You are here

T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

June 3, 2011 - 3:35pm

Addthis

PROBLEM:

Wireshark Multiple Flaws Let Remote Users Deny Service

PLATFORM:

Wireshark Version(s): 1.2.0 to 1.2.16, 1.4.0 to 1.4.6

ABSTRACT:

Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

reference LINKS: 

wnpa-sec-2011-07
SecurityTracker Alert ID: 1025597
wnpa-sec-2011-08

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send specially crafted DICOM data, Visual Networks file, compressed capture data, snoop file, or Diameter dictionary file to cause the target service to crash or enter an infinite loop.
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

1. Large/infinite loop in the DICOM dissector. (Bug 5876)
2. Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark.
3. Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912)
4. Malformed compressed capture data could crash Wireshark. (Bug 5908)
5. Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934)

Impact:

A vulnerabilities can make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Solution:

Upgrade to Wireshark 1.2.17 or later. Due to the nature of these bugs Wireshark do not recommend trying to work around the problem by disabling individual dissectors.

Wireshark Support
 

Addthis