Release date:
Updated on:
Affected Systems:
Wireshark 1.6.x
Wireshark 1.4.x
Unaffected system:
Wireshark 1.6.8
Wireshark 1.4.13
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53653
Wireshark (formerly known as Ethereal) is a network group analysis software.
Wireshark versions 1.6.0 to 1.6.7 and 1.4.0 to 1.4.12 have vulnerabilities in the implementation of the Linux or Itanium processor denial of service due to memory alignment, attackers exploit this vulnerability to cause the affected application to crash by using malicious packets and inducing users to read malformed packet tracking files.
<* Source: Klaus Heckelmann
Link: https://bugs.wireshark.org/bugzilla/show_bug.cgi? Id = 7221
Http://www.wireshark.org/security/wnpa-sec-2012-10.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.wireshark.org/security/