Is affected the system:
Wireshark Wireshark 0.9.5 - 1.0.0
Not affected system:
Wireshark Wireshark 1.0.1
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30020
Before Wireshark, named Ethereal, is a section of very popular network protocol analysis tool.
Before Wireshark 1.0.1, when edition analysis evil intention network message has many security cracks, possibly allows the aggressor to read the sensitive information or to cause to refuse to serve.
1) GSM in the SMS agreement analysis module's crack possibly causes to collapse.
2) PANA and in the KISMET agreement analysis module's crack possibly causes Wireshark to withdraw.
3) After RTMPT agreement analysis module release, uses the crack possibly to cause to collapse.
4) In the RMI agreement analysis module's crack possibly causes to reveal the system memory.
5) in the syslog agreement analysis module's crack possibly allows through incomplete SS7 MSU the syslog seal text to cause the collapse.
<* origin: Luke Kenneth Casson Leighton (lkcl@lkcl.net)
Gerald Combs (gerald@wireshark.org)
Link: http://secunia.com/advisories/30886/
http://www.wireshark.org/security/wnpa-sec-2008-03.html
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
http://www.wireshark.org/download/automated/captures/fuzz-2008-04-14-19457.pcap
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1918
Suggested:
--------------------------------------------------------------------------------
Temporary solution:
* is forbid GSM SMS, PANA, KISMET, RTMPT and the RMI agreement analysis module:
From menu selection Analyze→Enabled Protocols
The elimination chooses GSM SMS, PANA, Kismet, RTMPT and RMI
Clicks on Save, then clicks on OK
Manufacturer patch:
Wireshark
---------
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://www.wireshark.org/download/src/wireshark-1.0.1.tar.gz
|