[Secure-testing-team] Bug#547704: CVE-2009-3242, CVE-2009-3241: wireshark DoS
Giuseppe Iuculano
giuseppe at iuculano.it
Mon Sep 21 17:11:57 UTC 2009
Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.
CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
| Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of
| service (application crash) via unknown vectors related to "an
| uninitialized dissector handle," which triggers an assertion failure.
CVE-2009-3241[1]:
| Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark
| 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers
| to cause a denial of service (memory and CPU consumption) via
| malformed OPCUA Service CallRequest packets.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242
http://security-tracker.debian.net/tracker/CVE-2009-3242
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241
http://security-tracker.debian.net/tracker/CVE-2009-3241
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkq3s9oACgkQNxpp46476ar3XACgimktu1HPD5B4aaWP9JGiU3FT
MT4An1NufYTYUSDhOOgV+lUw9zAeIYOU
=1idt
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list