You are here

T-714:Wireshark OpenSafety and CSN.1 Dissector Bugs

September 12, 2011 - 9:00am

Addthis

PROBLEM:

Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

PLATFORM:

Version(s): 1.4.0 to 1.4.8, 1.6.0 to 1.6.1

ABSTRACT:

Wireshark OpenSafety and CSN.1 Dissector Bugs Lets Remote Users Deny Service.

reference  LINKS:

Wireshark 1.6.2 Release Notes
Wireshark 1.4.9 Release Notes
Docid: wnpa-sec-2011-12
Docid: wnpa-sec-2011-14
Docid: wnpa-sec-2011-15
Docid: wnpa-sec-2011-16
SecurityTracker Alert ID: 1026030

IMPACT ASSESSMENT:

High

Discussion:

A remote user can cause arbitrary scripting code to be executed on the target user's system.
A large loop in the OpenSafety dissector could cause a crash. A remote user can send specially crafted data to cause the OpenSafety dissector to crash. Only versions 1.6.0 to 1.6.1 are affected.
A malformed capture file could result in an invalid root tvbuff and cause a crash. A remote user can create a specially crafted packet trace file to trigger a buffer handling error and cause the system to crash. Only versions 1.6.0 to 1.6.1 are affected.
Wireshark could run arbitrary Lua scripts. A user can conduct a DLL hijacking type of attack to execute arbitrary Lua scripts.
An uninitialized variable in the CSN.1 dissector could cause a crash. A remote user can send specially crafted CSN.1 data to cause the dissector to crash. Only versions 1.6.0 to 1.6.1 are affected.

Impact:

Wireshark bug 6138: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Wireshark bug 6135: It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file.
Wireshark bug 6136: It may be possible to make Wireshark run arbitrary code using a method similar to DLL hijacking.
Wireshark bug 6139: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Solution:

Wireshark has issued a fix (1.6.2, 1.4.9).
Wireshark Download
Release Notes

 

Addthis