Summary: | <net-analyzer/wireshark-1.2.12: Stack Overflow Vulnerability in BER Dissector (CVE-2010-3445) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | pva |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-10-01 23:05:04 UTC
Wireshark 1.2.12 has been released. http://www.wireshark.org/docs/relnotes/wireshark-1.2.12.html Thank you Tim! 1.2.12 was just added to the tree. Arch teams, please, stabilize it. Note although upstream bug is still opened release notes mention this vulnerability to be fixed there. amd64 done Tested on x86 all good here. ppc done Stable for HPPA. x86 stable, thanks David Stable on alpha. Stable on alpha. ia64/sparc stable ppc64 done Thanks, folks. GLSA together with bug 330479. CVE-2010-3445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445): Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li). |