Found another CVE hanging: CVE-2007-4721: Integer signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet.
The fix is quite easy, reading the explanation on http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html: - guint16 al_obj, temp16=0, al_val16=0, al_ctlobj_stat; - guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off; + guint16 al_obj, al_val16=0, al_ctlobj_stat; + guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off, temp16=0; PLease have a look at temp16...before it, it was a unsigned 16bit int, but it needs to be a unsigned 32bit int. ** Attachment removed: "feisty debdiff to fix all CVEs" http://launchpadlibrarian.net/10403760/wireshark_0.99.4-6ubuntu0.1.debdiff ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-4721 -- WireShark versions prior to 0.99.6 vulnerability https://bugs.launchpad.net/bugs/132915 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
