wireshark

• Author: Miklos Vajna
• Vulnerable: 1.2.5-1getorin1
• Unaffected: 1.2.6-1getorin1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user’s system. The vulnerabilities are caused due to errors within the LWRES dissector, which can be exploited to cause e.g. a stack-based buffer overflow via a specially crafted network packet or by tricking a user into loading a specially crafted capture file. Successful exploitation allows execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/4087

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304