[Secure-testing-team] Bug#538237: CVE-2009-2559 CVE-2009-2560 CVE-2009-2561 CVE-2009-2562 CVE-2009-2563: Wireshark Multiple Vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Fri Jul 24 09:10:21 UTC 2009
Package: wireshark
Version: 1.0.8-1
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.
CVE-2009-2559[0]:
| Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote
| attackers to cause a denial of service (crash) via unspecified vectors
| related to an array index error. NOTE: some of these details are
| obtained from third party information.
CVE-2009-2560[1]:
| Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote
| attackers to cause a denial of service (crash) via unspecified vectors
| in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors.
CVE-2009-2561[2]:
| Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0
| allows remote attackers to cause a denial of service (CPU and memory
| consumption) via unspecified vectors.
CVE-2009-2562[3]:
| Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2
| through 1.2.0 allows remote attackers to cause a denial of service
| (crash) via unknown vectors.
CVE-2009-2563[4]:
| Unspecified vulnerability in the Infiniband dissector in Wireshark
| 1.0.6 through 1.2.0, when running on unspecified platforms, allows
| remote attackers to cause a denial of service (crash) via unknown
| vectors.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559
http://security-tracker.debian.net/tracker/CVE-2009-2559
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560
http://security-tracker.debian.net/tracker/CVE-2009-2560
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561
http://security-tracker.debian.net/tracker/CVE-2009-2561
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562
http://security-tracker.debian.net/tracker/CVE-2009-2562
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
http://security-tracker.debian.net/tracker/CVE-2009-2563
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkppenoACgkQNxpp46476apJegCfX3KPSfs6vuNIqxo+QBTZuPwe
cR0An3b3IqIeKHehSxWtc8YGPzFvPPAB
=wBS6
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list