Bug 24297 - CVE-2010-3445: ASN.1 BER vulnerability
Summary: CVE-2010-3445: ASN.1 BER vulnerability
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: wireshark-base (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://www.wireshark.org/security/wnp...
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-14 09:50 MSD by Vladimir Lettiev
Modified: 2010-10-20 09:20 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-14 09:50:36 MSD 
The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0.

Fixed in wireshark 1.4.1
Comment 1 Anton Farygin 2010-10-14 09:51:49 MSD 
Да, спасибо, я уже работаю над этим.
Comment 2 Repository Robot 2010-10-14 12:28:27 MSD 
wireshark-1.4.1-alt1 -> sisyphus:

* Thu Oct 14 2010 Anton Farygin <rider@altlinux> 1.4.1-alt1
- new version, fixed CVE-2010-3445 (closes: #24297)
- user guide updated