Launchpad.net

CVE 2009-1210

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2009-1210 (Candidate) is related to these bugs:

Bug #360661: Please merge wireshark 1.0.7-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	360661	Please merge wireshark 1.0.7-1 (universe) from Debian unstable (main)		wireshark (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 34291
SECUNIA: 34542
CONFIRM: http://www.wireshark.o...
MANDRIVA: MDVSA-2009:088
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 34778
DEBIAN: DSA-1785
SECUNIA: 34970
FEDORA: FEDORA-2009-3599
SECUNIA: 35133
FEDORA: FEDORA-2009-5339
FEDORA: FEDORA-2009-5382
SECUNIA: 35224
SUSE: SUSE-SR:2009:011
SECUNIA: 35416
REDHAT: RHSA-2009:1100
SECUNIA: 35464
XF: wireshark-pndcp-format...
EXPLOIT-DB: 8308
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090417 rPSA-2009-006...