Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
wireshark: multiple vulnerabilities
Posted Feb 9, 2007 10:46 UTC (Fri) by malor (subscriber, #2973)
Posted Feb 10, 2007 8:09 UTC (Sat) by bronson (subscriber, #4806)
I agree, Ethereal/Wireshark has an abysmal security record. I think it's because the protocol decoders are notoriously hard to write, and are written in a brittle, dangerous language by people who tend to be more interested in getting packets decoded rather than long-term, exhaustively tested code.
It would be nice if dissectors could be written in Perl/Ruby/Python/whatever. That would get rid of almost all of the vulns.
Has a Wireshark vulnerability ever been exploited in the wild?
Posted Feb 15, 2007 15:08 UTC (Thu) by nix (subscriber, #2304)
(The high number of security holes is doubtless because there are so *many* protocol decoders, and they *all* listen to potentially hostile input. wu-ftpd only had one protocol decoder...)
Posted Feb 15, 2007 21:16 UTC (Thu) by bronson (subscriber, #4806)
Posted Feb 16, 2007 15:19 UTC (Fri) by jmayer (subscriber, #595)
But it is: In several environments tshark (the command line version of
wireshark) is being used to analyze traffic on the fly, create statistics
and (AFAIK) even evaluate the output in some sort of mini-ids. So if you
manage to send wireshark into an infinite loop, then this may easily have
more than just trivial consequences.
Debian Sarge not vulnerable
Posted Feb 25, 2007 18:34 UTC (Sun) by kreutzm (guest, #4700)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds