Wireshark ERF文件远程代码执行漏洞
来源:岁月联盟
时间:2009-10-12
Wireshark Wireshark 1.2.1
Wireshark Wireshark 1.2
Wireshark Wireshark 1.0.8
Wireshark Wireshark 1.0.7
Wireshark Wireshark 1.0.6
Wireshark Wireshark 1.0.5
Wireshark Wireshark 1.0.4
Wireshark Wireshark 1.0.3
Wireshark Wireshark 1.0.2
Wireshark Wireshark 1.0.1
Wireshark Wireshark 1.0
Wireshark Wireshark 0.99.8
Wireshark Wireshark 0.99.7
Wireshark Wireshark 0.99.6
Wireshark Wireshark 0.99.5
Wireshark Wireshark 0.99.4
Wireshark Wireshark 0.99.3
Wireshark Wireshark 0.99.2
Wireshark Wireshark 0.99.1
Wireshark Wireshark 0.99
Wireshark Wireshark 0.10.13
Wireshark Wireshark 0.10.4
Wireshark Wireshark 0.10
Wireshark Wireshark 0.9.10
Wireshark Wireshark 0.9.5
Wireshark Wireshark 0.9.2
Wireshark Wireshark 0.8.20
Wireshark Wireshark 0.8.16
Wireshark Wireshark 0.7.9
Wireshark Wireshark 0.6漏洞描述:
Bugraq ID: 36591
Wireshark是一款开放源代码的网络协议分析工具。
Wireshark导入文件时存在一个无符号整数围包漏洞,远程安全者可以利用漏洞以应用程序权限执行任意指令。
当处理ERF文件时一个无符号整数围包漏洞可使Wireshark分配一个很大的缓冲区,要利用此漏洞,需要用户使用应用程序打开特殊构建的ERF文件。<*参考
http://www.kb.cert.org/vuls/id/676492
http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364
*>
SEBUG安全建议:
厂商解决方案
用户可联系供应商升级到Wireshark 1.2.2:
http://www.wireshark.org/
