[NEWS] Wireshark Multiple Vulnerabilities (Ethereal)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 29 Aug 2006 15:12:51 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Wireshark Multiple Vulnerabilities (Ethereal)
------------------------------------------------------------------------
SUMMARY
Multiple vulnerabilities have been found in Wireshark, these
vulnerabilities can be triggered by injecting malicious packets which the
product's dissector will badly handle. Wireshark 0.99.3 fixes the
following vulnerabilities:
* The SCSI dissector could crash. Versions affected: 0.99.2. CVE:
CVE-2006-4330
* If Wireshark was compiled with ESP decryption support, the IPsec ESP
preference parser was susceptible to off-by-one errors. Versions affected:
0.99.2. CVE: CVE-2006-4331
* The DHCP dissector (and possibly others) in the Windows version of
Wireshark could trigger a bug in Glib and crash. Versions affected:
0.10.13 - 0.99.2. CVE: CVE-2006-4332
* If the SSCOP dissector has a port range configured and the SSCOP
payload protocol is Q.2931, a malformed packet could make the Q.2931
dissector use up available memory. No port range is configured by default.
Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333
DETAILS
Vulnerable Systems:
* Wirehark version 0.99.2
Immune Systems:
* Wirehark version 0.99.3
Impact:
It may be possible to make Wireshark or Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed packet
onto the wire or by convincing someone to read a malformed packet trace
file.
Resolution:
Upgrade to Wireshark 0.99.3.
If are running Wireshark 0.99.2 or Ethereal 0.99.0 or earlier and cannot
upgrade, you can work around each of the problems listed above by doing
the following:
* Disable the SCSI and Q.2931 dissectors. If you're running Wireshark
under Windows, disable the DHCP dissector.
o Select Analyze Enabled Protocols... from the menu.
o Make sure "SCSI", "Q.2931", and "BOOTP/DHCP" (if needed) are
un-checked.
o Click "Save", then click "OK".
* If your copy of Wireshark has ESP decryption compiled in, make sure
it's disabled.
o Select Edit Preferences, then Protocols ESP from the menu.
o Make sure "Attempt to detect/decode encrypted ESP payloads" is
un-checked.
ADDITIONAL INFORMATION
The information has been provided by Wireshark Security Team.
The original article can be found at:
<http://www.wireshark.org/security/wnpa-sec-2006-02.html>
http://www.wireshark.org/security/wnpa-sec-2006-02.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] BeEF - Browser Exploitation Framework
- Next by Date: [NT] Microsoft IE6 urlmon.dll Long URL Buffer Overflow
- Previous by thread: [TOOL] BeEF - Browser Exploitation Framework
- Next by thread: [NT] Microsoft IE6 urlmon.dll Long URL Buffer Overflow
- Index(es):
Relevant Pages
|
|
