Multiple vulnerabilities have been identified in Wireshark, which could be exploited by local or remote attackers to cause a denial of service or compromise a vulnerable system.

The first issue is caused by a format string error when processing the "HOME" environment variable on non-Windows systems, which could allow local attackers to crash an affected application or execute arbitrary code.

The second vulnerability is caused by buffer overflow errors when reading a malformed NetScreen snoop file, which could allow attackers to crash an affected application or execute arbitrary code by tricking a user into reading a malicious packet trace file.

The third issue is caused by an error when processing a malformed Tektronix K12 text capture file, which could be exploited to cause a denial of service.

Affected Products

Wireshark versions 0.99.6 through 1.0.5

Solution

Upgrade to Wireshark 1.0.6 or later :
http://www.wireshark.org/download.html

References

http://www.vupen.com/english/advisories/2009/0370
http://www.wireshark.org/security/wnpa-sec-2009-01.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3151
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937

Credits

Vulnerabilities reported by babi and the vendor.

Changelog

2009-02-09 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.