wnpa-sec-2008-06 · Multiple problems in Wireshark
Summary
Name: Multiple problems in Wireshark
Docid: wnpa-sec-2008-06
Date: October 20, 2008
Affected versions: 0.10.3 up to and including 1.0.3
Fixed versions: 1.0.4
Details
Description
Wireshark 1.0.4 fixes the following vulnerabilities:
-
Florent Drouin and David Maciejak of Fortinet's FortiGuard Global Security
Research Team independently discovered that the Bluetooth ACL dissector could
crash or abort.
(Bug
)
Versions affected: 0.99.2 to 1.0.3- The Q.931 dissector could crash or abort. (Bug
)
Versions affected: 0.10.3 to 1.0.3- Wireshark could abort while reading Tamos CommView capture files. (Bug
)
Versions affected: 0.99.7 to 1.0.3- David Maciejak found that the USB dissector could crash or abort. This led to the discovery of a similar problem in the Bluetooth RFCOMM dissector. (Bug
)
Versions affected: 0.99.7 to 1.0.3- Vivek Gupta and David Maciejak found that the PRP and MATE dissectors could make Wireshark crash. (Neither PRP nor MATE are enabled by default.) (Bug
) Versions affected: 0.99.2 to 1.0.3 - The Q.931 dissector could crash or abort. (Bug
Impact
It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 1.0.4 or later. Due to the nature of the bugs, there is no workaround for previous versions.