HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-98
Multiple Vulnerabilities in Wireshark 0.9.5 to 1.0.0

Original Issue Date: July 04, 2008

Severity Rating: Medium

System Affected

  • Wireshark versions 0.9.5 to 1.0.0

Overview

Wireshark is a Open Source network packet analyzer software. It captures the network packets and then displays them in details for analysis. Wireshark is using various protocol dissectors to parse the different protocol headers.

Multiple vulnerabilities exist in the protocol dissectors offered in Wireshark versions 0.9.5 to 1.0.0, which could be exploited by attackers to disclose system information or cause Denial of Service attacks on the systems running the vulnerable version of the application.

Description

1. GSM SMS dissector Denial of Service vulnerability
    (CVE-2008-3137)

This vulnerability is caused due to an error in GSM SMS dissector of Wireshark versions 0.99.2 to 1.0.0, which could be exploited to application crash.

2. PANA and KISMET dissectors Denial of Service vulnerability
    (CVE-2008-3138)

The vulnerability in PANA (Protocol for carrying Authentication for Network Access) and KISMET (A sniffer for Wireless LAN) protocol dissectors of Wireshark versions 0.99.3 to 1.0.0 could be exploited to force the application to quit unexpectedly.

3. RTMPT dissector Denial of Service vulnerability
    (CWE-416 , CVE-2008-3139)

This vulnerability is caused due to a use-after-free error in the RTMPT (Real Time Messaging Protocol) dissector offered in Wireshark versions 0.99.8 to 1.0.0 which could be exploited to crash the application.

4. RMI dissector Disclosure of system information     vulnerability (CVE-2008-3141)

An unspecified error exists in the RMI (Java Remote Method Invocation) dissectors of the Wireshark versions 0.9.5 to 1.0.0. This vulnerability could be exploited to by attackers to disclose system memory.

5. Syslog dissector Denial of Service vulnerability
    (CVE-2008-3140)

This vulnerability is caused due to an error in the Syslog dissector available in Wireshark 1.0.0, which could be exploited to crash the application. This vulnerability could be exploited by injecting a maliciouly crafted incomplete SS7 MSU Syslog packet encapsulated packet on the wire or in the trace file and persuading the user to read the same.

All these vulnerabilities can be exploited by injecting a maliciouly crafted packet onto the wire or in the trace file and then convincing the user to read the same.

Workaround

Follow the steps given below to disable the GSM SMS, PANA, KISMET, RTMPT, and RMI dissectors:

  • Go to Menu and select Analyze --> Enabled Protocols
  • Uncheck the status of "GSM SMS," "PANA," "Kismet,"
    "RTMPT," and "RMI" protocols.
  • Save the settings.

Solution

Upgrade to Wireshark 1.0.1
http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org

References

Wireshark
http://www.wireshark.org/security/wnpa-sec-2008-03.html

Secunia
http://secunia.com/advisories/30886/

SecurityTracker
http://securitytracker.com/alerts/2008/Jul/1020404.html

rPath
https://issues.rpath.com/browse/RPL-2638

 CVE Name
CVE-2008-3137
CVE-2008-3138
CVE-2008-3139
CVE-2008-3140
CVE-2008-3141

CWE-Name
CWE-416

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003