{"vuid":"VU#243670","idnumber":"243670","name":"Wireshark DECT dissector vulnerability","keywords":["wireshark","dect"],"overview":"Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.","clean_desc":"Paul Makowski's report states: /epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark's default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data.","impact":"An attacker may cause any active capture or .pcap dissection to crash Wireshark/tshark. Remote code execution is also possible.","resolution":"Apply an Update Upgrade to Wireshark 1.4.5. Several other security related fixes are also included in this version.","workarounds":"","sysaffected":"","thanks":"Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html","http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html","http://www.wireshark.org/download.html","http://blog.ring0.me/2012/01/wireshark-14x-145-cve-2011-1591.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-04-14T13:10:33Z","publicdate":"2011-04-17T00:00:00Z","datefirstpublished":"2011-04-18T17:01:41Z","dateupdated":"2012-01-25T03:28:05Z","revision":6,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"2","cam_impact":"14","cam_easeofexploitation":"7","cam_attackeraccessrequired":"8","cam_scorecurrent":"0.0882","cam_scorecurrentwidelyknown":"0.6762","cam_scorecurrentwidelyknownexploited":"1.2642","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0882,"vulnote":null}