[PLSA 2009-53] Wireshark: Multiple Vulnerabilities
- Severity: 3
- Type: Remote
- Release Date: 2009-04-12
Some vulnerabilities have been reported in Wireshark, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
1) A vulnerability is caused due to a format string error within the PN-DCP dissector when processing station names containing format string specifiers. This can be exploited to cause a crash and potentially execute arbitrary code via specially crafted packets captured off the wire or loaded via a capture file.
2) An error within the Check Point High-Availability Protocol (CPHAP) dissector can be exploited to cause a crash.
- wireshark, all before 1.0.7-27-9
There are update(s) for wireshark. You can update them via Package Manager or with a single command from console:
pisi up wireshark