A equipa de desenvolvimento do Wireshark corrigiu três falhas graves que podem ser exploradas por um atacante remoto não autenticado de forma a acionar uma condição de DoS no analisador de protocolos de rede mais popular do mundo.
As três vulnerabilidades identificadas como CVE-2018-16056, CVE-2018-16057 e CVE-2018-16058 afetam respectivamente o recurso Bluetooth Attribute Protocol (ATT) , o Radiotap e o componentes Audio/Video Distribution Transport Protocol (AVDTP) do Wireshark.
Está disponível publicamente uma PoC para cada falha. As vulnerabilidades são triviais de serem exploradas, um invasor pode explorar as vulnerabilidades injetando um pacote malformado numa rede. Os invasores apeanas precisam enganar a vítima a abrir um ficheiro malicioso presente no packet trace.
“To exploit the vulnerability, the attacker may use misleading language and instructions to convince a user to open a malicious packet trace file.” reads the security advisory published for the CVE-2018-16057 flaw.
“To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. This access requirement may reduce the likelihood of a successful exploit.”
Os utiizadores do Wireshark precisam atualizar o software para uma das seguintes versõies: 2.6.3, 2.4.9 ou 2.2.17.
- Administrators are advised to apply the appropriate updates.
- Administrators are advised to allow only trusted users to have network access.
- Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.
- Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
- Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
- Administrators are advised to monitor affected systems.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.