Ubuntu
wireshark package

CVE-2011-0444 wireshark: buffer overflow in MAC-LTE disector

Bug #730415 reported by Mahyuddin Susanto
340
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Medium
Mahyuddin Susanto
Maverick
Fix Released
Medium
Unassigned
Natty
Fix Released
Medium
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/wireshark
 status inprogress
 assignee udienz
 importance medium
 security yes
 done

Common Vulnerabilities and Exposures assigned an identifier
CVE-2011-0444 to the following vulnerability:

Name: CVE-2011-0444
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
Reference: MISC: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2011-01.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2011-02.html
Reference: CONFIRM: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530
Reference: VUPEN:ADV-2011-0079
Reference: URL: http://www.vupen.com/english/advisories/2011/0079

Buffer overflow in the MAC-LTE dissector
(epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13
and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large number
of RARs.

The upstream bug refers to two patches:

http://anonsvn.wireshark.org/viewvc?view=rev&revision=35298 fixes a buffer
overflow in the engineId preferences (seems applicable to 1.0.x also), and
http://anonsvn.wireshark.org/viewvc?view=rev&revision=35292 fixes the buffer
overflow in the MAC LTE dissector (not applicable to 1.0.x; this file is not
shipped).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk10WdYACgkQdr7GbwjmqKXrFwEAhCTzvZxLU8K8/McBA6j5iHlO
9f7PuUs18hNsw6Wxe3AA/jmLXxQLjdUpmTIdIxFfVF//lDTBX3gJc4GZTsl4picZ
=KRAV
-----END PGP SIGNATURE-----

CVE References

Mahyuddin Susanto (udienz)
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 1.4.4-1 in Natty.

Changed in wireshark (Ubuntu Natty):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This will be fixed in 1.2.11-6build0.10.10.1 on maverick.

Changed in wireshark (Ubuntu Maverick):
status: New → Fix Committed
importance: Undecided → Medium
Changed in wireshark (Ubuntu Lucid):
assignee: nobody → Mahyuddin Susanto (udienz)
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 1.2.11-6build0.10.10.1 on maverick.

Jamie Strandboge (jdstrand)
Changed in wireshark (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in wireshark (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.