Vigil@nce - Wireshark: denial of service via IKE
July 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed IKE packet, in order to stop
Wireshark.
Severity: 1/4
Creation date: 12/07/2011
IMPACTED PRODUCTS
– Wireshark
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
The packet-isakmp.c dissector decodes ISAKMP/IKE frames (protocol
used for IPsec key negotiation). This dissector decodes several
fields:
– isakmp.version
– isakmp.typepayload "Type Payload" : type of data ("Security
Association", "Key Exchange", etc.)
– etc.
However, if the type of data is invalid, an error occurs when
Wireshark tries to identify the payload.
An attacker can therefore send a malformed IKE packet, in order to
stop Wireshark.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-IKE-10828