Wireshark NTP Dissector Format String Flaw

2006-07-17T10:03:49
ID OSVDB:27369
Type osvdb
Reporter Ilja van Sprundel()
Modified 2006-07-17T10:03:49

Description

Vulnerability Description

A format string flaw exists in the Wireshark NTP dissector. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 0.99.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A format string flaw exists in the Wireshark NTP dissector. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:21078 Secunia Advisory ID:21121 Secunia Advisory ID:21598 Secunia Advisory ID:21107 Secunia Advisory ID:21204 Secunia Advisory ID:21249 Secunia Advisory ID:21488 Secunia Advisory ID:21467 Secunia Advisory ID:22089 Related OSVDB ID: 27361 Related OSVDB ID: 27362 Related OSVDB ID: 27364 Related OSVDB ID: 27360 Related OSVDB ID: 27363 Related OSVDB ID: 27366 Related OSVDB ID: 27367 Related OSVDB ID: 27368 Related OSVDB ID: 27371 Related OSVDB ID: 27370 Related OSVDB ID: 27365 RedHat RHSA: RHSA-2006:0602 Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:128 Keyword: formerly ethereal Keyword: wnpa-sec-2006-01 ISS X-Force ID: 27828 CVE-2006-3628 Bugtraq ID: 19051