Vulnerability Note VU#243670

Wireshark DECT dissector vulnerability

Original Release date: 18 Apr 2011 | Last revised: 24 Jan 2012

Overview

Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.

Description

Paul Makowski's report states:

/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark's default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data.

Impact

An attacker may cause any active capture or .pcap dissection to crash Wireshark/tshark. Remote code execution is also possible.

Solution

Apply an Update

Upgrade to Wireshark 1.4.5. Several other security related fixes are also included in this version.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
WiresharkAffected-18 Apr 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 17 Apr 2011
  • Date First Published: 18 Apr 2011
  • Date Last Updated: 24 Jan 2012
  • Severity Metric: 0.09
  • Document Revision: 6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.