Ubuntu

CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns

Reported by Mahyuddin Susanto on 2011-03-07
344
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Medium
Unassigned
Lucid
Medium
Mahyuddin Susanto
Maverick
Undecided
Unassigned
Natty
Medium
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/wireshark
 status inprogress
 assignee udienz
 importance medium
 security yes
 done

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2287 to
the following vulnerability:

Name: CVE-2010-2287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287
Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark
vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html
Reference: MANDRIVA:MDVSA-2010:113
Reference: URL:
http://www.mandriva.com/security/advisories?name=MDVSA-2010:113
Reference: SECUNIA:40112
Reference: URL: http://secunia.com/advisories/40112
Reference: VUPEN:ADV-2010-1418
Reference: URL: http://www.vupen.com/english/advisories/2010/1418

Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
has unknown impact and remote attack vectors.

Upstream commits:

trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33087
trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33090
trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33134
trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33149
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk10XJgACgkQdr7GbwjmqKVdNwD6Ay0mTp8cJu6jZ3jB1Ova7LYP
2wD640H3tD4sViL+FJ0BAMtCe5YLRIrkAtG7BX9UqXLu2BbpQKvxa+xENdMe/Yiw
=/7oZ
-----END PGP SIGNATURE-----

CVE References

visibility: private → public
Changed in wireshark (Ubuntu Maverick):
status: New → Fix Released
Changed in wireshark (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in wireshark (Ubuntu Natty):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → Fix Released
Changed in wireshark (Ubuntu Lucid):
assignee: nobody → Mahyuddin Susanto (udienz)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers