Vulnerabilities > CVE-2017-15189 - Missing Release of Resource after Effective Lifetime vulnerability in Wireshark 2.4.0/2.4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP DoS An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_WIRESHARK_2_4_2.NASL description The version of Wireshark installed on the remote MacOS/MacOSX host is 2.4.x prior to 2.4.2. It is, therefore, affected by multiple denial of service vulnerabilities in the DOCSIS, RTSP, DMP, BT ATT and MBIM dissectors. An unauthenticated, remote attacker can exploit this by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 103983 published 2017-10-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103983 title Wireshark 2.4.x < 2.4.2 Multiple DoS (MacOS) NASL family Fedora Local Security Checks NASL id FEDORA_2017-9FD430DBA0.NASL description New version 2.4.2, fixes CVE-2017-15189, CVE-2017-15190, CVE-2017-15191, CVE-2017-15192, CVE-2017-15193, CVE-2017-13764, CVE-2017-13765, CVE-2017-13766, CVE-2017-13767 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105941 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105941 title Fedora 27 : 1:wireshark (2017-9fd430dba0) NASL family Windows NASL id WIRESHARK_2_4_2.NASL description The version of Wireshark installed on the remote Windows host is 2.4.x prior to 2.4.2. It is, therefore, affected by multiple denial of service vulnerabilities in the DOCSIS, RTSP, DMP, BT ATT and MBIM dissectors. An unauthenticated, remote attacker can exploit this by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 103986 published 2017-10-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103986 title Wireshark 2.4.x < 2.4.2 Multiple DoS NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4684A426774D4390AA19B8DD481C4C94.NASL description wireshark developers reports : In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. last seen 2020-06-01 modified 2020-06-02 plugin id 104265 published 2017-10-31 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104265 title FreeBSD : wireshark -- multiple security issues (4684a426-774d-4390-aa19-b8dd481c4c94)
References
- http://www.securityfocus.com/bid/101228
- http://www.securityfocus.com/bid/101228
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
- https://code.wireshark.org/review/23663
- https://code.wireshark.org/review/23663
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8
- https://www.wireshark.org/security/wnpa-sec-2017-46.html
- https://www.wireshark.org/security/wnpa-sec-2017-46.html