Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Summary

Name: Multiple problems in Wireshark (formerly Ethereal®) versions 0.9.8 to 0.99.3

Docid: wnpa-sec-2006-03

Date: October 31, 2006

Versions affected: 0.9.8 up to and including 0.99.3

Fixed in: 0.99.4

Details

Description

Wireshark 0.99.4 fixes the following vulnerabilities:

The HTTP dissector could crash. (Bugs 1050 and 1079)
Versions affected: 0.99.3.
CVE-2006-5468
The LDAP dissector (and possibly others) could crash. (Bug 1054)
Versions affected: 0.99.3.
CVE-2006-5740
The XOT dissector could attempt to allocate a large amount of memory and crash. (Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805
The WBXML dissector could crash. (Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469
The MIME Multipart dissector was susceptible to an off-by-one error. (Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574
If AirPcap support was enabled, parsing a WEP key could sometimes cause a crash.
Versions affected: 0.99.3.

Impact

It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 0.99.4.

If are running Wireshark 0.99.3 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following:

Disable the HTTP, LDAP, XOT, WBXML, and MIME multipart dissectors.
- Select Analyze→Enabled Protocols... from the menu.
- Make sure "HTTP", "LDAP", "XOT", "WBXML", and "MIME multipart" are un-checked.
- Click "Save", then click "OK".