A denial of service flaw was found in the way the Zigbee ZCL dissector of Wireshark network traffic analyzer processed certain captures. A remote attacker could use this flaw to cause an infinite loop, if the local user opened a specially-crafted captures file in Wireshark. References: [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303 [2] http://www.wireshark.org/security/wnpa-sec-2010-14.html [3] http://www.openwall.com/lists/oss-security/2010/11/22/17
This issue did NOT affect the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 4, 5, or 6, as those versions do not provide support for the Zigbee Cluster Library (ZCL) protocol yet. -- This issue did NOT affect the versions of the wireshark package, as shipped with Fedora release of 12 and 13, as those versions do not provide support for the Zigbee Cluster Library (ZCL) protocol yet. This issue does NOT affect the version of the wireshark package, as shipped with Fedora release of 14 (relevant packages are already updated to v1.4.2).
Statement: This issue did not affect the versions of wireshark shipped with Red Hat Enterprise Linux 4, 5, and 6, as they did not include support for the Zigbee Cluster Library (ZCL) protocol.