lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 28 Jul 2011 08:42:13 GMT
Subject: Wireshark 1.6.1 Malformed IKE Packet Denial of Service

Wireshark 1.6.1 Malformed IKE Packet Denial of Service

I. Summary

A flaw has been identified in Wireshark 1.6.1 concerning IKEv1 protocol dissector and the function proto_tree_add_item() ,when add more than 1000000 items to a proto_tree,that will cause a denial of service (denial of service and memory rising ).

II. Description

Wireshark use the function proto_tree_add_item() to add an item to a proto_tree.When we use filter expression 'isakmp' to look up a malformed IKE packet (Next Payload = DELETE (12), Exchange Type = Information (5) with no actual payload data) and click on the resultant list entry,wireshark will run in the function TRY_TO_FAKE_THIS_ITEM(tree, hfindex, hfinfo),there are more than 1000000 items in the tree, this will cause an infinite loop,then cause denial of service and memory rising.

III. Impact

Denial of service 

IV. Affected

Wireshark 1.6.1, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.

V. Solution

There is no known workaround at this time.

VI. Credit

The penetration test team Of NCNIPC (China) is credited for this vulnerability.

Powered by blists - more mailing lists