SAINT CorporationSAINT:BDA51C29908C7EA6D082B06FCC37FF92Wireshark DECT Dissector Remote Stack Buffer Overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%
Added: 10/19/2011
CVE: CVE-2011-1591
BID: 47392
OSVDB: 71848
Background
Wireshark is a network packet analyzer.
Problem
A buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark.
Resolution
Upgrade to Wireshark 1.4.5 or higher.
References
<http://www.wireshark.org/security/wnpa-sec-2011-06.html>
Limitations
Exploit works on Wireshark 1.4.4.
The affected target running Wireshark must be on the same network as as the SAINTexploit host.
Exploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>.
The “Wireshark DECT Dissector PCAP File Processing Overflow” client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%