Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3140 to the following vulnerability: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." References: http://www.wireshark.org/security/wnpa-sec-2008-03.html http://secunia.com/advisories/30886 Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2647 Upstream commit: http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25612
This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
wireshark-1.0.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.0.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6645 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6440