LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459
Created:February 5, 2007 Updated:March 14, 2007
Description: There are multiple problems in Wireshark versions 0.10.14 to 0.99.4.
Alerts:
Red Hat RHSA-2007:0066-01 2007-03-14
Fedora FEDORA-2007-216 2007-02-08
Fedora FEDORA-2007-207 2007-02-06
rPath rPSA-2007-0023-1 2007-02-03
Mandriva MDKSA-2007:033 2007-02-02
(Log in to post comments)

wireshark: multiple vulnerabilities

Posted Feb 9, 2007 10:46 UTC (Fri) by malor (subscriber, #2973) [Link]

You know, I don't think I've ever seen ANY other program have as many vulnerabilities as Ethereal/Wireshark. Not even wu-ftpd was that bad.

wireshark: multiple vulnerabilities

Posted Feb 10, 2007 8:09 UTC (Sat) by bronson (subscriber, #4806) [Link]

Fetchmail maybe? Especially if measured in vulns/line of code. :)

I agree, Ethereal/Wireshark has an abysmal security record. I think it's because the protocol decoders are notoriously hard to write, and are written in a brittle, dangerous language by people who tend to be more interested in getting packets decoded rather than long-term, exhaustively tested code.

It would be nice if dissectors could be written in Perl/Ruby/Python/whatever. That would get rid of almost all of the vulns.

Has a Wireshark vulnerability ever been exploited in the wild?

wireshark: multiple vulnerabilities

Posted Feb 15, 2007 15:08 UTC (Thu) by nix (subscriber, #2304) [Link]

Many of the vulnerabilities are DoS attacks, and Perl and Python are just as capable of infinite loops as C.

(The high number of security holes is doubtless because there are so *many* protocol decoders, and they *all* listen to potentially hostile input. wu-ftpd only had one protocol decoder...)

wireshark: multiple vulnerabilities

Posted Feb 15, 2007 21:16 UTC (Thu) by bronson (subscriber, #4806) [Link]

Ah, I didn't realize that they were mostly infinite loops. Try as I might, I just can't get worked up about hostile input causing me to have to fire a ^C at Wireshark. Seems a little rich to call that a DoS, much less a full-on security vulnerability.

wireshark: multiple vulnerabilities

Posted Feb 16, 2007 15:19 UTC (Fri) by jmayer (subscriber, #595) [Link]

> Seems a little rich to call that a DoS, much less a full-on security
vulnerability.

But it is: In several environments tshark (the command line version of
wireshark) is being used to analyze traffic on the fly, create statistics
and (AFAIK) even evaluate the output in some sort of mini-ids. So if you
manage to send wireshark into an infinite loop, then this may easily have
more than just trivial consequences.

Debian Sarge not vulnerable

Posted Feb 25, 2007 18:34 UTC (Sun) by kreutzm (guest, #4700) [Link]

The code for all vulnerabilities is not present in Debian Sarge (ethereal).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds