Wireshark DOS: Update Now!

DntGtPwndwrshkLooks like the Security Focus Team found something interesting again today. I am a huge fan of Wireshark. As a matter of fact, I will be doing a software review of it when my time and schedule permit. For now, just a little public service renouncement.

From what I can gather, it looks as if these older versions of Wireshark fail to handle an exception with a specific kind of packet. This poorly handled exception causes Wireshark to crash, thus the DOS attack. It appears that this attack only effects Wireshark itself, so this info is really only out there for the security/network/forensic minded. I imagine an attacker can inject these packet exception into a victim network causing an outdated/vulnerable Wireshark sniffer to crash, allowing the attacker to proceed without a packet sniffer operating. Could spell trouble for enterprises that use IDSes or IPSes that packet sniff with an older version of Wireshark (most do!). Snort, PFSense, M0n0wall and other networking systems incorporate Wireshark in their builds or have available plugins. Make sure yours aren’t running ones of these affected versions.

If you don’t know what Wireshark is or what it does, you have no need to worry. Keep Calm and Carry On.

Here is a little bit from the article:

Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to cause the application to crash, resulting in denial-of-service conditions.

The following products are affected:

Wireshark 1.6.0 through versions 1.6.12
Wireshark 1.8.0 through versions 1.8.4

Get all of the info Here.

Leave a comment

Your email address will not be published. Required fields are marked *