Summary
Name: Multiple problems in Wireshark (formerly Ethereal
Docid: wnpa-sec-2006-03
Date: October 31, 2006
Versions affected: 0.9.8 up to and including 0.99.3
Details
Description
Wireshark 0.99.4 fixes the following vulnerabilities:
-
The HTTP dissector could crash.
(Bugs 1050
and 1079)
Versions affected: 0.99.3.
CVE-2006-5468 -
The LDAP dissector (and possibly others) could crash.
(Bug 1054)
Versions affected: 0.99.3.
CVE-2006-5740 -
The XOT dissector could attempt to allocate a large amount of
memory and crash.
(Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805 -
The WBXML dissector could crash.
(Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469 -
The MIME Multipart dissector was susceptible to an off-by-one error.
(Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574 -
If AirPcap support was enabled, parsing a WEP key could
sometimes cause a crash.
Versions affected: 0.99.3.
Impact
It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 0.99.4.
If are running Wireshark 0.99.3 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following:
- Disable the HTTP, LDAP, XOT, WBXML, and MIME multipart dissectors.
- Select Analyze→Enabled Protocols... from the menu.
- Make sure "HTTP", "LDAP", "XOT", "WBXML", and "MIME multipart" are un-checked.
- Click "Save", then click "OK".
Wireshark and the "fin" logo are registered trademarks of Gerald Combs