Wireshark-bugs: [Wireshark-bugs] [Bug 3390] New: Format string vulnerability in the PROFINET/DCP (PN-DCP) (CVE-2009-1210)

From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 3 Apr 2009 07:37:32 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3390

           Summary: Format string vulnerability in the PROFINET/DCP (PN-DCP)
                    (CVE-2009-1210)
           Product: Wireshark
           Version: 1.0.6
          Platform: Other
               URL: http://www.milw0rm.com/exploits/8308
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: thoger@xxxxxxxxxx


Build Information:

--
A format string flaw in profinet dissector has been reported publicly:
  http://www.milw0rm.com/exploits/8308

Issue was assigned CVE id CVE-2009-1210.

The problem seems to be in pn_append_info() in plugins/profinet/packet-pn.c:

273 void
274 pn_append_info(packet_info *pinfo, proto_item *dcp_item, const char *text)
275 {
276     if (check_col(pinfo->cinfo, COL_INFO))
277         col_append_fstr(pinfo->cinfo, COL_INFO, text);
278 
279     proto_item_append_text(dcp_item, "%s", text);
280 }

It seems col_append_fstr call need changing to:

  col_append_fstr(pinfo->cinfo, COL_INFO, "%s", text);

similar to proto_item_append_text right below.

Problem is caught by FORTIFY_SOURCE on modern Linux systems.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.