Wireshark has recently patched three different security vulnerabilities in its system. Reportedly, all three of them had high severity levels with a base score of 7.5. These vulnerabilities, discovered by Cisco, could allow an attacker for DoS attacks causing the system to crash.
Cisco Discovered Three Security Vulnerabilities Triggering DoS
Recently, researchers at Cisco discovered three different security flaws in Wireshark – a network protocol analyzer. All three of them could trigger DoS attacks upon exploitation.
The team at Cisco discovered these vulnerabilities and found them to cause system crashes of a similar nature.
All these vulnerabilities could allow an attacker to “inject a malformed packet into the network”. The exploited app would then process the malicious packet, or the user might open the file with the malicious packet. Ultimately, this could crash the app, leading to a DoS condition.
As stated in the vulnerability analysis by Cisco,
“To exploit the vulnerability, the attacker may use misleading language and instructions to convince a user to open a malicious packet trace file. To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. This access requirement may reduce the likelihood of a successful exploit.”
The vulnerabilities were found in the Bluetooth Attribute Protocol (ATT) dissector component, Radiotap dissector component, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector component of Wireshark. They have been assigned with CVE numbers CVE-2018-16056, CVE-2018-16057, and CVE-2018-16058 respectively.
As explained by the researchers regarding the Bluetooth Attribute Protocol (ATT),
“The vulnerability exists because the epan/dissectors/packet-btatt.c source code file of the affected software does not verify that a dissector for a specific universally unique identifier (UUID) exists.”
Whereas, the Radiotap dissector component flaw occurred due to “insufficient bound check in the ieee80211_radiotap_iterator_next() function”. Likewise, the flaw in the AVDTP dissector component arose due to improper initialization of data structure by the epan/dissectors/packet-btavdtp.c source code file.
Besides, the researchers also state that the POC for the exploitation of the flaws in real-time is publicly available.
Wireshark Patched The Flaw
Wireshark confirmed that the three security vulnerabilities discovered by Cisco affected the 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16 versions. Eventually, they quickly patched all the three flaws in the recent updates. The vendors released the patches on August 29, 2018. Later, Cisco disclosed the details about the vulnerabilities for the public on August 30, 2018. The users can protect themselves from the vulnerabilities by upgrading to the latest 2.6.3, 2.4.9, 2.2.17 or later versions. They can download the latest versions from the Wireshark website.
Let us know your thoughts in the comments.