search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Wireshark 6LoWPAN denial of service vulnerability

Vulnerability Note VU#215900

Original Release Date: 2011-03-02 | Last Revised: 2011-03-29

Overview

Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet.

Description

Paul Makowski's report states:

dissect_6lowpan_iphc() in /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset'. It is possible for the user to increment 'offset' to a value greater than tvb->length and/or tvb->reported_length, forcing the dissector to attempt dissection out of bounds. If 'offset' is greater than tvb->length or tvb->reported_length, then tvb_length_remaining() or tvb_reported_length_remaining() will return -1 respectively. If tvb_length_remaining() returns -1, then a buffer is allocated 1 byte too short, leading to a partial overwrite of the heap canary.

Impact

An attacker may trigger a denial of service, causing any active capture or .pcap dissection to crash Wireshark/tshark.

Solution

Apply an Update
Upgrade to Wireshark 1.4.4. Several other security related fixes are also included in this version.

Vendor Information

215900
 
Affected   Unknown   Unaffected

Debian GNU/Linux

Updated:  March 29, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc.

Updated:  March 29, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Wireshark

Notified:  February 04, 2011 Updated:  March 02, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 1.47
Date Public: 2011-03-02
Date First Published: 2011-03-02
Date Last Updated: 2011-03-29 12:58 UTC
Document Revision: 16

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.