Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 383823 (CVE-2011-3360) - <net-analyzer/wireshark-1.4.9: Privilege escalation vulnerability via a Trojan horse Lua script (CVE-2011-3360)
Summary: <net-analyzer/wireshark-1.4.9: Privilege escalation vulnerability via a Troja...
Status: RESOLVED FIXED
Alias: CVE-2011-3360
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2011-3266
Blocks:
  Show dependency tree
 
Reported: 2011-09-20 12:33 UTC by daavelino
Modified: 2011-10-09 20:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description daavelino 2011-09-20 12:33:42 UTC
As in NVD: "Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory."
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-09-22 14:08:59 UTC
Upstream advisory at: 

https://www.wireshark.org/security/wnpa-sec-2011-15.html

Resolution is in progress in bug 381551.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-09-27 17:15:53 UTC
Stabilization completed in bug 381551. Added to existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:49:39 UTC
CVE-2011-3360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360):
  Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and
  1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse
  Lua script in an unspecified directory.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:31 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:21 UTC
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).