HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-26
Wireshark (Ethereal) Protocol Dissectors Code
Execution and Denial of Service Vulnerabilities

Original issue date: August 22, 2006

Severity Rating: High

Systems Affected

Wireshark (Ethereal) versions prior to 0.99.2

Overview

Multiple vulnerabilities have been reported in Wireshark (Ethereal) while reading malformed packet off the network which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service on the affected system.

Description

Wireshark (Ethereal) is a program for monitoring network traffic. Each protocol supported by it is handled through a bit of code known as a dissector.

1) Unspecified vulnerability in the GSM BSSMAP dissector. ( CVE-2006-3627 )

An unspecified vulnerability has been reported in the GSM BSSMAP dissector in Wireshark (Ethereal) that allows remote attackers to cause a denial of service or crash the affected system through unspecified vectors.

2) Multiple format string vulnerability in Wireshark protocol dissectors ( CVE-2006-3628 )

Multiple format string vulnerabilities have been reported in Wireshark that allows remote attackers to cause a denial of service and execute arbitrary code via the ANSI MAP, Checkpoint FW-1, MQ, XML, and NTP dissectors.

3) Unspecified vulnerability in the MOUNT dissector ( CVE-2006-3629 )

An unspecified vulnerability has been reported in the MOUNT dissector in Wireshark that allows remote attackers to cause a denial of service with memory consumption via unspecified vectors.

4) Off-by-one error remote code execution vulnerability ( CVE-2006-3630 )

A vulnerability has been reported in Wireshark due to off-by-one error in NCP NMAS and NDPS dissectors which could allow remote attackers to execute arbitrary code cause denial of service attack.

5) Wireshark (Ethereal) infinite loop error Remote code execute vulnerability ( CVE-2006-3631 )

A vulnerability has been reported in Wireshark due to infinite loop error in SSH dissectors which could allow remote attackers to execute arbitrary code cause denial of service attack.

6) Wireshark (Ethereal) buffer overflow remote code execute vulnerability ( CVE-2006-3632 )

A buffer overflow vulnerability has been reported in Wireshark (Ethereal) in NFS dissector that could allow remote attackers to cause a denial of service attack or execute arbitrary commands.

Solution

Upgrade to the latest version as suggested by the vendor :
http://www.wireshark.org/download/

References

WireShark
http://www.wireshark.org/security/wnpa-sec-2006-01.html
http://www.wireshark.org/faq.html#q1.2

RedHat
http://www.redhat.com/security/updates/classification/
#moderate
http://rhn.redhat.com/errata/RHSA-2006-0602.html

FrSirt
http://www.frsirt.com/english/advisories/2006/2850

SecurityFocus http://www.securityfocus.com/archive/1/archive/1/440576
/100/0/threaded

CVE-Name

CVE-2006-3627
CVE-2006-3628
CVE-2006-3629
CVE-2006-3630
CVE-2006-3631
CVE-2006-3632

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003