Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0599 to the following vulnerability: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590 http://www.securityfocus.com/bid/33690 http://www.frsirt.com/english/advisories/2009/0370 http://osvdb.org/51815 http://secunia.com/advisories/33872
This issue does NOT affect the version of the wireshark package, as shipped with Red Hat Enterprise Linux 2.1. This issue affects the versions of the wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the versions of the wireshark package, as shipped with Fedora releases of 9 and 10. This issue does NOT affect the version of the wireshark package, as shipped with Fedora release of devel.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This is stack-based buffer overflow, that may be exploitable at least on systems without stack protector -> impact=moderate.
wireshark-1.0.6-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.0.6-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0313.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1798 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1877