More vulnerabilities in wireshark 0.99.2 through 0.99.8 (CVE-2008-156[1-3])
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wireshark (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: wireshark
Upstream advisory: http://
Resolution summary: either upgrade to Wireshark 1.0.0 or disable the vulnerable dissectors.
Excerpts from the National Vulnerability Database entries:
http://
https:/
"Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang."
http://
https:/
"The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740."
http://
https:/
"The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet."
Changed in wireshark: | |
status: | New → Fix Released |
Bug #210687 is not public so I can't tell whether this is a duplicate or not. It would be nice if the fixes could be backported to gutsy.