Vigil@nce - Wireshark: denial of service via ASN.1/BER
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed SNMPv1 packet, in order to
generate an infinite recursion in the ASN.1/BER module, which
stops Wireshark.
Severity: 1/4
Creation date: 14/09/2010
DESCRIPTION OF THE VULNERABILITY
The SNMP protocol uses data in ASN.1 format, encoded as BER (Basic
Encoding Rules).
The SNMPv1 dissector of Wireshark calls epan/dissectors/packet-ber.c
to decode ASN.1/BER data.
The dissect_unknown_ber() function decodes malformed BER data.
However, if the malformed data sequence is too long, it is called
recursively.
An attacker can therefore send a malformed SNMPv1 packet, in order
to generate an infinite recursion in the ASN.1/BER module, which
stops Wireshark.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-ASN-1-BER-9930