search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Wireshark DECT dissector vulnerability

Vulnerability Note VU#243670

Original Release Date: 2011-04-18 | Last Revised: 2012-01-25

Overview

Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.

Description

Paul Makowski's report states:

/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark's default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data.

Impact

An attacker may cause any active capture or .pcap dissection to crash Wireshark/tshark. Remote code execution is also possible.

Solution

Apply an Update

Upgrade to Wireshark 1.4.5. Several other security related fixes are also included in this version.

Vendor Information

243670
 
Expand all

Wireshark Affected

Updated:  April 18, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 0.09
Date Public: 2011-04-17
Date First Published: 2011-04-18
Date Last Updated: 2012-01-25 03:28 UTC
Document Revision: 6

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis