CVE-2011-1140 Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wireshark (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
affects ubuntu/wireshark
status inprogress
assignee udienz
importance medium
security yes
done
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1140 to
the following vulnerability:
Name: CVE-2011-1140
URL: http://
Assigned: 20110302
Reference:
CONFIRM:http://
Reference:
CONFIRM:http://
Reference:
CONFIRM:http://
Reference: CONFIRM:http://
Reference: CONFIRM:http://
Reference: CONFIRM:https:/
Multiple stack consumption vulnerabilities in the
dissect_
Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow
remote attackers to cause a denial of service (infinite recursion) via
a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://
iF4EAREIAAYFAk1
pVmPWgF927R6wLk
=h5Yg
-----END PGP SIGNATURE-----
CVE References
visibility: | private → public |
Changed in wireshark (Ubuntu): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
status: | In Progress → New |
Changed in wireshark (Ubuntu): | |
status: | Confirmed → Fix Released |
Both natty and oneiric have versions of wireshark with this vulnerability fixed. Given that this bug has been "In Progress" without any activity for several months, I'm wondering if it's safe to close.
Not an expert on Ubuntu's security practices, so I'll wait for a response first.