Babi discovered several buffer overflows in the LWRES dissector which could be used to crash wireshark [1]. Fixed in trunk: r31524 Fixed in trunk-1.2: r31596 Fixed in trunk-1.0: r31671 Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5 [1] http://www.wireshark.org/security/wnpa-sec-2010-02.html
This is CVE-2010-0304.
The LWRES protocol is meant to be used locally to talk to BIND9 (for example, lwresd will only listen to 127.0.0.1): http://www.phpman.info/index.php/man/lwresd/8 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
wireshark-1.2.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/wireshark-1.2.6-1.fc12
wireshark-1.2.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Via RHSA-2010:0360 https://rhn.redhat.com/errata/RHSA-2010-0360.html