662062 – (CVE-2018-14438) net-analyzer/wireshark: Security bypass vulnerability

Bug 662062 (CVE-2018-14438) - net-analyzer/wireshark: Security bypass vulnerability

Summary: net-analyzer/wireshark: Security bypass vulnerability

Status:	RESOLVED INVALID

Alias:	CVE-2018-14438

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugs.wireshark.org/bugzilla/s...
Whiteboard:	B2 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2018-07-25 03:53 UTC by D'juan McDonald (domhnall)
Modified:	2018-07-26 09:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2018-07-25 03:53:26 UTC

Wireshark is prone to a remote security-bypass vulnerability.

Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.

Wireshark through 2.6.2 are vulnerable.

Reference(s):
https://www.securityfocus.com/bid/104876/info

Gentoo Security Padawan
(domhnall)

Comment 1 D'juan McDonald (domhnall) 2018-07-25 05:42:35 UTC

@maintainer(s), upstream report indicates this is x86-Windows specific. Please review and close as Invalid if necessary, thank you.

Comment 2 D'juan McDonald (domhnall) 2018-07-26 09:05:45 UTC

(In reply to D'juan McDonald (domhnall) from comment #1)
>@maintainer(s), upstream report indicates this is x86-Windows specific. Please >review and close as Invalid if necessary, thank you.


Closing as Invalid.