[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for new wireshark vulnerabilities
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-06-14 20:30:36
Message-ID: Pine.GSO.4.64.1006141629410.13177 () faron ! mitre ! org
[Download RAW message or body]


On Thu, 10 Jun 2010, Vincent Danen wrote:

>>  The SMB dissector could dereference a NULL pointer.
>>  Fixed in trunk: r32650
>>  Fixed in trunk-1.2: r33142
>>  Fixed in trunk-1.0: r33145
>>  Bug 4734
>>  Versions affected: 0.99.6 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2283

>>  J. Oquendo discovered that the ASN.1 BER dissector could overrun
>>  the stack.
>>  Fixed in trunk: r32922, r33046
>>  Fixed in trunk-1.2: r33122
>>  Fixed in trunk-1.0: r33146
>>  Versions affected: 0.10.13 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2284

>>  The SMB PIPE dissector could dereference a NULL pointer on some
>>  platforms.
>>  Fixed in trunk: r32848
>>  Fixed in trunk-1.2: r33120
>>  Fixed in trunk-1.0: r33143
>>  Versions affected: 0.8.20 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2285

>>  The SigComp Universal Decompressor Virtual Machine could go into
>>  an infinite loop.
>>  Fixed in trunk: r33061, r33065
>>  Fixed in trunk-1.2: r33131
>>  Fixed in trunk-1.0: r33147
>>  Bug 4826
>>  Versions affected: 0.10.7 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2286

>>  The SigComp Universal Decompressor Virtual Machine could overrun
>>  a buffer.
>>  Fixed in trunk: r33087, r33090
>>  Fixed in trunk-1.2: r33134
>>  Fixed in trunk-1.0: r33149
>>  Bug 4837
>>  Versions affected: 0.10.8 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2287


- Steve
[prev in list] [next in list] [prev in thread] [next in thread]