Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Summary

Name: Multiple problems in Wireshark® versions 0.10.3 to 1.0.3

Docid: wnpa-sec-2008-06

Date: October 20, 2008

Versions affected: 0.10.3 up to and including 1.0.3

Fixed in: 1.0.4

Details

Description

Wireshark 1.0.4 fixes the following vulnerabilities:

  • Florent Drouin and David Maciejak of Fortinet's FortiGuard Global Security Research Team independently discovered that the Bluetooth ACL dissector could crash or abort. (Bug 1513)
    Versions affected: 0.99.2 to 1.0.3
  • The Q.931 dissector could crash or abort. (Bug 2870)
    Versions affected: 0.10.3 to 1.0.3
  • Wireshark could abort while reading Tamos CommView capture files. (Bug 2926)
    Versions affected: 0.99.7 to 1.0.3
  • David Maciejak found that the USB dissector could crash or abort. This led to the discovery of a similar problem in the Bluetooth RFCOMM dissector. (Bug 2922)
    Versions affected: 0.99.7 to 1.0.3
  • Vivek Gupta and David Maciejak found that the PRP and MATE dissectors could make Wireshark crash. (Neither PRP nor MATE are enabled by default.) (Bug 2549) Versions affected: 0.99.2 to 1.0.3

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.0.4 or later. Due to the nature of the bugs, there is no workaround for previous versions.

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation