Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

An attacker can send a malicious PCNFSD packet in order to stop
Wireshark.

Severity: 1/4

Consequences: denial of service of service

Provenance: intranet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 22/05/2009

IMPACTED PRODUCTS

– Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The Wireshark program captures and displays network packets.

The PCNFSD protocol is used to share files and printers. It is
based on the ONC/RPC protocol (Open Network Computing Remote
Procedure Call, RFC 1832).

The dissect_rpc_opaque_data() function of packet-rpc.c uses the
"" static string to indicate that a field is empty.

The login and the password contained in a PCNFSD packet are
encoded with an XOR. The pcnfsd_decode_obscure() function decodes
them by modifying the character array.

However, if the login or the password is empty, the
pcnfsd_decode_obscure() function tries to alter the static
"" string (which is "read only"), which generates an error.

An attacker can therefore send a PCNFSD packet with an empty
login/password in order to stop Wireshark.

CHARACTERISTICS

Identifiers: VIGILANCE-VUL-8730, wnpa-sec-2009-03

http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-PCNFSD-8730