https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3388
Summary: [security] Format string vulnerability in the
PROFINET/DCP (PN-DCP) dissector (CVE-2009-1210)
Product: Wireshark
Version: 1.0.6
Platform: Other
OS/Version: All
Status: NEW
Severity: Major
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: pva@xxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
I have not found any mention of this issue on wireshark.org website so I'm
opening this bug.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1210
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark
1.0.6 and earlier allows remote attackers to execute arbitrary code via a
PN-DCP packet with format string specifiers in the station name. NOTE: some of
these details are obtained from third party information.
Exploit: http://www.milw0rm.com/exploits/8308
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality,
integrity, and availability violation; Allows unauthorized disclosure of
information; Allows disruption of service
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
