Wireshark 'ERF' data Denial Of Service Vulnerability

http://www.securityfocus.com/bid/52737

Security Info

Bugtraq ID:	52737
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2012-1595
Remote:	Yes
Local:	No
Published:	Mar 27 2012 12:00AM
Updated:	Apr 19 2012 04:20PM
Credit:	Laurent Butti
Vulnerable:	Wireshark Wireshark 1.6.5 Wireshark Wireshark 1.6.4 Wireshark Wireshark 1.6.3 Wireshark Wireshark 1.6.2 Wireshark Wireshark 1.6.1 Wireshark Wireshark 1.6 Wireshark Wireshark 1.4.11 Wireshark Wireshark 1.4.9 Wireshark Wireshark 1.4.8 Wireshark Wireshark 1.4.7 Wireshark Wireshark 1.4.6 Wireshark Wireshark 1.4.5 Wireshark Wireshark 1.4.4 Wireshark Wireshark 1.4.3 Wireshark Wireshark 1.4.2 Wireshark Wireshark 1.4.0 Red Hat Fedora 17 Red Hat Fedora 16 Red Hat Fedora 15 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011

Not Vulnerable:	Wireshark Wireshark 1.6.6 Wireshark Wireshark 1.4.12

Security Discussion

Wireshark is prone a denial-of-service vulnerability.

Successful exploits may allow an attacker to crash the affected application, resulting in a denial-of-service condition.

The following versions are vulnerable:

Wireshark versions 1.4.0 through 1.4.11
Wireshark versions 1.6.0 through 1.6.5

Proof of Concept and Security Exploits

A sample pcap file is available. Please see the references for information.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Mandriva Linux Mandrake 2011 x86_64

Mandriva dumpcap-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark-devel-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64wireshark1-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.6.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2011

Mandriva dumpcap-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark-devel-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libwireshark1-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva rawshark-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva tshark-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva wireshark-tools-1.6.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Security References(s)

References:

Bug 6804 - Infiniband packet capture crash (Laurent Butti)
Wireshark 1.6.6 and 1.4.12 Released (Wireshark )
Wireshark Homepage (Wireshark)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services