Thursday, November 27, 2008

Attackers shoot to WireShark.

Every application might be vulnerable, and this is a really old concept. Nothing new, but reading that someone discovered an DoS attack to WireShark, one of the most used packet analyzer, makes me strange.
I frequently use it, during my university classes, during my external courses and also during company working time, but never I thought that it could be a potential whole in my system. That's, to me, it's a great example of what I call "Bar Security".
Following the original post:

On Nov 2008, Security Vulnerability Research Team of Bkis (SVRT-Bkis) has
detected a vulnerability underlying WireShark 1.0.4 (lastest version).

The flaw is in the function processing SMTP protocol and enables hacker to
perform a DoS attack by sending a SMTP request with large content to port
25. The application then enter a large loop and cannot do anything else.

We have contacted the vendor of Wireshark. They fixed this vulnerability for
Wireshark 1.0.5 but they haven't released the official version yet. Details
is here :

SVRT Advisory : SVRT-04-08
Initial vendor notification : 11-14-2008
Release Date : 11-22-2008
Update Date : 11-22-2008
Discovered by : SVRT-Bkis
Security Rating : Less Critical
Impact : DoS
Affected Software :Wireshark 1.0.4 (prev is vulnerable)

2. Solution

Althrough the official version for this vulnerability hasn't been released
yet, the vendor has updated the fix in the prerelease Wireshark 1.0.5.

Download the prerelease version of Wireshark 1.0.5 here:

Thank you guys for this interesting contribute that you've done proving that nothing is actually safe.

1 comment:

NetInside said...

nice tools, wireshark is the best packet analyzer in the world.. long life WireShark