Vigil@nce: Wireshark, denial of service via PN-DCP
April 2009 by Vigil@nce
An attacker can send malicious PN-DCP data in order to create a
denial of service or to execute code on Wireshark.
– Severity: 2/4
– Consequences: privileged access/rights, denial of service of
service
– Provenance: intranet client
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Creation date: 31/03/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
The PROFINET protocol is used in industrial networks (over
Ethernet or tunnelled inside DCE/RPC). The PN-DCP (PROFINET
Discovery and basic Configuration Protocol) protocol is supported
by Wireshark.
The PN-DCP protocol uses several fields:
– Device ID : identifier of the device
– Device Role : type of device
– Manufacturer
– Name Of Station
However, if the Name Of Station contains format characters, a
format string attack occurs in the Wireshark dissector.
An attacker can therefore send malicious PN-DCP data in order to
create a denial of service or to execute code on Wireshark.
CHARACTERISTICS
– Identifiers: BID-34291, CVE-2009-1210, VIGILANCE-VUL-8577
– Url: http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-PN-DCP-8577