thr3ads.net - Secure testing team - [Secure-testing-team] Bug#538237: CVE-2009-2559 CVE-2009-2560 CVE-2009-2561 CVE-2009-2562 CVE-2009-2563: Wireshark Multiple Vulnerabilities [Jul 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-24 09:10 UTC

[Secure-testing-team] Bug#538237: CVE-2009-2559 CVE-2009-2560 CVE-2009-2561 CVE-2009-2562 CVE-2009-2563: Wireshark Multiple Vulnerabilities

Package: wireshark
Version: 1.0.8-1
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.

CVE-2009-2559[0]:
| Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote
| attackers to cause a denial of service (crash) via unspecified vectors
| related to an array index error.  NOTE: some of these details are
| obtained from third party information.

CVE-2009-2560[1]:
| Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote
| attackers to cause a denial of service (crash) via unspecified vectors
| in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors.

CVE-2009-2561[2]:
| Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0
| allows remote attackers to cause a denial of service (CPU and memory
| consumption) via unspecified vectors.

CVE-2009-2562[3]:
| Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2
| through 1.2.0 allows remote attackers to cause a denial of service
| (crash) via unknown vectors.

CVE-2009-2563[4]:
| Unspecified vulnerability in the Infiniband dissector in Wireshark
| 1.0.6 through 1.2.0, when running on unspecified platforms, allows
| remote attackers to cause a denial of service (crash) via unknown
| vectors.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2559
    http://security-tracker.debian.net/tracker/CVE-2009-2559
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560
    http://security-tracker.debian.net/tracker/CVE-2009-2560
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2561
    http://security-tracker.debian.net/tracker/CVE-2009-2561
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562
    http://security-tracker.debian.net/tracker/CVE-2009-2562
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
    http://security-tracker.debian.net/tracker/CVE-2009-2563

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkppenoACgkQNxpp46476apJegCfX3KPSfs6vuNIqxo+QBTZuPwe
cR0An3b3IqIeKHehSxWtc8YGPzFvPPAB
=wBS6
-----END PGP SIGNATURE-----

Secure testing team - Jul 2009 - Bug#538237: CVE-2009-2559 CVE-2009-2560 CVE-2009-2561 CVE-2009-2562 CVE-2009-2563: Wireshark Multiple Vulnerabilities

[Secure-testing-team] Bug#538237: CVE-2009-2559 CVE-2009-2560 CVE-2009-2561 CVE-2009-2562 CVE-2009-2563: Wireshark Multiple Vulnerabilities