wireshark

• Author: Miklos Vajna
• Vulnerable: 1.2.3-1getorin1
• Unaffected: 1.2.5-1getorin1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user’s system.

1. A boundary error in the Daintree SNA file parser can be exploited to cause a buffer overflow via a specially crafted capture file. Successful exploitation may allow execution of arbitrary code.
2. An error in the IPMI dissector on Windows can be exploited to cause a crash.
3. An error in the SMB and SMB2 dissectors can be exploited to cause a crash.

• Bug Tracker URL: http://bugs.frugalware.org/task/4064

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378