Release date:
Updated on: 2012-12-09
Affected Systems:
Wireshark 1.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2012-6052
Wireshark (formerly known as Ethereal) is a very popular open-source network traffic analysis software.
Wireshark has a security vulnerability when processing multiple pcap-ng format files, which can cause leakage of Sensitive Host name resolution information.
<* Source: Laura Chappell
Link: https://bugzilla.RedHat.com/show_bug.cgi? Id = 881855
Http://secunia.com/advisories/51422/
Http://www.wireshark.org/security/wnpa-sec-2012-30.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Wireshark has released a Security Bulletin (wnpa-sec-2012-30) for this and the corresponding patch 1.8.4:
Wnpa-sec-2012-30: Wireshark pcap-ng host name disclosure
Link: http://www.wireshark.org/security/wnpa-sec-2012-30.html