Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.64.1006141629410.13177@faron.mitre.org>
Date: Mon, 14 Jun 2010 16:30:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Gerald Combs <gerald@...eshark.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request for new wireshark vulnerabilities


On Thu, 10 Jun 2010, Vincent Danen wrote:

>>  The SMB dissector could dereference a NULL pointer.
>>  Fixed in trunk: r32650
>>  Fixed in trunk-1.2: r33142
>>  Fixed in trunk-1.0: r33145
>>  Bug 4734
>>  Versions affected: 0.99.6 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2283

>>  J. Oquendo discovered that the ASN.1 BER dissector could overrun
>>  the stack.
>>  Fixed in trunk: r32922, r33046
>>  Fixed in trunk-1.2: r33122
>>  Fixed in trunk-1.0: r33146
>>  Versions affected: 0.10.13 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2284

>>  The SMB PIPE dissector could dereference a NULL pointer on some
>>  platforms.
>>  Fixed in trunk: r32848
>>  Fixed in trunk-1.2: r33120
>>  Fixed in trunk-1.0: r33143
>>  Versions affected: 0.8.20 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2285

>>  The SigComp Universal Decompressor Virtual Machine could go into
>>  an infinite loop.
>>  Fixed in trunk: r33061, r33065
>>  Fixed in trunk-1.2: r33131
>>  Fixed in trunk-1.0: r33147
>>  Bug 4826
>>  Versions affected: 0.10.7 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2286

>>  The SigComp Universal Decompressor Virtual Machine could overrun
>>  a buffer.
>>  Fixed in trunk: r33087, r33090
>>  Fixed in trunk-1.2: r33134
>>  Fixed in trunk-1.0: r33149
>>  Bug 4837
>>  Versions affected: 0.10.8 to 1.0.13, 1.2.0 to 1.2.8

Use CVE-2010-2287


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.