SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME

Network Security Consulting Advisories Article

Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/48066

Security Info

Bugtraq ID:	48066
Class:	Design Error
CVE:	CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175
Remote:	Yes
Local:	No
Published:	Jun 01 2011 12:00AM
Updated:	Apr 23 2012 06:20PM
Credit:	David Maciejak, Huzaifa Sidhpurwala and the vendor
Vulnerable:	Wireshark Wireshark 1.4.5 Wireshark Wireshark 1.4.3 Wireshark Wireshark 1.4.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.2.16 Wireshark Wireshark 1.2.12 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.9 Wireshark Wireshark 1.2.8 Wireshark Wireshark 1.2.7 Wireshark Wireshark 1.2.6 Wireshark Wireshark 1.2.5 Wireshark Wireshark 1.2.4 Wireshark Wireshark 1.2.3 Wireshark Wireshark 1.2.2 Wireshark Wireshark 1.2.1 Wireshark Wireshark 1.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.4.0 Wireshark Wireshark 1.2.14 Wireshark Wireshark 1.2.13 Wireshark Wireshark 1.2.12 Wireshark Wireshark 1.2.11 Red Hat Fedora 15 Red Hat Fedora 14 Red Hat Fedora 13 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64

Not Vulnerable:	Wireshark Wireshark 1.4.7 Wireshark Wireshark 1.2.17

Security Discussion

Wireshark is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the application, resulting in a denial-of-service condition.

Proof of Concept and Security Exploits

Attackers can use readily available tools to exploit these issues.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

MandrakeSoft Enterprise Server 5 x86_64

Mandriva dumpcap-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

Mandriva dumpcap-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva dumpcap-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.1

Mandriva dumpcap-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0

Mandriva dumpcap-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark-devel-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libwireshark0-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0 x86_64

Mandriva dumpcap-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark-devel-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64wireshark0-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva rawshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva tshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva wireshark-tools-1.2.17-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Security References(s)

References:

Multiple vulnerabilities in Wireshark version 1.4.0 to 1.4.6 (Wireshark)
Wireshark 1.4.7 and 1.2.17 Released (Wireshark)
Wireshark Homepage (Wireshark)
X.509if vulnerability in Wireshark version 1.2.0 to 1.2.15 (Wireshark)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services