A heap-based buffer overflow was found in the way Wireshark processes signalling traces generated by Gammu (www.gammu.org) from Nokia DCT3 phones in Netmonitor mode. An attacker could use this flaw to cause wireshark executable to crash or, potentially, execute arbitrary code with the privileges of the user running wireshark, if the local user opened a specially-crafted capture file. The following upstream commit fixes this issue: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 676781]
This is fixed upstream in version 1.4.4: http://www.wireshark.org/security/wnpa-sec-2011-04.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0369 https://rhn.redhat.com/errata/RHSA-2011-0369.html