|
|
|
|
| |
Multiple vulnerabilities have been found in Wireshark, these vulnerabilities can be triggered by injecting malicious packets which the product's dissector will badly handle. Wireshark 0.99.3 fixes the following vulnerabilities:
* The SCSI dissector could crash. Versions affected: 0.99.2. CVE: CVE-2006-4330
* If Wireshark was compiled with ESP decryption support, the IPsec ESP preference parser was susceptible to off-by-one errors. Versions affected: 0.99.2. CVE: CVE-2006-4331
* The DHCP dissector (and possibly others) in the Windows version of Wireshark could trigger a bug in Glib and crash. Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332
* If the SSCOP dissector has a port range configured and the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333 |
| |
Credit:
The information has been provided by Wireshark Security Team.
The original article can be found at: http://www.wireshark.org/security/wnpa-sec-2006-02.html
|
| |
Vulnerable Systems:
* Wirehark version 0.99.2
Immune Systems:
* Wirehark version 0.99.3
Impact:
It may be possible to make Wireshark or Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution:
Upgrade to Wireshark 0.99.3.
If are running Wireshark 0.99.2 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following:
* Disable the SCSI and Q.2931 dissectors. If you're running Wireshark under Windows, disable the DHCP dissector.
o Select Analyze Enabled Protocols... from the menu.
o Make sure "SCSI", "Q.2931", and "BOOTP/DHCP" (if needed) are un-checked.
o Click "Save", then click "OK".
* If your copy of Wireshark has ESP decryption compiled in, make sure it's disabled.
o Select Edit Preferences, then Protocols ESP from the menu.
o Make sure "Attempt to detect/decode encrypted ESP payloads" is un-checked.
|
|
|
|
|
|
|
|
|
|
