wnpa-sec-2011-11 · Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark

Summary

Name: Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark

Docid: wnpa-sec-2011-11

Date: July 18, 2011

Affected versions: {{ start_version }} up to and including {{ end_version }}

Fixed versions: 1.6.1

Related: wnpa-sec-2011-10 (Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark version 1.4.0 to 1.4.7) wnpa-sec-2011-09 (Lucent/Ascend file parser vulnerability in Wireshark version 1.2.0 to 1.2.17)

Details

Description

Wireshark 1.6.1 fixes the following vulnerabilities:

  • The Lucent/Ascend file parser was susceptible to an infinite loop.
    Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0.
    CVE-2011-2597
  • The ANSI MAP dissector was susceptible to an infinite loop. (Bug 6044)
    Versions affected: 1.4.0 to 1.4.7 and 1.6.0.
    CVE-2011-2698

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.6.1 or later. Although you can disable the ANSI MAP dissector it is not possible to work around the Lucent/Ascend parser bug.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More