Summary: | <net-analyzer/wireshark-1.2.13: Buffer Overflow Vulnerability in LDSS Dissector (CVE-2010-4300) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | netmon, pva |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/security/wnpa-sec-2010-13.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
![]() Thank you for report, Tim. New version is in the tree. Arch teams, please, stabilize wireshark-1.2.13. Stable for HPPA PPC. amd64 ok amd64 done. Thanks Agostino x86 stable alpha/ia64/sparc stable ppc64 done Thanks, folks. Added to existing GLSA request. CVE-2010-4300 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300): Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li). |