HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-142
Multiple Vulnerabilities in Wireshark

Original Issue Date: September 10, 2008

Severity Rating: Medium

Systems Affected

  • Wireshark versions 0.9.7 through 1.0.2

Overview

Multiple vulnerabilities have been reported in Wireshark 0.9.7 up to 1.0.2 due to improper input validation which could be exploited by a remote attacker to cause Denial of Service.

Description

 1. NCP dissector buffer overflow vulnerability
    (CVE-2008-3932)

This vulnerability is caused due to various errors within epan/dissectors/packet-ncp2222.inc in validation of NCP data. This could be exploited by a remote attacker by sending a specially crafted NCP data to trigger a buffer overflow and cause the denial of service attack or enter an infinite loop.

2. zlib-compressed packet data processing vulnerability
    (CVE-2008-3933)

This vulnerability is caused due to an error while uncompressing zlib-compressed packet data. This could be exploited by a remote attacker by sending a specially crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function to cause denial of service attack.

3. Tektronix .rf5 file processing vulenrability
    (CVE-2008-3934)

This vulnerability is caused due to an error while processing Tektronix .rf5 file. This could be exploited by a remote attacker by creating a specially crafted Tektronix .rf5 file that triggers denial of service attack at the time of loading.

Solution

Upgrade to Wireshark 1.0.3 or later.

http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org/security/wnpa-sec-2008-05.html

References

 SecurityFocus
http://www.securityfocus.com/bid/31009/

Secunia
http://secunia.com/advisories/31674/

SecurityTracker
http://www.securitytracker.com/alerts/2008/Sep/1020819.html

CVE Name
CVE-2008-3932
CVE-2008-3933
CVE-2008-3934

CWE Name
CWE-20


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003