LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wireshark: multiple vulnerabilities

wireshark: multiple vulnerabilities

Posted Feb 15, 2007 21:16 UTC (Thu) by bronson (subscriber, #4806)
In reply to: wireshark: multiple vulnerabilities by nix
Parent article: wireshark: multiple vulnerabilities

Ah, I didn't realize that they were mostly infinite loops. Try as I might, I just can't get worked up about hostile input causing me to have to fire a ^C at Wireshark. Seems a little rich to call that a DoS, much less a full-on security vulnerability.

(Log in to post comments)

wireshark: multiple vulnerabilities

Posted Feb 16, 2007 15:19 UTC (Fri) by jmayer (subscriber, #595) [Link]

> Seems a little rich to call that a DoS, much less a full-on security
vulnerability.

But it is: In several environments tshark (the command line version of
wireshark) is being used to analyze traffic on the fly, create statistics
and (AFAIK) even evaluate the output in some sort of mini-ids. So if you
manage to send wireshark into an infinite loop, then this may easily have
more than just trivial consequences.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds