http://www.wireshark.org/security/wnpa-sec-2009-09.html Wireshark 1.2.5 fixes the following vulnerabilities: * The Daintree SNA file parser could overflow a buffer. (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294) Versions affected: 1.2.0 to 1.2.4 * The SMB and SMB2 dissectors could crash. (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301) Versions affected: 0.9.0 to 1.2.4 * The IPMI dissector could crash on Windows. (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319) Versions affected: 1.2.0 to 1.2.4
New version is in the tree. Arch teams, please, stabilize.
x86 stable
amd64 stable
Stable for HPPA.
I'm not sure on the implications here. The buffer overflow was caused by a non-constrained %s in scanf. Upstream quotes a crash, but as seen with other issues (htmldoc) code execution might be possible. Setting B2? for the time being.
ppc64 done
alpha/ia64/sparc stable
Stable for PPC.
CVE confirms code execution. Rating B2, scheduled for a GLSA.
CVE-2009-4376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4376): Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVE-2009-4377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4377): The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet, as demonstrated by fuzz-2009-12-07-11141.pcap. CVE-2009-4378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4378): The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on Windows, allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
GLSA 201006-05