CVE-2011-3484 - Input Validation vulnerability in Wireshark 1.6.0/1.6.1

Publication

2011-09-20

Last modification

2017-09-19

Summary

The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.

Description

Wireshark is prone to a denial-of-service vulnerability because it fails to properly handle specially crafted OpenSafety packets.Exploiting this issue may allow attackers to cause the application to crash.Wireshark 1.6.0 to 1.6.1 are vulnerable.

Solution

Updates are available. Please see the references for more information. Mandriva Linux Mandrake 2011 x86_64 Mandriva dumpcap-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva lib64wireshark-devel-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva lib64wireshark1-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva rawshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva tshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-tools-1.6.2-0.1-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva Linux Mandrake 2011 Mandriva dumpcap-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libwireshark-devel-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libwireshark1-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva rawshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva tshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva wireshark-tools-1.6.2-0.1-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/

Exploit

Attackers can exploit the issue using readily available network tools.A sample '.pcap' file is available. Please see the references for information.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:M/Au:N/C:N/I:N/A:P)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

OVAL definition

{
    "accepted": "2013-08-19T04:00:56.705-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        }
    ],
    "definition_extensions": [
        {
            "comment": "Wireshark is installed on the system.",
            "oval": "oval:org.mitre.oval:def:6589"
        }
    ],
    "description": "The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.",
    "family": "windows",
    "id": "oval:org.mitre.oval:def:15062",
    "status": "accepted",
    "submitted": "2012-02-27T15:34:33.178-04:00",
    "title": "OpenSafety dissector in Wireshark 1.6.x before 1.6.2 denial of service vulnerability",
    "version": "8"
}

Affected Products

Vendor Product Versions
Wireshark Wireshark  1.6.0 , 1.6.1