Wireshark LDSS Dissector Buffer Overflow Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to crash the application. Impact Level: Application

Solution

Upgrade to Wireshark 1.4.2 or 1.2.13 later, For updates refer to http://www.wireshark.org/download

Insight

The flaw is due to heap-based buffer overflow in 'dissect_ldss_transfer()' function (epan/dissectors/packet-ldss.c) in the LDSS dissector, which allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line.

Affected

Wireshark version 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1

References

http://osvdb.org/69354
http://secunia.com/advisories/42290
http://www.vupen.com/english/advisories/2010/3038
http://www.wireshark.org/security/wnpa-sec-2010-14.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4300

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

BigAntSoft BigAnt IM Message Server Multiple Vulnerabilities
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities