Info

Disclosure

Oct 26, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 26, 2009

Description

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered by an alignment error in dissect_paltalk() function in epan/dissectors/packet-paltalk.c of the paltalk dissector, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Wireshark Foundation	Wireshark	1.2.2
		1.2.1
		1.2.0

References

CVE ID: 2009-3549 (see also: NVD)
Bugtraq ID: 36846
Secunia Advisory ID: 37175 37409 38152
ISS X-Force ID: 54016
Related OSVDB ID: 59458 59460 59461
Vendor Specific Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00002.html
http://www.gentoo.org/security/en/glsa/glsa-200911-05.xml
http://www.wireshark.org/security/wnpa-sec-2009-07.html
Other Advisory URL: http://www.vupen.com/english/advisories/2009/3061
Vendor URL: http://www.wireshark.org
Vendor Specific News/Changelog Entry: http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689

Credit

Vendor Provided -

Direct URL: http://osvdb.org/59459

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Wireshark Foundation

Wireshark

References

Credit