Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Wireshark (ex Ethereal) multiple vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark (ex Ethereal) multiple vulnerabilities
Multiple vulnerabilities have been reported in Wireshark dissectors (dissectors are Wireshark modules which analyze particular protocols ? hundreds of protocols are supported), as usually. Reported vulnerabilities can cause a denial of service (resulting in Wireshark crashing), but also remote execution.

The SCSI, DHCP and SSCOP dissectors are affected. Besides these dissectors, the IPsec ESP preference parser is also affected, when Wireshark is compiled with ESP decryption support (this is probably the case in most installations).

The new version (0.99.3), available at http://www.wireshark.org/download.html, fixes all these vulnerabilities.

If, for some reason, you can't upgrade, some workarounds are available at http://www.wireshark.org/security/wnpa-sec-2006-02.html (the original advisory). Basically, what you can do is turn off dissectors for affected protocols and disable ESP decryption.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh April 2019

Bojan

376 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!