Summary: | <net-analyzer/wireshark-{1.0.9, 1.2.2}: Multiple DoS vulnerabilities (CVE-2009-{3241,3242,3243,3829}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon, pva |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/36754/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-09-17 09:13:41 UTC
CVE-2009-3241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3241): Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVE-2009-3242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3242): Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVE-2009-3243 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3243): Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. ats time to bum the new version in portage it's time to bump the new version in portage 1.0.8 dropped from the tree. 1.2.2 bumped. Arch teams, please, stabilize wireshark-1.2.2. amd64 stable x86 stable Stable on alpha. Stable for HPPA. ia64/sparc stable ppc64 done ppc stable Bug ready to be fixed by security team. CVE-2009-3829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3829): Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." Rerating, GLSA request filed. GLSA 200911-05 |