中危 Wireshark up to 1.4.0 dissect_ber_unknown 拒绝服务漏洞

CVE编号

CVE-2010-3445

利用情况

POC 已公开

补丁情况

N/A

披露时间

2010-11-27

漏洞描述

如SNMP所示，在1.4.1之前的Wireshark 1.4.x，1.2.12 之前的 1.2.x中的BER dissector中的epan/dissectors/packet-ber.c中的dissect_ber_unknown函数中的堆栈消耗漏洞允许远程攻击者通过未知的ASN.1/BER编码数据包中的长字符串导致导致拒绝服务(空指针取消引用和崩溃)。

解决建议

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230

参考链接
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/42392
http://secunia.com/advisories/42411
http://secunia.com/advisories/42877
http://secunia.com/advisories/43068
http://secunia.com/advisories/43759
http://secunia.com/advisories/43821
http://www.debian.org/security/2010/dsa-2127
http://www.kb.cert.org/vuls/id/215900
http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
http://www.openwall.com/lists/oss-security/2010/10/01/10
http://www.openwall.com/lists/oss-security/2010/10/12/1
http://www.redhat.com/support/errata/RHSA-2010-0924.html
http://www.redhat.com/support/errata/RHSA-2011-0370.html
http://www.securityfocus.com/bid/43197
http://www.vupen.com/english/advisories/2010/3067
http://www.vupen.com/english/advisories/2010/3093
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0404
http://www.vupen.com/english/advisories/2011/0626
http://www.vupen.com/english/advisories/2011/0719
http://www.wireshark.org/security/wnpa-sec-2010-12.html
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-...
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	wireshark	wireshark	1.2.0	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.1	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.10	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.11	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.2	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.3	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.4	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.5	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.6	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.7	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.8	-
	运行在以下环境
	应用	wireshark	wireshark	1.2.9	-
	运行在以下环境
	应用	wireshark	wireshark	1.4.0	-
	运行在以下环境
	系统	redhat_5	wireshark	*		Up to (excluding) 0:1.0.15-2.el4
	运行在以下环境
	系统	redhat_6	wireshark	*		Up to (excluding) 0:1.2.13-1.el6_0.1
	运行在以下环境
	系统	suse_12	wireshark	*		Up to (excluding) 1.10.9-1
	运行在以下环境
	系统	ubuntu_12.04.5_lts	wireshark	*		Up to (excluding) 1.4.2-1

阿里云评分 5.8

• 攻击路径 远程
• 攻击复杂度 容易
• 权限要求 无需权限
• 影响范围 全局影响
• EXP成熟度 POC 已公开
• 补丁情况 N/A
• 数据保密性 无影响
• 数据完整性 无影响
• 服务器危害 DoS
• 全网数量 N/A

CWE-ID	漏洞类型
CWE-399	资源管理错误

Exp相关链接

• http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/

- avd.aliyun.com