Wireshark DECT Dissector Remote Stack Buffer Overflow

Added: 10/19/2011
CVE: CVE-2011-1591
BID: 47392
OSVDB: 71848

Background

Wireshark is a network packet analyzer.

Problem

A buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark.

Resolution

Upgrade to Wireshark 1.4.5 or higher.

References

http://www.wireshark.org/security/wnpa-sec-2011-06.html

Limitations

Exploit works on Wireshark 1.4.4.

The affected target running Wireshark must be on the same network as as the SAINTexploit host.

Exploit requires the Net-Write PERL module to be installed on the scanning host. This module is available from http://search.cpan.org/dist/Net-Write/lib/Net/Write.pm.

The "Wireshark DECT Dissector PCAP File Processing Overflow" client exploit attempts to exploit the same vulnerability. The client exploit does not have the same network and PERL module limitations, but requires user cooperation.

Platforms

Windows

Back to exploit index