Vigil@nce: Wireshark, denial of service via PCNFSD
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious PCNFSD packet in order to stop
Wireshark.
Severity: 1/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/05/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
The PCNFSD protocol is used to share files and printers. It is
based on the ONC/RPC protocol (Open Network Computing Remote
Procedure Call, RFC 1832).
The dissect_rpc_opaque_data() function of packet-rpc.c uses the
"
The login and the password contained in a PCNFSD packet are
encoded with an XOR. The pcnfsd_decode_obscure() function decodes
them by modifying the character array.
However, if the login or the password is empty, the
pcnfsd_decode_obscure() function tries to alter the static
"
An attacker can therefore send a PCNFSD packet with an empty
login/password in order to stop Wireshark.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8730, wnpa-sec-2009-03
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-PCNFSD-8730