Wireshark DEC DNA Routing Protocol Processing Error Lets Remote Users Deny Service
|
SecurityTracker Alert ID: 1032279 |
SecurityTracker URL: http://securitytracker.com/id/1032279
|
CVE Reference:
CVE-2015-3182
(Links to External Site)
|
Updated: May 28 2015
|
Original Entry Date: May 12 2015
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 1.10.12 through 1.10.14
|
Description:
A vulnerability was reported in Wireshark. A remote user can cause denial of service conditions on the target system.
A remote user can send specially crafted DEC DNA Routing Protocol data to trigger a pointer error in set_dnet_address() in 'packet-dec-dnart.c' and cause the target service to crash.
The crash occurs when processing a capture file with the '-nr' command line options. A demonstration exploit file is available at:
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=genbroad.snoop
Versions 1.10.12 through 1.10.14 are affected. [Editor's note: this Alert originally and incorrectly listed 1.12.4 as the vulnerable version.]
The original advisory is available at:
https://bugzilla.redhat.com/show_bug.cgi?id=1219409
Martin Zember of Red Hat reported this vulnerability.
|
Impact:
A remote user can cause the target service to crash.
|
Solution:
No solution was available at the time of this entry.
The vendor has developed a proposed fix, available at:
https://code.wireshark.org/review/#/c/8661/
|
Vendor URL: www.wireshark.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|