Versions / Builds AffectedLanGuard 2011 (build 20110509)
Problem SummaryThe vulnerability description in a report can be truncated and not completely displayed
TT / JIRAIDLANGUARD-38
How to IdentifyRun a report and check the description of the vulnerability.
E.g. the full description of OVAL:12049 is:
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
When generating a 'vulnerability status' report, the description of OVAL:12049 is cut off and shows as:
The SigComp Universal Decompre
The actual length shown seems to differ.
Workaround / Fix DetailsThis issue is fixed on LanGuard SR2.
Required ActionsUpgrade LanGuard to SR2 or later.