CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns

Bug #730419 reported by Mahyuddin Susanto
344
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Fix Released
Medium
Unassigned
Lucid
Won't Fix
Medium
Mahyuddin Susanto
Maverick
Fix Released
Undecided
Unassigned
Natty
Fix Released
Medium
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/wireshark
 status inprogress
 assignee udienz
 importance medium
 security yes
 done

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2287 to
the following vulnerability:

Name: CVE-2010-2287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287
Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark
vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html
Reference: MANDRIVA:MDVSA-2010:113
Reference: URL:
http://www.mandriva.com/security/advisories?name=MDVSA-2010:113
Reference: SECUNIA:40112
Reference: URL: http://secunia.com/advisories/40112
Reference: VUPEN:ADV-2010-1418
Reference: URL: http://www.vupen.com/english/advisories/2010/1418

Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
has unknown impact and remote attack vectors.

Upstream commits:

trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33087
trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33090
trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33134
trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33149
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk10XJgACgkQdr7GbwjmqKVdNwD6Ay0mTp8cJu6jZ3jB1Ova7LYP
2wD640H3tD4sViL+FJ0BAMtCe5YLRIrkAtG7BX9UqXLu2BbpQKvxa+xENdMe/Yiw
=/7oZ
-----END PGP SIGNATURE-----

CVE References

visibility: private → public
Changed in wireshark (Ubuntu Maverick):
status: New → Fix Released
Changed in wireshark (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in wireshark (Ubuntu Natty):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → Fix Released
Changed in wireshark (Ubuntu Lucid):
assignee: nobody → Mahyuddin Susanto (udienz)
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in wireshark (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.