| Summary: | net-analyzer/wireshark <1.0.0 Multiple DoS issues (CVE-2008-{1561,1562,1563}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | fauli, netmon, pva |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.wireshark.org/security/wnpa-sec-2008-02.html | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
1.0 is out Arches, please test and mark stable: =net-analyzer/wireshark-1.0.0 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86" amd64 stable x86 stable alpha/ia64/sparc stable Stable for HPPA. ppc64 stable ppc stable GLSA vote. Fixed in release snapshot. only a DoS, but since we issued GLSAs for wireshark DoS before, we should probably issue one again -> (half) yes I'd consider wireshark more A then B, so I'm also in for a YES. GLSA request filed this was GLSA 200805-05. |
Name: Multiple problems in Wireshark®versions 0.99.2 to 0.99.8 Docid: wnpa-sec-2008-02 Date: March 31, 2008 Versions affected: 0.99.2 up to and including 0.99.8 Details Description Wireshark 1.0.0 fixes the following vulnerabilities: * The X.509sat dissector could crash. (Bug 2329) Versions affected: 0.99.5 to 0.99.8 * The Roofnet dissector could crash on Windows, Solaris, and other platforms. (Bug 2331) Versions affected: 0.99.5 to 0.99.8 * The LDAP dissector could crash on Windows and other platforms. (Bug 1613) Versions affected: 0.99.2 to 0.99.8 * The SCCP dissector could crash while using the "decode as" feature. (Bug 2392) Versions affected: 0.99.6 to 0.99.8 Impact It may be possible to make Wireshark crashby injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.0.0 or later.