what you don't know can hurt you

Mandriva Linux Security Advisory 2010-242

Mandriva Linux Security Advisory 2010-242
Posted Nov 29, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-242 - This advisory updates wireshark to the latest version, fixing one security issue. Heap-based buffer overflow in the dissect_ldss_transfer function in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-4300
MD5 | acb5ba05479379d744f9ce10d7cfabd5

Mandriva Linux Security Advisory 2010-242

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:242
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : November 28, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

This advisory updates wireshark to the latest version (1.2.13),
fixing one security issue:

Heap-based buffer overflow in the dissect_ldss_transfer function
(epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark
1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via an LDSS packet with a long digest line that triggers memory
corruption (CVE-2010-4300).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4300
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318
http://www.wireshark.org/security/wnpa-sec-2010-14.html
http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
bdbb1b214e59d74f0075ae893819a9f8 2010.0/i586/dumpcap-1.2.13-0.1mdv2010.0.i586.rpm
0f29708089267e7a8188aaf0b9a05287 2010.0/i586/libwireshark0-1.2.13-0.1mdv2010.0.i586.rpm
df661a6868115051c71d80879810a813 2010.0/i586/libwireshark-devel-1.2.13-0.1mdv2010.0.i586.rpm
a5bc877e16d9dc7bf219890d1f1df33f 2010.0/i586/rawshark-1.2.13-0.1mdv2010.0.i586.rpm
6bf1731d7a69578df7c4e8af3ffcdaba 2010.0/i586/tshark-1.2.13-0.1mdv2010.0.i586.rpm
2b8e8bd07009381685a242563bd72886 2010.0/i586/wireshark-1.2.13-0.1mdv2010.0.i586.rpm
82772246e673d725b76df96a98c8e94a 2010.0/i586/wireshark-tools-1.2.13-0.1mdv2010.0.i586.rpm
aaee58cb0ffdff477f29bacf15b9c9dc 2010.0/SRPMS/wireshark-1.2.13-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
982fbf234e764e943193938feb5b90f0 2010.0/x86_64/dumpcap-1.2.13-0.1mdv2010.0.x86_64.rpm
a956ba2da8a343fdaf6b8f49451e3ec2 2010.0/x86_64/lib64wireshark0-1.2.13-0.1mdv2010.0.x86_64.rpm
cb439afb7607433c4c5fff9dfbf2870b 2010.0/x86_64/lib64wireshark-devel-1.2.13-0.1mdv2010.0.x86_64.rpm
fa3263c92ed9021b8025272c1346b25a 2010.0/x86_64/rawshark-1.2.13-0.1mdv2010.0.x86_64.rpm
7c391f9841576e31885e60fb803ef2ff 2010.0/x86_64/tshark-1.2.13-0.1mdv2010.0.x86_64.rpm
c6a0fee28f065fbb3bbc90f080e0b744 2010.0/x86_64/wireshark-1.2.13-0.1mdv2010.0.x86_64.rpm
71220add0439ae3a08638bccd39f6e01 2010.0/x86_64/wireshark-tools-1.2.13-0.1mdv2010.0.x86_64.rpm
aaee58cb0ffdff477f29bacf15b9c9dc 2010.0/SRPMS/wireshark-1.2.13-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
25347584b6703f4c5646d4276115c81b 2010.1/i586/dumpcap-1.2.13-0.1mdv2010.1.i586.rpm
0a5537d1d1c4677a09f47e73062e0414 2010.1/i586/libwireshark0-1.2.13-0.1mdv2010.1.i586.rpm
3da7c3cf521db4859d8b36bd2b1c2e1a 2010.1/i586/libwireshark-devel-1.2.13-0.1mdv2010.1.i586.rpm
32f2251a14cab4a5dc3712546083ebde 2010.1/i586/rawshark-1.2.13-0.1mdv2010.1.i586.rpm
186c631e5551ba551cc706d34067edfe 2010.1/i586/tshark-1.2.13-0.1mdv2010.1.i586.rpm
7d7a26327249ef39840cde5de056be7b 2010.1/i586/wireshark-1.2.13-0.1mdv2010.1.i586.rpm
a612e1d9317342ee88a5b209c10b8541 2010.1/i586/wireshark-tools-1.2.13-0.1mdv2010.1.i586.rpm
d86b28ee505b3b824a4a76e2e41b95cc 2010.1/SRPMS/wireshark-1.2.13-0.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
0074d272580ecb14470957bbcf309fdb 2010.1/x86_64/dumpcap-1.2.13-0.1mdv2010.1.x86_64.rpm
b2d0893308118c39624a68ee37fd4fea 2010.1/x86_64/lib64wireshark0-1.2.13-0.1mdv2010.1.x86_64.rpm
65bd3c621d996e1c2bf62e41040ca8e9 2010.1/x86_64/lib64wireshark-devel-1.2.13-0.1mdv2010.1.x86_64.rpm
f04eede134a4b7b1ce261d453ef7df15 2010.1/x86_64/rawshark-1.2.13-0.1mdv2010.1.x86_64.rpm
93bd66519850417ce7cd79c6537f2773 2010.1/x86_64/tshark-1.2.13-0.1mdv2010.1.x86_64.rpm
6ed7bbd6da344b881d043687a4b1bf64 2010.1/x86_64/wireshark-1.2.13-0.1mdv2010.1.x86_64.rpm
ba599f0e8845fb95dfc4364d8a45a871 2010.1/x86_64/wireshark-tools-1.2.13-0.1mdv2010.1.x86_64.rpm
d86b28ee505b3b824a4a76e2e41b95cc 2010.1/SRPMS/wireshark-1.2.13-0.1mdv2010.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM8k4omqjQ0CJFipgRAuNpAKCPw+xw0lnt1f4gXBnkxk/7A2PUnQCgw1ye
DoJ/GJ55kDvM7IIW8iusmZc=
=MXYv
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close