https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3390
Summary: Format string vulnerability in the PROFINET/DCP (PN-DCP)
(CVE-2009-1210)
Product: Wireshark
Version: 1.0.6
Platform: Other
URL: http://www.milw0rm.com/exploits/8308
OS/Version: All
Status: NEW
Severity: Major
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: thoger@xxxxxxxxxx
Build Information:
--
A format string flaw in profinet dissector has been reported publicly:
http://www.milw0rm.com/exploits/8308
Issue was assigned CVE id CVE-2009-1210.
The problem seems to be in pn_append_info() in plugins/profinet/packet-pn.c:
273 void
274 pn_append_info(packet_info *pinfo, proto_item *dcp_item, const char *text)
275 {
276 if (check_col(pinfo->cinfo, COL_INFO))
277 col_append_fstr(pinfo->cinfo, COL_INFO, text);
278
279 proto_item_append_text(dcp_item, "%s", text);
280 }
It seems col_append_fstr call need changing to:
col_append_fstr(pinfo->cinfo, COL_INFO, "%s", text);
similar to proto_item_append_text right below.
Problem is caught by FORTIFY_SOURCE on modern Linux systems.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.