wireshark: multiple vulnerabilities
| Package(s): | wireshark | CVE #(s): | CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 | ||||||||||||||||||||
| Created: | February 5, 2007 | Updated: | March 14, 2007 | ||||||||||||||||||||
| Description: | There are multiple problems in Wireshark versions 0.10.14 to 0.99.4. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Posted Feb 9, 2007 10:46 UTC (Fri)
by malor (guest, #2973)
[Link]
Posted Feb 10, 2007 8:09 UTC (Sat)
by bronson (subscriber, #4806)
[Link] (3 responses)
I agree, Ethereal/Wireshark has an abysmal security record. I think it's because the protocol decoders are notoriously hard to write, and are written in a brittle, dangerous language by people who tend to be more interested in getting packets decoded rather than long-term, exhaustively tested code.
It would be nice if dissectors could be written in Perl/Ruby/Python/whatever. That would get rid of almost all of the vulns.
Has a Wireshark vulnerability ever been exploited in the wild?
Posted Feb 15, 2007 15:08 UTC (Thu)
by nix (subscriber, #2304)
[Link] (2 responses)
(The high number of security holes is doubtless because there are so *many* protocol decoders, and they *all* listen to potentially hostile input. wu-ftpd only had one protocol decoder...)
Posted Feb 15, 2007 21:16 UTC (Thu)
by bronson (subscriber, #4806)
[Link] (1 responses)
Posted Feb 16, 2007 15:19 UTC (Fri)
by jmayer (guest, #595)
[Link]
But it is: In several environments tshark (the command line version of
Posted Feb 25, 2007 18:34 UTC (Sun)
by kreutzm (guest, #4700)
[Link]
You know, I don't think I've ever seen ANY other program have as many vulnerabilities as Ethereal/Wireshark. Not even wu-ftpd was that bad. wireshark: multiple vulnerabilities
Fetchmail maybe? Especially if measured in vulns/line of code. :)wireshark: multiple vulnerabilities
Many of the vulnerabilities are DoS attacks, and Perl and Python are just as capable of infinite loops as C.wireshark: multiple vulnerabilities
Ah, I didn't realize that they were mostly infinite loops. Try as I might, I just can't get worked up about hostile input causing me to have to fire a ^C at Wireshark. Seems a little rich to call that a DoS, much less a full-on security vulnerability.wireshark: multiple vulnerabilities
> Seems a little rich to call that a DoS, much less a full-on security wireshark: multiple vulnerabilities
vulnerability.
wireshark) is being used to analyze traffic on the fly, create statistics
and (AFAIK) even evaluate the output in some sort of mini-ids. So if you
manage to send wireshark into an infinite loop, then this may easily have
more than just trivial consequences.
The code for all vulnerabilities is not present in Debian Sarge (ethereal).Debian Sarge not vulnerable