wireshark: yet another pile of dissector flaws
wireshark: yet another pile of dissector flaws
Posted Oct 6, 2014 19:25 UTC (Mon) by raven667 (subscriber, #5198)In reply to: wireshark: yet another pile of dissector flaws by bronson
Parent article: wireshark: yet another pile of dissector flaws
That sounds like a false choice. Since protocol decoders seem to be a never ending stream of fun it makes sense to work on infrastructure to limit the amount of damage that can be done by a malfunctioning decoder, by sandboxing or by providing a safe implementation toolkit so that decoder writers can't introduce security bugs.
> Lots of apps say to not run as root.
That's kind of a red herring, I would guess that a significant fraction if not majority of wireshark users are running the GUI on a different machine entirely than where the packet captures are created, and the consequence of a security break is access to the workstations of network engineers who probably have very privileged access, from the user account that the attacker now controls. Root access not required for this to be a problem.
> Stuxnet-scale scenarios are not as common as you imply.
I have to grant that if your plan to get access to some major network is to send malformed traffic in the hopes that an engineer will pull a packet capture on to their desktop, you probably need a better plan, I suppose you could call in trouble tickets to increase your chances but this will be a hard attack to pull off in practice, though not impossible.