Signature Detail

HTTP: Generic Libpcap/TCPDump PCAP File Format String Detection

This signature detects format string exploits contained within Libpcap/TCPDump packet capture (PCAP) files. Such exploits could allow an attacker to trigger a memory corruption that could be leveraged further to execute arbitrary code or cause a denial of service condition.

Extended Description

Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. Wireshark 1.0.6 is vulnerable; other versions may also be affected.

Affected Products

• Avaya Aura SIP Enablement Services 3.0
• Avaya Aura SIP Enablement Services 3.1
• Avaya Aura SIP Enablement Services 3.1.1
• Avaya Aura SIP Enablement Services 5.0
• Avaya Aura SIP Enablement Services 5.1
• Avaya Communication Manager 3.0
• Avaya Communication Manager 3.1
• Avaya Communication Manager 3.1.4 SP2
• Avaya Communication Manager 4.0
• Avaya Communication Manager 4.0.3 SP1
• Avaya Communication Manager 5.0
• Avaya Communication Manager 5.0 SP3
• Avaya Communication Manager 5.1
• Avaya EMMC 1.017
• Avaya EMMC 1.021
• Avaya EMMC
• Avaya Intuity AUDIX LX 1.0
• Avaya Intuity AUDIX LX 2.0
• Avaya Intuity AUDIX LX 2.0 SP1
• Avaya Intuity AUDIX LX 2.0 SP2
• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Gentoo Linux
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2008.1
• Mandriva Linux Mandrake 2008.1 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Pardus Linux 2008
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux AS 4.8.Z
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux ES 4.8.Z
• Red Hat Enterprise Linux EUS 5.3.Z Server
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 10
• Red Hat Fedora 9
• rPath rPath Linux 1
• SuSE Open-Enterprise-Server
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• SuSE SUSE Linux Enterprise 10
• SuSE SUSE Linux Enterprise 11
• SuSE SUSE Linux Enterprise Server 9
• Wireshark 0.99.0
• Wireshark 0.99.1
• Wireshark 0.99.2
• Wireshark 0.99.3
• Wireshark 0.99.4
• Wireshark 0.99.5
• Wireshark 0.99.6
• Wireshark 0.99.7
• Wireshark 0.99.8
• Wireshark 1.0.0
• Wireshark 1.0.1
• Wireshark 1.0.2
• Wireshark 1.0.3
• Wireshark 1.0.4
• Wireshark 1.0.5
• Wireshark 1.0.6

References

• BugTraq: 34291
• CVE: CVE-2009-1210