Executive Summary
Summary | |
---|---|
Title | Wireshark DECT dissector vulnerability |
Informations | |||
---|---|---|---|
Name | VU#243670 | First vendor Publication | 2011-04-18 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#243670Wireshark DECT dissector vulnerabilityOverviewWireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.I. DescriptionPaul Makowski's report states:/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark's default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data.
Referenceshttp://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/243670 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15000 | |||
Oval ID: | oval:org.mitre.oval:def:15000 | ||
Title: | Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 | ||
Description: | Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1591 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
SAINT Exploits
Description | Link |
---|---|
Wireshark DECT Dissector PCAP File Processing Overflow | More info here |
Wireshark DECT Dissector Remote Stack Buffer Overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-25 | Name : Wireshark DECT Buffer Overflow Vulnerability (Mac OS X) File : nvt/secpod_wireshark_dect_bof_vuln_macosx.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-02 (wireshark) File : nvt/glsa_201110_02.nasl |
2011-05-17 | Name : Mandriva Update for wireshark MDVSA-2011:083 (wireshark) File : nvt/gb_mandriva_MDVSA_2011_083.nasl |
2011-05-16 | Name : Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows) File : nvt/gb_wireshark_mult_vuln_win_may11.nasl |
2011-05-05 | Name : Fedora Update for wireshark FEDORA-2011-5529 File : nvt/gb_fedora_2011_5529_wireshark_fc13.nasl |
2011-05-05 | Name : Fedora Update for wireshark FEDORA-2011-5569 File : nvt/gb_fedora_2011_5569_wireshark_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71848 | Wireshark epan/dissectors/packet-dect.c DECT Dissector Overflow Wireshark is prone to an overflow condition. The DECT dissector in epan/dissectors/packet-dect.c fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Wireshark DECT packet dissector overflow attempt RuleID : 36855 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Wireshark DECT packet dissector overflow attempt RuleID : 20431 - Revision : 8 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_wireshark-110511.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_wireshark-110511.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7500.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-02.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_wireshark-110503.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_wireshark-7501.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-083.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5529.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5569.nasl - Type : ACT_GATHER_INFO |
2011-04-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-5621.nasl - Type : ACT_GATHER_INFO |
2011-04-18 | Name : The remote Windows host contains an application that is affected by multiple ... File : wireshark_1_4_5.nasl - Type : ACT_GATHER_INFO |