Wireshark Lucent/Ascend File Parser Denial of Service Vulnerability

http://www.securityfocus.com/bid/48506

Security Info

Bugtraq ID:	48506
Class:	Unknown
CVE:	CVE-2011-2597
Remote:	Yes
Local:	No
Published:	Jun 30 2011 12:00AM
Updated:	Apr 23 2012 06:20PM
Credit:	The vendor reported this issue.
Vulnerable:	Wireshark Wireshark 1.6 Wireshark Wireshark 1.4.7 Wireshark Wireshark 1.4.6 Wireshark Wireshark 1.4.5 Wireshark Wireshark 1.4.4 Wireshark Wireshark 1.4.3 Wireshark Wireshark 1.4.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.2.17 Wireshark Wireshark 1.2.16 Wireshark Wireshark 1.2.12 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.10 Wireshark Wireshark 1.2.9 Wireshark Wireshark 1.2.8 Wireshark Wireshark 1.2.7 Wireshark Wireshark 1.2.6 Wireshark Wireshark 1.2.5 Wireshark Wireshark 1.2.4 Wireshark Wireshark 1.2.3 Wireshark Wireshark 1.2.2 Wireshark Wireshark 1.2.1 Wireshark Wireshark 1.2 Wireshark Wireshark 1.4.1 Wireshark Wireshark 1.4.0 Wireshark Wireshark 1.2.15 Wireshark Wireshark 1.2.14 Wireshark Wireshark 1.2.13 Wireshark Wireshark 1.2.11 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Server 11 SP1 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Server 10 SP4 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE SUSE Linux Enterprise Desktop 11 SP1 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Desktop 10 SP4 + Linux kernel 2.6.5 SuSE openSUSE 11.4 SuSE openSUSE 11.3 Red Hat Fedora 15 Red Hat Fedora 14 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Pardus Linux 2009 0 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5

Not Vulnerable:	Wireshark Wireshark 1.6.1 Wireshark Wireshark 1.4.8 Wireshark Wireshark 1.2.18

Security Discussion

Wireshark is prone to a denial-of-service vulnerability because it fails to properly handle specially crafted packets.

An attacker can exploit this issue to trigger an infinite loop, which causes the affected application to crash, denying service to legitimate users.

The following versions are vulnerable:

Wireshark versions 1.2.0 through 1.2.17
Wireshark versions 1.4.0 through 1.4.7
Wireshark version 1.6.0

Proof of Concept and Security Exploits

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

MandrakeSoft Enterprise Server 5 x86_64

Mandriva dumpcap-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark-devel-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark0-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.2.18-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5

Mandriva dumpcap-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark-devel-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark0-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.2.18-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva dumpcap-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark-devel-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark0-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.2.18-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2010.1

Mandriva dumpcap-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark-devel-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark0-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.2.18-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Security References(s)

References:

Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17 (Wireshark )
Wireshark 1.6.1 and 1.4.8 Released (Wireshark)
Wireshark Homepage (Wireshark)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services