wnpa-sec-2008-07 · Multiple problems in Wireshark
Summary
Name: Multiple problems in Wireshark
Docid: wnpa-sec-2008-07
Date: December 10, 2008
Affected versions: 0.99.7 up to and including 1.0.4
Fixed versions: 1.0.5
Details
Description
Wireshark 1.0.5 fixes the following vulnerabilities:
- The SMTP dissector could consume excessive amounts of CPU and memory. Versions affected: 1.0.4
- The WLCCP dissector could go into an infinte loop. Versions affected: 0.99.7 to 1.0.4
Impact
It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 1.0.5 or later.
If are running Wireshark {{ end_version }} or earlier (including Ethereal 0.99.0) and cannot upgrade, you can work around each of the problems listed above by doing the following:
- Disable the SMTP and WLCCP dissectors.
- Select Analyze→Enabled Protocols... from the menu.
- Make sure "SMTP" and "WLCCP" are un-checked.
- Click "Save", then click "OK".