SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME

Network Security Consulting Advisories Article

Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities

http://www.securityfocus.com/bid/47392

Security Info

Bugtraq ID:	47392
Class:	Design Error
CVE:	CVE-2011-1590 CVE-2011-1591 CVE-2011-1592
Remote:	Yes
Local:	No
Published:	Apr 15 2011 12:00AM
Updated:	Apr 23 2012 06:20PM
Credit:	Paul Makowski from SEI/CERT and the vendor
Vulnerable:	Wireshark Wireshark 1.4.3 Wireshark Wireshark 1.4.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.2.12 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.9 Wireshark Wireshark 1.2.8 Wireshark Wireshark 1.2.7 Wireshark Wireshark 1.2.6 Wireshark Wireshark 1.2.5 Wireshark Wireshark 1.2.4 Wireshark Wireshark 1.2.3 Wireshark Wireshark 1.2.2 Wireshark Wireshark 1.2.1 Wireshark Wireshark 1.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.4.0 Wireshark Wireshark 1.2.14 Wireshark Wireshark 1.2.13 Wireshark Wireshark 1.2.12 Wireshark Wireshark 1.2.11 Sun Solaris 11 Express Sun Solaris 11 Express RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Fedora 15 Red Hat Fedora 14 Red Hat Fedora 13 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux 5 Server Pardus Linux 2011 0 Pardus Linux 2009 0 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0

Not Vulnerable:	Wireshark Wireshark 1.4.5 Wireshark Wireshark 1.2.16

Security Discussion

Wireshark is prone to a buffer-overflow vulnerability and multiple denial-of-service vulnerabilities.

Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.

Proof of Concept and Security Exploits

The following proof-of-concept and exploits are available:

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva dumpcap-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.0

Mandriva dumpcap-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5 x86_64

Mandriva dumpcap-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

Mandriva dumpcap-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.0 x86_64

Mandriva dumpcap-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.1

Mandriva dumpcap-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0

Mandriva dumpcap-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0 x86_64

Mandriva dumpcap-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.16-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Security References(s)

References:

CVE-2011-1590 Denial of Service vulnerability in Wireshark (Oracle)
DECT, NFS, and X.509if vulnerabilities in Wireshark® version 1.4.0 (Wireshark)
Wireshark 1.4.5 and 1.2.16 Released (Wireshark)
Wireshark Homepage (Wireshark)
X.509if vulnerability in Wireshark version 1.2.0 to 1.2.15 (Wireshark)
Vulnerability Note VU#243670 Wireshark DECT dissector vulnerability (US-CERT)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services