Vigil@nce - Wireshark: infinite loop via DRDA
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a DRDA packet, in order to generate an
infinite loop in Wireshark.
Severity: 1/4
Creation date: 30/08/2012
IMPACTED PRODUCTS
– Wireshark
DESCRIPTION OF THE VULNERABILITY
The DRDA (Distributed Relational Database Architecture) protocol
is used to send SQL queries to remote servers.
The dissect_drda() function of the dissectors/packet-drda.c file
decodes DRDA commands. The iLength variable, which is set from the
DRDA packet, indicates the command size, and it is used to skip to
the next command. However, if this size is zero, the position of
the next command does not change. The function thus indefinitely
loops.
An attacker can therefore send a DRDA packet, in order to generate
an infinite loop in Wireshark.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-infinite-loop-via-DRDA-11904