Wireshark 1.6.1 Malformed IKE Packet DoS

New vulnerability have been discovered in Wireshark 1.6.1 that affects IKEv1 protocol function proto_tree_add_item() this bug allow to conduct a denial of service attack.

This is not the first vulnerability that has been discovered lately in wireshark as in the 18th of April Paul Makowski working for SEI/CERT discovered vulnerability allows a remote user that can send specially crafted data to trigger a buffer overflow in the DECT dissector and execute arbitrary code on the target system [CVE-2011-1591]. The code will run with the privileges of the target service.

Wireshark is one of the best network analyzer that operates as tcpdump with a graphical interface. The tool has a reach dashboard that displays all detected packets on the network with the possibility of filtering gathered information.

Currently there are no workaround but you can expact a patch for this issue soon.

Update: on Twitter @StigBjorlykke Wireshark Core Developer wrote on his twitter account that the vulnerability is just fixed.

Share
Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Stig

A workaround is to disable the “isakmp” dissector from Analyze -> Enabled Protocols…

Mourad

Thanks for
the solution but does this effect on wireshark functionalities?

Stig

It disables dissecting of isakmp packages, but nothing else.

Vuln

When use wareshark 1.6.1 to capture the malformated isakmp package (Next Payload = DELETE (12), Exchange Type = Information (5) with no actual payload data) and then click that package , that will cause a denail of service.