Wireshark fixed three flaws that can crash it via malicious packet trace files

Haythem Elmir
0 1
Read Time1 Minute, 50 Second

The Wireshark team has addressed three serious vulnerabilities that could be exploited by a remote unauthenticated attacker to crash the analyzer.

The Wireshark development team has fixed three serious flaws that could be exploited by a remote unauthenticated attacker to trigger a DoS condition in the world’s most popular network protocol analyzer.

The three vulnerabilities tracked as CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 affect respectively the Bluetooth Attribute Protocol (ATT) dissector, the Radiotap dissector, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector components of Wireshark.

A proof-of-concept (PoC) code exploit for each flaw is publicly available, the vulnerabilities are trivial to exploit, an attacker can exploit the vulnerabilities by injecting a malformed packet into a network. The attackers have to trick the victim into opening a malicious packet trace file.

“To exploit the vulnerability, the attacker may use misleading language and instructions to convince a user to open a malicious packet trace file.” reads the security advisory published for the CVE-2018-16057 flaw.

“To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. This access requirement may reduce the likelihood of a successful exploit.”

Anyway, to trigger the flaw it is necessary to access to a malicious packet trace file, a circumstance that makes the likelihood of exploitation very low.

Wireshark

Wireshark users need to upgrade their install to one of these: 2.6.3, 2.4.9, or 2.2.17.

Below the list of safeguards provided by Cisco in the security advisory:

  • Administrators are advised to apply the appropriate updates.
  • Administrators are advised to allow only trusted users to have network access.
  • Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.
  • Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  • Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
  • Administrators are advised to monitor affected systems.

To read the original article

https://securityaffairs.co/wordpress/75834/hacking/wireshark-dos-flaws.html

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

T-MOBILE CONFIRME AVOIR SUBI UN VOL DE DONNÉES PERSONNELLES DE SES CLIENTS

T-Mobile a confirmé, le 20 août, que plus de deux millions de ses clients sont concernés par un vol de données personnelles suite à une intrusion au sein de ses serveurs. Les informations divulguées comprennent le nom des clients, le code postal de facturation, le numéro de téléphone, l’adresse électronique, le […]