CVE-2009-0601 - Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local

CVE-2009-0601

Summary

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Per http://www.vupen.com/english/advisories/2009/0370: "Multiple vulnerabilities have been identified in Wireshark, which could be exploited by local or remote attackers to cause a denial of service or compromise a vulnerable system."

References

Vulnerable Configurations

cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 10-10-2018 - 19:29)
Impact:
Exploitability:

CWE

CWE-134

CAPEC

String Format Overflow in syslog()
This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Format String Injection
An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	33690
bugtraq	20090312 rPSA-2009-0040-1 tshark wireshark
confirm	http://wiki.rpath.com/Advisories:rPSA-2009-0040 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150 https://issues.rpath.com/browse/RPL-2984
sectrack	1021697
secunia	34264
suse	SUSE-SR:2009:005
vupen	ADV-2009-0370

statements via4

contributor	Tomas Hoger
lastmodified	2009-02-17
organization	Red Hat
statement	Red Hat does not consider this to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0601#c3

Last major update

10-10-2018 - 19:29

Published

16-02-2009 - 20:30

Last modified

10-10-2018 - 19:29