Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24739
HistorySep 14, 2010 - 12:00 a.m.

Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service

2010-09-1400:00:00
vulners.com
7
JSON

Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service

I. Summary

A flaw has been identified in Wireshark 1.4.0 concerning the ASN.1/BER dissector that will cause a denial of service (stack overflow and null pointer dereference in exception handling code).

II. Description

Wireshark makes use of protocol dissectors to parse packet data and organize its contents into a meaningful representation. Upon encountering an SNMP v1 packet, the ASN.1/BER dissector, as implemented in $SRC_ROOT/epan/dissectors/packet-ber.c, will be invoked to process the BER encoded content, i.e. variable bindings in the SNMP PDU. If this field is filled with an extremely long string, e.g. a sequence of 14000 'A's, a recursive call in function dissect_unknown_ber() would consume too much stack space, causing stack overflow in most configurations and later a null pointer deference in the exception handling code.

III. Impact

Denial of service (null pointer deference and application crash)

IV. Affected

Wireshark 1.4.0, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.

V. Solution

Since the ASN.1/BER dissector is used by several protocol dissectors, it may be inadequate to disable SNMP protocol dissection only. There is no known workaround at this time.

VI. Credit

The penetration test team Of NCNIPC (China) is credited for this vulnerability.

JSON