CVE-2009-1210 Information

Description

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.mandriva.com/security/advisories?name=MDVSA-2009:088 http://www.redhat.com/support/errata/RHSA-2009-1100.html http://www.securityfocus.com/archive/1/502745/100/0/threaded http://www.securityfocus.com/bid/34291 http://www.wireshark.org/security/wnpa-sec-2009-02.html https://exchange.xforce.ibmcloud.com/vulnerabilities/49512 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5976 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9526 https://www.exploit-db.com/exploits/8308 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html