.3 are affected by these bugs. These POC are taken from the original wireshark bug tracker and just renamed to easier identify which belongs to which CVE.

All of these bugs were always reproducible, except for CVE_2008-4685 which happened intermittently.

I also built a test build to remove wiresharks memory overflow and underflow detection and protection routine as some of these are actually trapped there. More details: http://wiki.wireshark.org/Development/Canary

To reproduce (tested on current Intrepid version 1.0.3 - will test others)

For each test with EP_DEBUG_FREE and SE_DEBUG_FREE defined.

- 2008-4680 - Open the attached .pcap file.
- 2008-4681 - Open the attached .pcap file.
- 2008-4682 - Open the attached .ncf file.
- 2008-4683 - Open the attached .pcap file twice.
- 2008-4684 - Open the attached .pcap file.
                       Click Analyze - Enabled Protocols - Disable all protocols - Apply - Ok
                       Click Analyze - Enabled Protocols - Enable all protocols - Apply - Ok
- 2008-4685 - This crash was intermittent. Ensure packet colourization is on. Open the main .pcap file, open the 1 and 2 version. And then the main again. Sometimes would crash. From the author of the patch - "Still, it's a dangling pointer we're dealing with here, so it may all come down to the specifics of the platform and compiler as to how the bug hits" - More details can be found here - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870