Bug 737784 (CVE-2011-3360) - CVE-2011-3360 Wireshark: Lua script execution vulnerability
Summary: CVE-2011-3360 Wireshark: Lua script execution vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3360
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 737788
TreeView+ depends on / blocked
 
Reported: 2011-09-13 05:06 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-24 14:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-13 06:13:36 UTC
Embargoed:

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2011-09-13 05:06:01 UTC 
It was found that wireshark could run arbitrary Lua scripts. 

Reference:
http://www.wireshark.org/security/wnpa-sec-2011-15.html

This issue affects the versions of wireshark shipped with Fedora-14, Fedora-15
and the upcoming Fedora-16 and has been fixed via the following security
advisories:

https://admin.fedoraproject.org/updates/FEDORA-2011-12423
https://admin.fedoraproject.org/updates/FEDORA-2011-12403
https://admin.fedoraproject.org/updates/FEDORA-2011-12399
Comment 1 Huzaifa S. Sidhpurwala 2011-09-13 06:13:36 UTC 
Version of wireshark shipped with Red Hat Enterprise Linux 4 and 5, does not have lua support. Version of wireshark shipped with Red Hat Enterprise Linux 6 is built without lua support.

Statement:

Not Vulnerable. This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 or 6.
Comment 2 Vincent Danen 2011-09-14 21:57:32 UTC 
This issue was assigned the name CVE-2011-3360.
Note You need to log in before you can comment on or make changes to this bug.