安全研究
安全漏洞
Wireshark LWRES协议解析模块栈溢出漏洞
发布日期:2010-01-27
更新日期:2010-02-01
受影响系统:
Wireshark Wireshark 1.2.0 - 1.2.5不受影响系统:
Wireshark Wireshark 0.9.15 - 1.0.10
Wireshark Wireshark 1.2.6描述:
BUGTRAQ ID: 37985
CVE(CAN) ID: CVE-2010-0304
Wireshark之前名为Ethereal,是一款非常流行的网络协议分析工具。
Wireshark的LWRES协议解析模块中存在栈溢出漏洞,如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话,就会导致解析模块崩溃或执行任意代码。
<*来源:babi (bbbbaaaabbbbiiii@operamail.com)
链接:http://www.wireshark.org/security/wnpa-sec-2010-02.html
http://www.debian.org/security/2010/dsa-1983
https://www.redhat.com/support/errata/RHSA-2010-0360.html
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 禁用受影响的解析模块:
1 从菜单选择Analyze→Enabled Protocols...
2 清除LWRES
3 点击“保存”、“确定”
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1983-1)以及相应补丁:
DSA-1983-1:New Wireshark packages fix several vulnerabilities
链接:http://www.debian.org/security/2010/dsa-1983
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc
Size/MD5 checksum: 1502 fdea428453f7a02c0bbac530ad464d20
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
Size/MD5 checksum: 113938 c4b445b78e497e030976e82cafd8c42d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 583714 668ac773a7ee3e1f55cf19a50633e204
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 12095504 96324d6c5e22c927211e26d807525402
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 731390 ab4c693296a8238efdaf03502e71cf8d
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 126232 eff006c86f3cc66294d70013d7ceb66b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 659468 e5f67af41661dc409e5b52f37c6e3692
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 568622 8740a23b5dd403fb9454eda39cd0a8a3
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 11867392 f18229e426b81770a941a598e0ccca11
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 119064 aeea3094ec89c51dede1d33b2d4ccd68
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 614174 1576c67c9ad3a82195918e81a6f4087d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 584402 7de0a936b738a89ac0ac575bfecccc89
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 10214352 c06eea281c937286360517c7f7509009
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 111076 1b5a43f81289533f541e5cc847667fed
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 620254 64b1f4ed8d2eb9f0d241615b70e46f0f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 583668 43394e55529540e4bc0d37981960211f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 10218668 7f23f088bae091152e61bf141bfbcb0a
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 112870 1e1aa32700aae99fbec2d3c155ee864a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 619466 c1a679a7e1d335e1e9feddf79836ed5c
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 111494 b2750543efb8f395b3dc521b88cc918a
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 10109718 29a40cbac678b483b9a4a66b9403ab88
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 583250 59d912e3eaf394133ac6e9998601669a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 153916 4fc862b2d124cc2dc2f0a66e9a3e93ad
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 569752 4710ceb0c9d81385cb49436dadeae671
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 13687480 ca6157b704e067ea2896a93a2585538c
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 930070 2207486fde31fd5a0ab6802db52bd818
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 569824 97649ee57827bc0457d7d3109aad979f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 10428362 aa2e57c26344871a7207a9b40a24e9b4
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 113232 631809792c778d8afd0cad51fbf795e1
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 636972 37a54296214e58bb2e79ec741d554e59
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 9729516 88aea35735f93ed40b78fb6eb034d306
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 569836 dcd46532b9af203d7e9ee791b52a25a0
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 113238 23907a5ef09f4869f82c7a8436d30301
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 627004 866ed04fef75ed90b746a67428304f55
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 122178 81d3c641d508b17f8fd8ce365e8c8085
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 11232680 30510f3f026ea8b39d789dd0da02bfd6
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 583938 a36bfd97b21516a0c848c229aeb5acb9
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 677326 040fc1728ce81c21889f7812c8b23117
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 12488346 6bc809171c6ac41dfe9d4303dbf6aeda
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 584720 c4eb7f1bbde19d287ceb4a4c48f01c32
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 122152 44fc5e4aa25b890f3981f618288e86d5
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 671070 682574782e0c22d437d30cb886a66007
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2010:0360-01)以及相应补丁:
RHSA-2010:0360-01:Moderate: wireshark security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0360.html
Wireshark
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.wireshark.org/
浏览次数:3493
严重程度:0(网友投票)
绿盟科技给您安全的保障