Ubuntu
wireshark package

CVE-2010-4538 Wireshark: Stack-based array index error in ENTTEC dissector

Bug #730417 reported by Mahyuddin Susanto
342
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned
Natty
Fix Released
Medium
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/wireshark
 status inprogress
 assignee udienz
 importance medium
 security yes
 done

Common Vulnerabilities and Exposures assigned an identifier
CVE-2010-4538 to the following vulnerability:

Name: CVE-2010-4538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4538
Reference:
# MLIST:[oss-security] 20101231 CVE Request: Wireshark
# URL:http://openwall.com/lists/oss-security/2010/12/31/7
# MLIST:[oss-security] 20110103 Re: CVE Request: Wireshark
# URL:http://openwall.com/lists/oss-security/2011/01/03/8
# CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539
# DEBIAN:DSA-2144
# URL:http://www.debian.org/security/2011/dsa-2144
# FEDORA:FEDORA-2011-0128
#
URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053042.html
# FEDORA:FEDORA-2011-0167
#
URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html
# MANDRIVA:MDVSA-2011:002
# URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:002

Buffer overflow in the sect_enttec_dmx_da function in
epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted ENTTEC DMX packet with Run Length
Encoding (RLE) compression.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk10WnwACgkQdr7GbwjmqKXwfQD+N9kAPvtjU6fsGutFNB9n4J4J
IC+UtXP428qsVSdRJI4A+gJALrMa86+2troM0Pom8Pv3XFmmjsEVy92DAavLKtbw
=5fYc
-----END PGP SIGNATURE-----

CVE References

Jamie Strandboge (jdstrand)
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 1.4.4-1

Changed in wireshark (Ubuntu Natty):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → Fix Released
Changed in wireshark (Ubuntu Maverick):
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 1.2.11-6build0.10.10.1 on maverick.

Changed in wireshark (Ubuntu Lucid):
status: New → Confirmed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in wireshark (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.