Launchpad.net

CVE 2008-3146

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.

Related bugs and status

CVE-2008-3146 (Candidate) is related to these bugs:

Bug #277895: Wireshark 1.0.3 fixes multiple vulnerabilities

Summary				In	Importance	Status
	277895	Wireshark 1.0.3 fixes multiple vulnerabilities		wireshark (Ubuntu)	Medium	Fix Released
	277895	Wireshark 1.0.3 fixes multiple vulnerabilities		wireshark (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://wiki.rpath.com/...
SUSE: SUSE-SR:2008:017
CONFIRM: http://bugs.wireshark....
CONFIRM: http://www.wireshark.o...
SECTRACK: 1020819
SECUNIA: 31687
SECUNIA: 31886
FEDORA: FEDORA-2008-7894
FEDORA: FEDORA-2008-7936
GENTOO: GLSA-200809-17
SECUNIA: 32028
SECUNIA: 31864
REDHAT: RHSA-2008:0890
SECUNIA: 32091
MANDRIVA: MDVSA-2008:199
CONFIRM: http://support.avaya.c...
VUPEN: ADV-2008-2773
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080917 rPSA-2008-027...