Summary: | <net-analyzer/wireshark-1.2.1: Multiple DoS vulnerabilities (CVE-2009-{2559,2560,2561,2562,2563}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon, pva |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/security/wnpa-sec-2009-04.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-07-21 10:49:56 UTC
Our latest stable seems to be at least vulnerable to issue 2 and maybe 3. Bumped. Arch teams, please, stabilize wireshark-1.2.1. + 21 Jul 2009; <chainsaw@gentoo.org> wireshark-1.2.1.ebuild: + Marked stable on AMD64 for security bug #278564. Tested on a Core2 Duo + with a Marvell "Sky2" 88E8055 NIC. Stable on alpha x86 stable Stable for HPPA. CVE-2009-2559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2559): Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. CVE-2009-2560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2560): Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (crash) via unspecified vectors in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors. CVE-2009-2561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2561): Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. CVE-2009-2562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2562): Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2009-2563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2563): Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. ppc64 done sparc stable ia64 stable ppc stable GLSA 200909-16 |