Wireshark DECT Dissector Remote Stack Buffer Overflow

2011-10-1900:00:00

SAINT Corporation

download.saintcorporation.com

EPSS

0.952

Percentile

99.4%

JSON

Added: 10/19/2011
CVE: CVE-2011-1591
BID: 47392
OSVDB: 71848

Background

Wireshark is a network packet analyzer.

Problem

A buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark.

Resolution

Upgrade to Wireshark 1.4.5 or higher.

References

<http://www.wireshark.org/security/wnpa-sec-2011-06.html>

Limitations

Exploit works on Wireshark 1.4.4.

The affected target running Wireshark must be on the same network as as the SAINTexploit host.

Exploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from <http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm>.

The “Wireshark DECT Dissector PCAP File Processing Overflow” client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation.