CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2009-64
Wireshark Denial of Service Vulnerability

Original Issue Date:May 28, 2009

Severity Rating: Medium

Affected Softwares

Wireshark versions 0.8.20 to 1.0.7

Overview

A vulnerability has been reported in Wireshark versions 0.8.20 to 1.0.7 0.99.6 which could be exploited by the remote attackers to cause Denial of Service condition on the systems having the affected version of application.

Description

This vulnerability is caused due to an error in the PCNFSD dissector, which can be exploited by the attacker to crash (Denial of Service) the application. This vulnerability can be exploited by remote attackers by tricking a user into reading a maliciously crafted PCNFSD packet.

Solution

Upgrade to Wireshark 1.0.8.
http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org/security/wnpa-sec-2009-03.html

References

SecurityFocus
http://www.securityfocus.com/bid/35081

Secunia
http://secunia.com/advisories/35201/

VUPEN Security
http://www.vupen.com/english/advisories/2009/1408

SecurityTracker
http://securitytracker.com/alerts/2009/May/1022274.html

CWE Name
CWE-399

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2009-64 Wireshark Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2009-64
Wireshark Denial of Service Vulnerability