thr3ads.net - Secure testing team - [Secure-testing-team] Bug#547704: CVE-2009-3242, CVE-2009-3241: wireshark DoS [Sep 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Sep-21 17:11 UTC

[Secure-testing-team] Bug#547704: CVE-2009-3242, CVE-2009-3241: wireshark DoS

Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.

CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
| Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of
| service (application crash) via unknown vectors related to "an
| uninitialized dissector handle," which triggers an assertion failure.

CVE-2009-3241[1]:
| Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark
| 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers
| to cause a denial of service (memory and CPU consumption) via
| malformed OPCUA Service CallRequest packets.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242
    http://security-tracker.debian.net/tracker/CVE-2009-3242
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241
    http://security-tracker.debian.net/tracker/CVE-2009-3241


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkq3s9oACgkQNxpp46476ar3XACgimktu1HPD5B4aaWP9JGiU3FT
MT4An1NufYTYUSDhOOgV+lUw9zAeIYOU
=1idt
-----END PGP SIGNATURE-----

Secure testing team - Sep 2009 - Bug#547704: CVE-2009-3242, CVE-2009-3241: wireshark DoS

[Secure-testing-team] Bug#547704: CVE-2009-3242, CVE-2009-3241: wireshark DoS