Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Wireshark (ex Ethereal) multiple vulnerabilities SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark (ex Ethereal) multiple vulnerabilities
Multiple vulnerabilities have been reported in Wireshark dissectors (dissectors are Wireshark modules which analyze particular protocols ? hundreds of protocols are supported), as usually. Reported vulnerabilities can cause a denial of service (resulting in Wireshark crashing), but also remote execution.

The SCSI, DHCP and SSCOP dissectors are affected. Besides these dissectors, the IPsec ESP preference parser is also affected, when Wireshark is compiled with ESP decryption support (this is probably the case in most installations).

The new version (0.99.3), available at http://www.wireshark.org/download.html, fixes all these vulnerabilities.

If, for some reason, you can't upgrade, some workarounds are available at http://www.wireshark.org/security/wnpa-sec-2006-02.html (the original advisory). Basically, what you can do is turn off dissectors for affected protocols and disable ESP decryption.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich February 2022

Bojan

400 Posts
ISC Handler
Aug 24th 2006

Sign Up for Free or Log In to start participating in the conversation!