Wireshark LDSS Dissector Buffer Overflow Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to crash the application. Impact Level: Application

Solution

Upgrade to Wireshark 1.4.2 or 1.2.13 later. For updates refer to http://www.wireshark.org/download

Insight

The flaw is due to heap based buffer overflow in 'dissect_ldss_transfer()' function (epan/dissectors/packet-ldss.c) in the LDSS dissector, which allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line.

Affected

Wireshark version 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1

References

http://osvdb.org/69354
http://secunia.com/advisories/42290
http://www.vupen.com/english/advisories/2010/3038
http://www.wireshark.org/security/wnpa-sec-2010-14.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4300
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
Cscope Multiple Buffer Overflow vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability

Take action and discover your vulnerabilities