Tuesday, March 31, 2009

Wireshark PROFINET DCP Format String Vulnerability


: A vulnerability has been discovered in Wireshark, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the PN-DCP dissector when processing station names containing format string specifiers. This can be exploited to cause a crash and potentially execute arbitrary code via specially crafted packets captured off the wire or loaded via a capture file. The vulnerability is confirmed in version 1.0.6. Other versions may also be affected.

: Disable support for the "PN-DCP" protocol.

Provided and/or discovered by
: THCX Labs

Original Advisory
: http://milw0rm.com/exploits/8308


The PN-DCP protocol can be disabled in Wireshark by hitting "Shift-Ctrl-R" and then unchecking "PN-DCP".

No comments:

Post a Comment