blob: c0ac3950946c981fe30844333390e7642e0b873e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200805-05">
<title>Wireshark: Denial of Service</title>
Multiple Denial of Service vulnerabilities have been discovered in
<product type="ebuild">wireshark</product>
<announced>May 07, 2008</announced>
<revised>May 07, 2008: 01</revised>
<package name="net-analyzer/wireshark" auto="yes" arch="*">
<unaffected range="ge">1.0.0</unaffected>
<vulnerable range="lt">1.0.0</vulnerable>
Wireshark is a network protocol analyzer with a graphical front-end.
Errors exist in:
the X.509sat dissector because of an uninitialized variable and the
Roofnet dissector because a NULL pointer may be passed to the
g_vsnprintf() function (CVE-2008-1561).</li>
the LDAP dissector because a NULL pointer may be passed to the
ep_strdup_printf() function (CVE-2008-1562).</li>
the SCCP dissector because it does not reset a pointer once the packet
has been processed (CVE-2008-1563).</li>
<impact type="normal">
A remote attacker could exploit these vulnerabilities by sending a
malformed packet or enticing a user to read a malformed packet trace
file, causing a Denial of Service.
Disable the X.509sat, Roofnet, LDAP, and SCCP dissectors.
All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/wireshark-1.0.0&quot;</code>
<uri link="">CVE-2008-1561</uri>
<uri link="">CVE-2008-1562</uri>
<uri link="">CVE-2008-1563</uri>
<metadata tag="requester" timestamp="Tue, 29 Apr 2008 13:11:47 +0000">
<metadata tag="bugReady" timestamp="Tue, 29 Apr 2008 13:12:26 +0000">
<metadata tag="submitter" timestamp="Tue, 29 Apr 2008 15:31:30 +0000">