CERT-In Advisory CIAD-2006-32
Multiple vulnerabilities in Wireshark (Ethereal®)

Original issue date: September 14, 2006

Severity Rating: High

Systems Affected

Wireshark (Ethereal®) versions 0.7.9 to 0.99.2

Overview

Multiple vulnerabilities have been reported in Wireshark (Ethereal) while reading malformed packet off the network which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service on the affected system.

Description

1 . Vulnerability in SCSI dissector in Wireshark (CVE-2006-4330)

An unspecified vulnerability has been reported in the SCSI dissector in Wireshark that allows remote attackers to cause a denial of service via unspecified vectors.

2. Multiple off-by-one errors in IPSec ESP preference parser (CVE-2006-4331)

Multiple off-by-one errors have been reported in the IPSec ESP preference parser in Wireshark if it was compiled with ESP decryption support. The vulnerability could allow remote attackers to cause a denial of service and possibly execute arbitrary code on the affected system.

3. Vulnerability in SSCOP dissector in Wireshark (CVE-2006-4333)

A vulnerability has been reported in SSCOP dissector in Wireshark that allows remote attackers to cause a denial of service attack. SSCOP payload protocol is Q.2931. An attacker could send the malformed packet to make Q.2931 dissector to use up available memory.

Solution

Upgrade to version 0.99.3 :
http://www.wireshark.org/download.html

References

Wireshark
http://www.wireshark.org/security/wnpa-sec-2006-02.html

FrSIRT
http://www.frsirt.com/english/advisories/2006/3370

CVE Name

CVE-2006-4330
CVE-2006-4331
CVE-2006-4333

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003