Vulnerability Note VU#638376
Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser
OverviewWireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition.
I. DescriptionWireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.
This vulnerability may be exploited when the remote attacker sends a specially crafted, malformed packet over the wire or by convincing the user to read a malformed packet trace file.
Wireshark states that Wireshark Version 0.99.2 is affected.
Note: Ethereal has changed its name to Wireshark.
II. ImpactA remote attacker may be able to execute arbitrary code.
III. SolutionUpdate
Wireshark has released an updated product version. (Wireshark 0.99.3)
Workaround
Wireshark provides a workaround in security document wnpa-sec-2006-02.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
| Wireshark | Vulnerable | 24-Oct-2006 |
References
http://www.wireshark.org/security/wnpa-sec-2006-02.html
http://www.securityfocus.com/bid/19690
http://www.frsirt.com/english/advisories/2006/3370
http://securitytracker.com/id?1016736
http://secunia.com/advisories/21597
http://secunia.com/advisories/21649
http://secunia.com/advisories/21619
http://secunia.com/advisories/21682
http://secunia.com/advisories/21885
http://xforce.iss.net/xforce/xfdb/28553
Credit
This vulnerability was reported in Wireshark document wnpa-sec-2006-02.
This document was written by Katie Steiner.
Other Information
| Date Public: | 2006-08-24 |
| Date First Published: | 2006-10-25 |
| Date Last Updated: | 2006-10-25 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-4331 |
| NVD-ID(s): | CVE-2006-4331 |
| US-CERT Technical Alerts: | |
| Metric: | 4.92 |
| Document Revision: | 18 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|