HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2009-08
Multiple Denial of Service Vulnerabilities in Wireshark Network Protocol Analyzer

Original issue date: February 19, 2009

Severity Rating: Low

Systems Affected

  • Wireshark versions 0.99.6 to 1.0.5

Overview

Multiple vulnerabilities have been reported in Wireshark versions 0.99.6 to 1.0.5, which could be exploited by the remote attackers to cause Denial of Service condition on the systems having the affected version of application.

Description

1. Wiretap Buffer overflow Vulnerability
    (CVE-2009-0599 , CWE-119)

A buffer overflow vulnerability exists in wiretap/netscreen.c file of Wireshark version 0.99.7 to 1.0.5 which could allow remote attackers to cause a denial of service via a maliciously crafted NetScreen snoop file. This vulnerability can be exploited by remote attackers by tricking a user into reading a maliciously crafted NetScreen snoop file.

2. Tektronix K12 capture file Denial of Service Vulnerability
    (CVE-2009-0600 , CWE-20)

This issue is caused due to input validation error while processing a Tektronix K12 text capture file in Wireshark 0.99.6 through 1.0.5, which can be exploited by remote attackers to cause a denial of service condition on the systems having the affected version of the application. This vulnerability can be exploited by remote attackers by tricking a user into reading a maliciously crafted Tektronix K12 text capture file.

3. HOME environment variable formatting characters Denial of     Service Vulnerability (CVE-2009-0601 , CWE-134)

This vulnerability is caused due to an error while processing the HOME environment variable containing sprintf-style format string specifiers in Wireshark versions 0.99.8 to 1.0.5, which could be exploited by the local users to crash (Denial of Service) the application.

Windows version of the Wireshark is not affected by this issue.

Workarounds

  • Make sure that the HOME environment variable does not contain any "%" characters.
  • Do not open any Tektronix K12 text or NetScreen capture files.

Solution

Upgrade to Wireshark 1.0.6 or later
http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org/security/wnpa-sec-2009-01.html


References

 Wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3151
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937

SecurityFocus
http://www.securityfocus.com/bid/33690

Secunia
http://secunia.com/advisories/33872

VUPEN Security
http://www.vupen.com/english/advisories/2009/0370

CVE Name
CVE-2009-0599
CVE-2009-0600
CVE-2009-0601

CWE Name
CWE-119
CWE-20
CWE-134

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003