CERT-In Advisory CIAD-2008-19
Multiple Vulnerabilities in Wireshark

Original issue date: April 04, 2008

Severity Rating: High

Systems Affected

•  Wire shark versions 0.99.2 to 0.99.8.

Overview

Multiple vulnerabilities have been reported in Wireshark which could be exploited by remote attacker to cause denial of service attack on the affected system.

Description

Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development and education.

1. Multiple X.509sat and Roofnet dissectors Vulnerabilities (CVE-2008-1561)

Multiple vulnerabilities have been reported in Wire shark due to errors in “X.509sat” or “Roofnet” dissectors when processing malformed packets or data read from trace files. This could be exploited by a remote attacker to cause a denial of service and crash an affected application.

2. Denial of service attack via LDAP dissector (CVE-2008-1562)

A vulnerability has been reported in Wireshark which could be exploited by remote attacker to cause a denial of service via a malformed packet to the LDAP dissector.

3. Exhaust Memory Resources via SCCP dissector
(CVE-2008-1563)

Workarounds

Disable the LDAP, Roofnet, and X.509sat dissectors:

• Select Analyze→Enabled Protocols... from the menu.
• Make sure "LDAP," "Roofnet," and "X509SAT" are un-checked.
• Click "Save", then click "OK".

Solution

Upgrade to Wireshark 1.0.0
http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org

References

Wireshark
http://www.wireshark.org/security/wnpa-sec-2008-02.html

Secunia
http://secunia.com/advisories/29569

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003