Signature Detail
Short Name |
SMB:FILE:WIRESHARK-INSECUREPATH |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMB |
Keywords |
Wireshark Insecure Search Path Script Execution |
Release Date |
2011/12/15 |
Update Number |
2048 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMB: Wireshark Insecure Search Path Script Execution
An insecure search path vulnerability exists in Wireshark. The vulnerability exists in when opening a pcap or capture file, the application searches for a script "console.lua" from the same directory that the pcap was found. A remote attacker could exploit this vulnerability by enticing a user to open a pcap file from a remote SMB share. Successful exploitation could allow an attacker to execute an arbitrary lua script in the context of the user running Wireshark.
Extended Description
Wireshark is prone to a vulnerability that lets attackers execute arbitrary code. A successful exploit can allow the attacker to execute arbitrary Lua script in the context of the affected application. Wireshark 1.6.0 to 1.6.1 and 1.4.0 to 1.4.8 are vulnerable.
Affected Products
- Debian Linux 6.0 amd64
- Debian Linux 6.0 arm
- Debian Linux 6.0 ia-32
- Debian Linux 6.0 ia-64
- Debian Linux 6.0 mips
- Debian Linux 6.0 powerpc
- Debian Linux 6.0 s/390
- Debian Linux 6.0 sparc
- Mandriva Linux Mandrake 2011
- Mandriva Linux Mandrake 2011 x86_64
- Wireshark 1.4.0
- Wireshark 1.4.1
- Wireshark 1.4.2
- Wireshark 1.4.3
- Wireshark 1.4.4
- Wireshark 1.4.5
- Wireshark 1.4.6
- Wireshark 1.4.7
- Wireshark 1.4.8
- Wireshark 1.6.0
- Wireshark 1.6.1
References
- BugTraq: 49528
- CVE: CVE-2011-3360
- URL: http://www.Wireshark.org/security/wnpa-sec-2011-15.html