Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
- An unspecified error within the SCSI protocol dissector can be exploited to crash the application.
- Off-by-one errors exist in the IPSec ESP preference parser. Successful exploitation requires that Wireshark has been compiled with ESP decryption support.
- Errors in the DHCP dissector and potentially other protocol dissectors can be exploited to crash Wireshark due to a bug in Glib. This only affects the Windows version.
- An error within the Q.2391 dissector can be exploited to cause a DoS due to memory consumption. Successful exploitation of the vulnerabilities may cause Wireshark to stop responding, consume large amounts of system memory, crash, or execute arbitrary code.
Full Secunia Advisory & Original Wireshark Advisory
This "Tools of the Trade" is very small due to my current location, but just wanted to share this one to everyone.
No comments:
Post a Comment