You are here

U-273: Multiple vulnerabilities have been reported in Wireshark

October 3, 2012 - 6:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Wireshark

PLATFORM:

Wireshark 1.x

ABSTRACT:

Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

reference LINKS:

Wireshark bug 7581
Wireshark bug 7316
Wireshark bug 7668
Wireshark bug 7666
Wireshark bug 7567
Secunia Advisory SA50843

IMPACT ASSESSMENT:

High 

Discussion:

Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) An error in the HSRP dissector when processing certain packets can be exploited to cause an infinite loop and consume CPU resources.

2) An error in the PPP dissector when processing certain packets can be exploited to cause a crash.

3) An error in the DRDA dissector when processing certain packets can be exploited to cause an infinite loop and consume CPU resources.

4) An error in the LDP dissector when processing certain packets can be exploited to cause a buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 1.8.3.

Impact:

Successful exploitation of this vulnerability may allow execution of arbitrary code.

Solution:

 

Addthis