CERT-In Advisory CIAD-2008-53
Multiple Denial of Service Vulnerabilities in Wireshark

Original issue date: October 24, 2008

Severity Rating: Medium

Systems Affected

• Wireshark versions 0.10.3 to 1.0.3

Overview

Multiple Denial of Service vulnerabilities have been reported in Wireshark 0.10.3 to 1.0.3 which could be exploited to cause Denial of Service conditions in the affected system.

Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development and education.

1. USB dissector Denial of Service Vulnerability
    (CVE-2008-4680)

This vulnerability is caused due to an error in packet-usb.c file of USB dissector present in Wireshark versions 0.99.7 through 1.0.3. This vulnerability could be exploited by injecting a maliciouly crafted USB Request Block (URB) on the wire or in the trace file and then persuading the user to read the same. The vulnerable application could crash while processing the maliciouly crafted sequence of frames.

2. Bluetooth RFCOMM dissector Denial of Service Vulnerability     (CVE-2008-4681)

This vulnerability is caused due to an error in Bluetooth RFCOMM dissector present in Wireshark versions 0.99.7 through 1.0.3. This vulnerability could be exploited by injecting a maliciouly crafted packets on the wire or in the trace file and then persuading the user to read the same. The vulnerable application could crash while reading the maliciouly crafted packets.

3. Tamos CommView capture file Denial of Service     Vulnerability (CVE-2008-4682)

This vulnerability is caused due to an error in wtap.c file present in Wireshark versions 0.99.7 through 1.0.3. This vulnerability could be exploited by injecting a maliciouly crafted Tamos CommView capture file (.ncf file) with an "unknown/unexpected packet type” and then persuading the user to read the malformed file. The vulnerable application could crash due to an assertion failure while reading the maliciouly crafted file.

4. Bluetooth ACL dissector Denial of Service Vulnerability
    (CVE-2008-4683)

This vulnerability is caused due to an error in dissect_btacl function () method of packet-bthci_acl.c file of Bluetooth ACL dissector. This vulnerability could be exploited by injecting a maliciously crafted packet of invalid length, related to an erroneous tvb_memcpy call on the wire or in the trace file and then persuading the user to read the same. The vulnerable application could crash while processing the maliciously crafted sequence of frames.

Wireshark versions 0.99.2 through 1.0.3 are affected by this vulnerability.

5. PRP and MATE dissectors improper exception handling     Vulnerability (CVE-2008-4684)

This vulnerability is caused due to improper handling of the exceptions thrown by post dissectors in Wireshark versions 0.99.2 through 1.0.3. This vulnerability could be exploited by injecting a maliciouly crafted sequence of frames on the wire or in the trace file and then persuading the user to read the same. The vulnerable application could crash while processing the maliciouly crafted sequence of frames.

6. Q.931 dissector Denial of Service Vulnerability
    (CVE-2008-4685)

Solution

Upgrade to Wireshark 1.0.4 or later.

http://www.wireshark.org/download.html

Vendor Information

Wireshark
http://www.wireshark.org/security/wnpa-sec-2008-06.html


References

SecurityFocus
http://www.securityfocus.com/bid/31838

Secunia
http://secunia.com/advisories/32355/

SecurityTracker
http://securitytracker.com/alerts/2008/Oct/1021069.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003