[Frugalware-git] homepage-ng: FSA710-wireshark

Sun, 06 Feb 2011 14:54:16 -0800 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=cb49725788bbdab57980bca95eff318c028e05c7

commit cb49725788bbdab57980bca95eff318c028e05c7
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun Feb 6 23:51:50 2011 +0100

FSA710-wireshark

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index f8a5fa1..6dc6199 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,24 @@

<fsas>
<fsa>
+               <id>710</id>
+               <date>2011-02-06</date>
+               <author>Miklos Vajna</author>
+               <package>wireshark</package>
+               <vulnerable>1.4.2-1haven1</vulnerable>
+               <unaffected>1.4.3-1haven1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4410</bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4538
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0445</cve>
+               <desc>Multiple vulnerabilities have been reported in Wireshark, 
which can be exploited by malicious people to cause a DoS (Denial of Service) 
and potentially compromise a vulnerable system.
+                       1) A boundary error in the "dissect_enttec_dmx_data()" 
function (epan/dissectors/packet-enttec.c) when processing RLE Compressed DMX 
data of the ENTTEC protocol can be exploited to cause a buffer overflow via a 
specially crafted packet sent to UDP port 3333.
+                       2) A boundary error in the MAC-LTE dissector 
(epan/dissectors/packet-mac-lte.c) can be exploited to cause a stack-based 
buffer overflow.
+                       3) A boundary error in the 
"snmp_usm_password_to_key_sha1()" function (asn1/snmp/packet-snmp-template.c) 
can be exploited to cause a stack-based buffer overflow.
+                       Successful exploitation of vulnerabilities #1, #2, and 
#3 may allow execution of arbitrary code.
+                       4) An error in the ASN.1 BER dissector can be exploited 
to corrupt memory and cause the process to terminate.</desc>
+       </fsa>
+       <fsa>
<id>709</id>
<date>2011-02-06</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to