Wireshark 1.4.0 Malformed IKE Packet Denial of Service
I. Summary
A flaw has been identified in Wireshark 1.4.0 when send a specific malformed IKE packet that will cause a denial
of service .
II. Description
Using PROTOS Test-Suite c09-isakmp(https://www.ee.oulu.fi/research/ouspg/PROTOS_Test-Suite_c09-isakmp),when we
run the following command "java -jar c09-isakmp-r1.jar --host 210.77.17.129 --id 210.77.19.130 --secret dgggg
βsourceport 34444 --index 3332" ,wireshark will capture the packet index 3332,then clike the field"Type
Payload:Identification(5)",a error message will popup ,saying"Gtk-ERROR **:Byte index 6 is off the end of the
line abortingβ¦".Then wireshark be forced to close.
III. Impact
Denial of service
IV. Affected
Wireshark 1.4.0, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.
V. Solution
Update the software version to 1.5.0 or 1.6.0
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.