Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2479] New: bug in ldap dissector

Date: Sat, 19 Apr 2008 16:53:48 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2479

           Summary: bug in ldap dissector
           Product: Wireshark
           Version: 1.0.0
          Platform: PC
               URL: http://ptrace.fefe.de/ldap-wireshark-bomb.pcap
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: felix-wireshark@xxxxxxx


Build Information:
TShark 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.1, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, with libpcre 7.6, without SMI, without ADNS, without Lua, with
GnuTLS 2.2.1, with Gcrypt 1.2.4, without Kerberos.

Running on Linux 2.6.25, with libpcap version 0.9.8.

Built using gcc 4.3.0.

--
I am writing an ldap server.  To test whether the results are OK, I use tcpdump
to capture the packets and then run wireshark on them.  One dump causes
wireshark to free an invalid pointer when it exits.

It uploaded it here:

  http://ptrace.fefe.de/ldap-wireshark-bomb.pcap

I don't know if this is exploitable to make wireshark execute arbitrary code,
but if I were you I'd treat this as if it were.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.