Multiple Denial of Service Vulnerabilities in Wireshark Network Protocol Analyzer

Original Issue Date: November 12, 2009

Severity Rating: Medium

Systems Affected
Wireshark versions 0.10.10 through 1.2.2

Overview
Multiple vulnerabilities have been reported in Wireshark network Protocol
Analyzer which could be exploited by attackers to cause a denial of service
condition on the systems installed with affected version of application.

Description
These vulnerabilities are caused due to errors in the RADIUS
(CVE-2009-2560), DCERPC/NT (CVE-2009-3550), Paltalk
(CVE-2009-3549) and SMB (CVE-2009-3551) dissectors while processing
specially crafted packets or data. This could be exploited by attackers to
crash an affected application or exhaust all available memory resources
thus creating a Denial of Service condition.

Solution
Upgrade to Wireshark version 1.2.3 or 1.0.10:
http://www.wireshark.org/download.html

Vendor Information
Wireshark
http://www.wireshark.org/security/wnpa-sec-2009-08.html
http://www.wireshark.org/security/wnpa-sec-2009-07.html

References
SecurityFocus
http://www.securityfocus.com/bid/36846
Secunia
http://secunia.com/advisories/37175
VUPEN Security
http://www.vupen.com/english/advisories/2009/3061
SecurityTracker
http://www.securitytracker.com/alerts/2009/Oct/1023111.html
CVE Name
CVE-2009-2560
CVE-2009-3549
CVE-2009-3550
CVE-2009-3551

Disclaimer
The information provided herein is on “as is” basis, without warranty of
any kind.

Share:

Like this:

Related