oss-sec mailing list archives
Re: CVE Request: Wireshark DoS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 1 Apr 2009 14:30:08 -0400 (EDT)
On Wed, 1 Apr 2009, Pinar Yanardag wrote:
Yesterday, I came upon the following Secunia advisory [1] about Wireshark 1.0.6:
====================================================== Name: CVE-2009-1210 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210 Reference: MILW0RM:8308 Reference: URL:http://www.milw0rm.com/exploits/8308 Reference: BID:34291 Reference: URL:http://www.securityfocus.com/bid/34291 Reference: SECUNIA:34542 Reference: URL:http://secunia.com/advisories/34542 Reference: XF:wireshark-pndcp-format-string(49512) Reference: URL:http://xforce.iss.net/xforce/xfdb/49512 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Current thread:
- Re: CVE Request: Wireshark DoS Steven M. Christey (Apr 01)