HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-13
Wireshark (Ethereal) Multiple Protocol Vulnerabilities

Original issue date: March 4, 2008

Severity Rating: Medium

Systems Affected

•  Wireshark (Ethereal) versions 0.6.0 to 0.99.7

Overview

Multiple vulnerabilities have been reported in Wireshark (Ethereal) while handling specially crafted malformed packet off the network which could be exploited by remote attackers to cause denial of service attack on the vulnerable system.

Description

 Wireshark (Ethereal) is a program for monitoring network traffic. Each protocol supported by it is handled through a bit of code known as a dissector.

1.SCTP dissector denial of service vulnerability
(CVE-2008-1070)

A vulnerability has been reported in Wireshark (Ethereal) due to an error in SCTP (Stream Control Transmission Protocol) dissector. This vulnerability could be exploited by remote attacker to cause denial of service attack by sending specially crafted malformed packets off the network.

2.SNMP dissector denial of service vulnerability
 (CVE-2008-1071)

A vulnerability has been reported in Wireshark (Ethereal) due to an error in SNMP dissector. This vulnerability could be exploited by remote attacker to cause denial of service attack by sending specially crafted malformed packets off the network.

3.TFTP dissector denial of service vulnerability
(CVE-2008-1072)

A vulnerability has been reported in Wireshark (Ethereal) due to an error in TFTP dissector while running on Ubuntu 7.10. This vulnerability could be exploited by remote attacker by sending crafted malformed packets related to cause a denial of service attack or can cause Wireshark to crash on Ubuntu.

Workarounds

  • Disable the SCTP, SNMP and TFTP dissectors
    • Select Analyze→Enabled Protocols... from the menu
    • Make sure "SCTP," "SNMP," and "TFTP" are un-checked
    • Click "Save", then click "OK"

Solution

Upgrade to Wireshark Version 0.99.8:
http://www.wireshark.org/download.html

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/0704

Wireshark
http://www.wireshark.org/security/wnpa-sec-2008-01.html

Secunia
http://secunia.com/advisories/29156/

Security-Focus
http://www.securityfocus.com/bid/28025

CVE-Name
CVE-2008-1070
CVE-2008-1071
CVE-2008-1072

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003