CentOS ProjectCESA-2008:0890wireshark security update
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.8%
CentOS Errata and Security Advisory CESA-2008:0890
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)
Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.
Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-October/077443.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077444.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077445.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077446.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077447.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077452.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077453.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077456.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077459.html
https://lists.centos.org/pipermail/centos-announce/2008-October/077460.html
Affected packages:
wireshark
wireshark-gnome
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0890
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 3 | i386 | wireshark | < 1.0.3-EL3.3 | wireshark-1.0.3-EL3.3.i386.rpm |
| CentOS | 3 | i386 | wireshark-gnome | < 1.0.3-EL3.3 | wireshark-gnome-1.0.3-EL3.3.i386.rpm |
| CentOS | 3 | x86_64 | wireshark | < 1.0.3-EL3.3 | wireshark-1.0.3-EL3.3.x86_64.rpm |
| CentOS | 3 | x86_64 | wireshark-gnome | < 1.0.3-EL3.3 | wireshark-gnome-1.0.3-EL3.3.x86_64.rpm |
| CentOS | 3 | ia64 | wireshark | < 1.0.3-EL3.3 | wireshark-1.0.3-EL3.3.ia64.rpm |
| CentOS | 3 | ia64 | wireshark-gnome | < 1.0.3-EL3.3 | wireshark-gnome-1.0.3-EL3.3.ia64.rpm |
| CentOS | 4 | ia64 | wireshark | < 1.0.3-3.c4 | wireshark-1.0.3-3.c4.ia64.rpm |
| CentOS | 4 | ia64 | wireshark-gnome | < 1.0.3-3.c4 | wireshark-gnome-1.0.3-3.c4.ia64.rpm |
| CentOS | 4 | s390 | wireshark | < 1.0.3-3.c4 | wireshark-1.0.3-3.c4.s390.rpm |
| CentOS | 4 | s390 | wireshark-gnome | < 1.0.3-3.c4 | wireshark-gnome-1.0.3-3.c4.s390.rpm |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.8%