Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 271062 (CVE-2009-1829) - <net-analyzer/wireshark-1.0.8: PCNFSD DoS (CVE-2009-1829)
Summary: <net-analyzer/wireshark-1.0.8: PCNFSD DoS (CVE-2009-1829)
Status: RESOLVED FIXED
Alias: CVE-2009-1829
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-24 14:16 UTC by Peter Volkov (RETIRED)
Modified: 2009-06-30 18:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Volkov (RETIRED) gentoo-dev 2009-05-24 14:16:30 UTC 
Just coping wireshark security announcement:

http://www.wireshark.org/security/wnpa-sec-2009-03.htm

PCNFSD vulnerability in Wireshark® versions 0.8.20 to 1.0.7

Docid: wnpa-sec-2009-03
Date: May 21, 2009
Versions affected: 0.8.20 up to and including 1.0.7

Description: Wireshark 1.0.8 fixes the following vulnerability:

    * The PCNFSD dissector could crash. Versions affected: 0.8.20 to 1.0.7
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2009-05-24 14:21:17 UTC 
arch teams, please, stabilize wireshark-1.0.8.
Comment 2 Markus Meier gentoo-dev 2009-05-24 20:11:14 UTC 
amd64/x86 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-24 21:25:17 UTC 
Stable for HPPA.
Comment 4 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:04:46 UTC 
ppc64 done
Comment 5 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:04:53 UTC 
ppc done
Comment 6 Tiago Cunha (RETIRED) gentoo-dev 2009-05-26 11:04:09 UTC 
sparc stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-05-27 15:35:05 UTC 
alpha/ia64 stable
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-05-27 17:55:42 UTC 
No voting on this one, there will be a GLSA together with a bunch of other wireshark stuff.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 12:20:37 UTC 
CVE-2009-1829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1829):
  Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20
  through 1.0.7 allows remote attackers to cause a denial of service
  (crash) via crafted PCNFSD packets.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-30 18:12:59 UTC 
GLSA 200906-05, thanks everyone