Date: Wed, 1 Apr 2009 14:30:08 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Wireshark DoS On Wed, 1 Apr 2009, Pinar Yanardag wrote: > > Yesterday, I came upon the following Secunia advisory  about Wireshark 1.0.6: ====================================================== Name: CVE-2009-1210 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210 Reference: MILW0RM:8308 Reference: URL:http://www.milw0rm.com/exploits/8308 Reference: BID:34291 Reference: URL:http://www.securityfocus.com/bid/34291 Reference: SECUNIA:34542 Reference: URL:http://secunia.com/advisories/34542 Reference: XF:wireshark-pndcp-format-string(49512) Reference: URL:http://xforce.iss.net/xforce/xfdb/49512 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.