Vigil@nce: Wireshark, several vulnerabilities
September 2008 by Vigil@nce
Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Consequences: user access/rights, denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/09/2008
Unix - plateform
The Wireshark/Ethereal program captures packets, in order to help administrator solving network problems. Protocols are decoded by dissectors. They have several vulnerabilities.
An attacker can send NCP data in order to generate several buffer overflows and an infinite loop. [grav:2/4]
A packet containing data compressed by zlib can stop Wireshark. [grav:1/4]
When a malformed Tektronix .rf5 file is opened, Wireshark stops. [grav:1/4]