Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386179 (CVE-2011-2698)

Summary: <net-analyzer/wireshark-{1.4.8,1.6.2}: Multiple vulnerabilities (CVE-2011-{2698,3482,3483})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 23:47:19 UTC 
CVE-2011-3483 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483):
  Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of
  service (application crash) via a malformed capture file that leads to an
  invalid root tvbuff, related to a "buffer exception handling vulnerability."

CVE-2011-3482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482):
  The csnStreamDissector function in epan/dissectors/packet-csn1.c in the
  CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a
  certain structure member, which allows remote attackers to cause a denial of
  service (application crash) via a malformed packet.

CVE-2011-2698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698):
  Off-by-one error in the elem_cell_id_aux function in
  epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x
  before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a
  denial of service (infinite loop) via an invalid packet.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-10-08 15:51:12 UTC 
The issues in this bug are already resolved in stable, please remove vulnerable versions.
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-10-08 16:27:02 UTC 
vulnerable versions were dropped.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:35 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:25 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).