Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0600 to the following vulnerability: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937 http://www.securityfocus.com/bid/33690 http://www.frsirt.com/english/advisories/2009/0370 http://secunia.com/advisories/33872
This issue does NOT affect the version of the wireshark package, as shipped with Red Hat Enterprise Linux 2.1. This issue affects the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the versions of the wireshark package, as shipped with Fedora releases of 9 and 10. This issue does NOT affect the version of the wireshark package, as shipped with Fedora release of devel.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
wireshark-1.0.6-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.0.6-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0313.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1798 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1877