Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
Network Security Consulting Advisories Article

Wireshark ERF File Parser Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/50486

Security Info

Bugtraq ID: 50486
Class: Boundary Condition Error
CVE: CVE-2011-4102
Remote: Yes
Local: No
Published: Nov 01 2011 12:00AM
Updated: Apr 23 2012 06:20PM
Credit: Huzaifa Sidhpurwala of Red Hat Security Response Team
Vulnerable: Wireshark Wireshark 1.6.2
Wireshark Wireshark 1.6.1
Wireshark Wireshark 1.6
Wireshark Wireshark 1.4.9
Wireshark Wireshark 1.4.8
Wireshark Wireshark 1.4.7
Wireshark Wireshark 1.4.6
Wireshark Wireshark 1.4.5
Wireshark Wireshark 1.4.4
Wireshark Wireshark 1.4.3
Wireshark Wireshark 1.4.2
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.4.0
Red Hat Fedora 16
Red Hat Fedora 15
Red Hat Fedora 14
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Wireshark Wireshark 1.6.3

Security Discussion

Wireshark is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Exploiting this issue may allow attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in a denial-of-service condition.

Wireshark versions 1.4.0 through 1.4.9 and versions 1.6.0 through 1.6.2 are affected.

Proof of Concept and Security Exploits

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.


Mandriva Linux Mandrake 2011 x86_64

Mandriva Linux Mandrake 2011

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated November 01, 2014
©2000-2014 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services