Wireshark / Ethereal Dissector LWRES Multiple Buffer Overflows
High Nessus Plugin ID 44338
SynopsisThe remote host has an application that is affected by several buffer overflows.
DescriptionThe installed version of Wireshark or Ethereal is potentially vulnerable to attack by handling data associated with the LWRES dissector.
These vulnerabilities can result in a denial of service, or possibly arbitrary code execution. A remote attacker can exploit these issues by tricking a user into opening a maliciously crafted capture file. Additionally, if Wireshark is running in promiscuous mode, one of these issues can be exploited remotely.
SolutionUpgrade to Wireshark version 1.0.11 / 1.2.6 or later.