Debian Security Advisory DSA 2590-1 (wireshark - Several Vulnerabilities) Network Vulnerability

Summary

Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code.

Solution

For the stable distribution (squeeze), these problems have been fixed in version 1.2.11-6+squeeze8. For the unstable distribution (sid), these problems have been fixed in version 1.8.2-1. We recommend that you upgrade your wireshark packages.

Insight

Wireshark is a network 'sniffer' - a tool that captures and analyzes packets off the wire. Wireshark can decode too many protocols to list here.

Affected

wireshark on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2012/dsa-2590.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4048, CVE-2012-4296
CVSS Base Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1028-1 (libimager-perl)
Debian Security Advisory DSA 1068-1 (fbi)
Debian Security Advisory DSA 2376-2 (ipmitool)
Debian Security Advisory DSA 1255-1 (libgtop2)
Debian Security Advisory DSA 2821-1 (gnupg - side channel attack)

Debian Security Advisory DSA 2590-1 (wireshark - several vulnerabilities)

Take action and discover your vulnerabilities