Tuesday, March 31, 2009

Wireshark PROFINET DCP Format String Vulnerability

http://secunia.com/advisories/34542/

Description
: A vulnerability has been discovered in Wireshark, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the PN-DCP dissector when processing station names containing format string specifiers. This can be exploited to cause a crash and potentially execute arbitrary code via specially crafted packets captured off the wire or loaded via a capture file. The vulnerability is confirmed in version 1.0.6. Other versions may also be affected.

Solution
: Disable support for the "PN-DCP" protocol.

Provided and/or discovered by
: THCX Labs

Original Advisory
: http://milw0rm.com/exploits/8308

----------------------------------------------------

The PN-DCP protocol can be disabled in Wireshark by hitting "Shift-Ctrl-R" and then unchecking "PN-DCP".

No comments:

Post a Comment