Vigil@nce: Wireshark, denial of service via DOCSIS
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a DOCSIS packet to a network captured by
Wireshark, or invite the victim to open a capture containing a
DOCSIS packet, in order to stop Wireshark.
– Severity: 1/4
– Creation date: 06/05/2010
DESCRIPTION OF THE VULNERABILITY
The DOCSIS (Data Over Cable Service Interface Specification)
protocol is used to transmit data over a cable TV network.
The dissect_bpkmrsp() function of the file
plugins/docsis/packet-bpkmrsp.c displays the BPKM response.
However, this function uses the format "%s" (string) instead of
"%u" (integer). The display of the BPKM response thus stops
Wireshark.
An attacker can therefore send a DOCSIS packet to a network
captured by Wireshark, or invite the victim to open a capture
containing a DOCSIS packet, in order to stop Wireshark.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-DOCSIS-9630