Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service

🗓️ 03 Aug 2016 00:00:00Reported by Chris BenedictType 
zdt
 zdt🔗 0day.today👁 35 Views

Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service. Bug in dissect_nds_request function allows denial of servic

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2016-6504
3 Aug 201600:00
circl
CNVD		Wireshark NDS Dissector Remote Denial of Service Vulnerability
2 Aug 201600:00
cnvd
CVE		CVE-2016-6504
6 Aug 201623:00
cve
Cvelist		CVE-2016-6504
6 Aug 201623:00
cvelist
Debian		[SECURITY] [DLA 595-1] wireshark security update
15 Aug 201614:53
debian
Debian		[SECURITY] [DSA 3648-1] wireshark security update
12 Aug 201619:39
debian
Debian CVE		CVE-2016-6504
6 Aug 201623:00
debiancve
Tenable Nessus		Debian DLA-595-1 : wireshark security update
16 Aug 201600:00
nessus
Tenable Nessus		Debian DSA-3648-1 : wireshark - security update
15 Aug 201600:00
nessus
Tenable Nessus		openSUSE Security Update : wireshark (openSUSE-2016-947)
8 Aug 201600:00
nessus
Rows per page
Sample generated with AFL
 
Build Information:
TShark 1.12.9 (v1.12.9-0-gfadb421 from (HEAD)
 
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
Compiled (64-bit) with GLib 2.48.1, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, without SMI, with c-ares 1.11.0, without
Lua, without Python, with GnuTLS 3.4.13, with Gcrypt 1.7.1, with MIT Kerberos,
with GeoIP.
 
Running on Linux 4.6.2-1-ARCH, with locale en_US.utf8, with libpcap version
1.7.4, with libz 1.2.8.
       Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
 
Built using clang 4.2.1 Compatible Clang 3.8.0 (tags/RELEASE_380/final).
--
This issue was uncovered with AFL (http://lcamtuf.coredump.cx/afl/)
 
There is a bug in dissect_nds_request located in epan/dissectors/packet-ncp2222.inc.
 
dissect_nds_request attempts to call ptvcursor_free() near packet-ncp2222.inc:11806 using the variable ptvc that is set to null at the start of dissect_nds_request. Using the attached sample, the only place ptvc could be set (~ncp2222.inc:11618) is never executed and thus ptvc remains a null pointer.
 
Credit goes to Chris Benedict, Aurelien Delaitre, NIST SAMATE Project, https://samate.nist.gov
 
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40194.zip

#  0day.today [2018-01-03]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Aug 2016 00:00Current
6.2Medium risk
Vulners AI Score6.2
EPSS0.02013
wiresharknds dissectordenial of servicebugdissect nds requestaflchris benedictaurelien delaitrenist samate project
35