Release date: 2011-11-01
Updated on: 2011-11-03
Affected Systems:
Wireshark 1.6.x
Wireshark 1.4.x
Unaffected system:
Wireshark 1.6.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50481
Cve id: CVE-2011-4101
Wireshark (formerly known as Ethereal) is a network group analysis software.
Wireshark has a null pointer reference vulnerability in the parsing Implementation of Infiniband data. Attackers can trick users into reading malformed packet tracking files or injecting malformed packets to crash Wireshark.
<* Source: Huzaifa Sidhpurwala
Link: https://bugs.wireshark.org/bugzilla/show_bug.cgi? Id = 6476
Http://www.wireshark.org/security/wnpa-sec-2011-18.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Wireshark has released a Security Bulletin (wnpa-sec-2011-18) and corresponding patches for this:
Wnpa-sec-2011-18: Wireshark Infiniband dissector vulnerability
Link: http://www.wireshark.org/security/wnpa-sec-2011-18.html