Vigil@nce: Wireshark, several vulnerabilities
September 2008 by Vigil@nce
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service or to execute code.
– Gravity: 2/4
– Consequences: user access/rights, denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 04/09/2008
– Identifier: VIGILANCE-VUL-8089
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION
The Wireshark/Ethereal program captures packets, in order to help
administrator solving network problems. Protocols are decoded by
dissectors. They have several vulnerabilities.
An attacker can send NCP data in order to generate several buffer
overflows and an infinite loop. [grav:2/4]
A packet containing data compressed by zlib can stop Wireshark.
[grav:1/4]
When a malformed Tektronix .rf5 file is opened, Wireshark stops.
[grav:1/4]
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8089
– Url: https://vigilance.aql.fr/tree/1/8089