wnpa-sec-2006-03 · Multiple problems in Wireshark (formerly Ethereal)
Summary
Name: Multiple problems in Wireshark (formerly Ethereal)
Docid: wnpa-sec-2006-03
Date: October 31, 2006
Affected versions: 0.9.8 up to and including 0.99.3
Fixed versions: 0.99.4
Details
Description
Wireshark 0.99.4 fixes the following vulnerabilities:
-
The HTTP dissector could crash.
(Bugs
and )
Versions affected: 0.99.3.
- The LDAP dissector (and possibly others) could crash. (Bug
)
Versions affected: 0.99.3.
- The XOT dissector could attempt to allocate a large amount of memory and crash. (Bug
)
Versions affected: 0.9.8 to 0.99.3.
- The WBXML dissector could crash. (Bug
)
Versions affected: 0.10.11 to 0.99.3.
- The MIME Multipart dissector was susceptible to an off-by-one error. (Bug
)
Versions affected: 0.10.1 to 0.99.3.
- If AirPcap support was enabled, parsing a WEP key could sometimes cause a crash.
Versions affected: 0.99.3. - The LDAP dissector (and possibly others) could crash. (Bug
Impact
It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 0.99.4.
If are running Wireshark 0.99.3 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following:
- Disable the HTTP, LDAP, XOT, WBXML, and MIME multipart dissectors.
- Select Analyze→Enabled Protocols... from the menu.
- Make sure "HTTP", "LDAP", "XOT", "WBXML", and "MIME multipart" are un-checked.
- Click "Save", then click "OK".