Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26650
HistoryJul 14, 2011 - 12:00 a.m.

Wireshark 1.4.0 Malformed IKE Packet Denial of Service

2011-07-1400:00:00
vulners.com
9

Wireshark 1.4.0 Malformed IKE Packet Denial of Service


I. Summary

A flaw has been identified in Wireshark 1.4.0 when send a specific malformed IKE packet that will cause a denial
of service .


II. Description

Using PROTOS Test-Suite c09-isakmp(https://www.ee.oulu.fi/research/ouspg/PROTOS_Test-Suite_c09-isakmp),when we
run the following command "java -jar c09-isakmp-r1.jar --host 210.77.17.129 --id 210.77.19.130 --secret dgggg
–sourceport 34444 --index 3332" ,wireshark will capture the packet index 3332,then clike the field"Type
Payload:Identification(5)",a error message will popup ,saying"Gtk-ERROR **:Byte index 6 is off the end of the
line aborting…".Then wireshark be forced to close.


III. Impact

Denial of service


IV. Affected

Wireshark 1.4.0, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.


V. Solution

Update the software version to 1.5.0 or 1.6.0


VI. Credit

The penetration test team Of NCNIPC (China) is credited for this vulnerability.