Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2011-2597

From: Guy Harris <guy () alum mit edu>
Date: Mon, 18 Jul 2011 16:35:15 -0700

On Jul 18, 2011, at 2:34 PM, Code Six wrote:


The vulnerability CVE-2011-2597 states that 1.6.0 is also affected by this.
But there is no "fixed" release.
In looking at the website, I'm seeing on page
 
https://www.wireshark.org/security/wnpa-sec-2011-09.html
 
That it also states 1.6.0 is vulnerable to this and to install 1.2.18?
 
Please tell me this is a typo?


It's a misreading of a page that's probably written in a way that makes it too easy to misread.

The underlying vulnerability affects "Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0".

The Wireshark Web site has *three* pages for that vulnerability:

        https://www.wireshark.org/security/wnpa-sec-2011-09.html, for "Lucent/Ascend file parser vulnerability in 
Wireshark® version 1.2.0 to 1.2.17";

        https://www.wireshark.org/security/wnpa-sec-2011-10.html, for "Lucent/Ascend file parser and ANSI MAP 
vulnerabilities in Wireshark® version 1.4.0 to 1.4.7";

        https://www.wireshark.org/security/wnpa-sec-2011-11.html, for "Lucent/Ascend file parser and ANSI MAP 
vulnerabilities in Wireshark® version 1.6.0 to 1.6.0" (sic).

The first of those pages says "Upgrade to Wireshark 1.2.18 or later. It is not possible to work around this bug."

The second of those pages says "Upgrade to Wireshark 1.4.8 or later. Although you can disable the ANSI MAP dissector it 
is not possible to work around the Lucent/Ascend parser bug."

The third of those pages says "Upgrade to Wireshark 1.6.1 or later. Although you can disable the ANSI MAP dissector it 
is not possible to work around the Lucent/Ascend parser bug."

Wireshark 1.4.8 and 1.6.1 were just released a few minutes ago, so the CVE page might not yet show a "fixed" release.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: