Vigil@nce - Wireshark: buffer overflow via ENTTEC DMX
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious ENTTEC DMX packet, in order to
create an overflow in Wireshark, leading to a denial of service or
to code execution.
Severity: 1/4
Creation date: 03/01/2011
IMPACTED PRODUCTS
– Wireshark
DESCRIPTION OF THE VULNERABILITY
The DMX512 standard is used to control up to 512 lights bulbs of a
stage lighting. The ENTTEC DMX protocol encapsulates DMX packets
inside Ethernet packets.
DMX packets are compressed by RLE (Run Length Encoding). The
packet-enttec.c dissector of Wireshark decodes these DMX packets.
However, if the number of items is greater than 512, a buffer
overflow occurs.
An attacker can therefore send a malicious ENTTEC DMX packet, in
order to create an overflow in Wireshark, leading to a denial of
service or to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-buffer-overflow-via-ENTTEC-DMX-10242