Bugtraq mailing list archives

Wireshark 1.4.0 Malformed IKE Packet Denial of Service

From: vuln () nipc org cn
Date: Mon, 11 Jul 2011 09:40:10 GMT

Wireshark 1.4.0 Malformed IKE Packet Denial of Service

------------------------------------------------------------------
I. Summary

A flaw has been identified in Wireshark 1.4.0 when send a specific malformed IKE packet that will cause a denial of 
service .

------------------------------------------------------------------
II. Description

Using PROTOS Test-Suite c09-isakmp(https://www.ee.oulu.fi/research/ouspg/PROTOS_Test-Suite_c09-isakmp),when we run the 
following command "java -jar c09-isakmp-r1.jar --host 210.77.17.129 --id 210.77.19.130 --secret dgggg --sourceport 
34444  --index 3332" ,wireshark will capture the packet index 3332,then clike the field"Type 
Payload:Identification(5)",a error message will popup ,saying"Gtk-ERROR **:Byte index 6 is off the end of the line 
aborting...".Then wireshark be forced to close.


------------------------------------------------------------------
III. Impact

Denial of service 

------------------------------------------------------------------
IV. Affected

Wireshark 1.4.0, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.

------------------------------------------------------------------
V. Solution

Update the software version to 1.5.0 or 1.6.0

------------------------------------------------------------------
VI. Credit

The penetration test team Of NCNIPC (China) is credited for this vulnerability.

Current thread:

Wireshark 1.4.0 Malformed IKE Packet Denial of Service vuln (Jul 11)
- <Possible follow-ups>
- Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service gerald (Jul 15)