CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.9%
CentOS Errata and Security Advisory CESA-2011:0013
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
An array index error, leading to a stack-based buffer overflow, was found
in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off
a network or opened a malicious dump file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2010-4538)
Users of Wireshark should upgrade to these updated packages, which contain
a backported patch to correct this issue. All running instances of
Wireshark must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-January/079403.html
https://lists.centos.org/pipermail/centos-announce/2011-January/079404.html
Affected packages:
wireshark
wireshark-gnome
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0013
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | wireshark | < 1.0.15-1.el4_8.3 | wireshark-1.0.15-1.el4_8.3.i386.rpm |
CentOS | 4 | i386 | wireshark-gnome | < 1.0.15-1.el4_8.3 | wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm |
CentOS | 4 | x86_64 | wireshark | < 1.0.15-1.el4_8.3 | wireshark-1.0.15-1.el4_8.3.x86_64.rpm |
CentOS | 4 | x86_64 | wireshark-gnome | < 1.0.15-1.el4_8.3 | wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm |