Summary: | net-analyzer/wireshark <1.0.6 Multiple problems in Wireshark versions 0.99.6 to 1.0.5 (CVE-2009-{0599,0600,0601}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Peter Volkov (RETIRED) <pva> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/security/wnpa-sec-2009-01.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Peter Volkov (RETIRED)
2009-02-07 12:27:17 UTC
Stable on alpha. Stable for HPPA. amd64/x86 stable ia64/sparc stable ppc64 done ppc stable We could easily add these to the existing GLSA requests, but independent of that I'd say no... however... : YES CVE-2009-0599 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0599): Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. CVE-2009-0600 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0600): Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. CVE-2009-0601 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0601): Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. glsa-voting: same as rbu comment #7. I would have said No (~ client-side dos) but if this can go with an already existing draft, then Yes. this will have a glsa with #242996 and #248925. GLSA 200906-05, thanks everyone |