A equipa de desenvolvimento do Wireshark corrigiu três falhas graves que podem ser exploradas por um atacante remoto não autenticado de forma a acionar uma condição de DoS no analisador de protocolos de rede mais popular do mundo.
As três vulnerabilidades identificadas como CVE-2018-16056, CVE-2018-16057 e CVE-2018-16058 afetam respectivamente o recurso Bluetooth Attribute Protocol (ATT) , o Radiotap e o componentes Audio/Video Distribution Transport Protocol (AVDTP) do Wireshark.
Está disponível publicamente uma PoC para cada falha. As vulnerabilidades são triviais de serem exploradas, um invasor pode explorar as vulnerabilidades injetando um pacote malformado numa rede. Os invasores apeanas precisam enganar a vítima a abrir um ficheiro malicioso presente no packet trace.
“To exploit the vulnerability, the attacker may use misleading language and instructions to convince a user to open a malicious packet trace file.” reads the security advisory published for the CVE-2018-16057 flaw.
“To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. This access requirement may reduce the likelihood of a successful exploit.”
Os utiizadores do Wireshark precisam atualizar o software para uma das seguintes versõies: 2.6.3, 2.4.9 ou 2.2.17.
- Administrators are advised to apply the appropriate updates.
- Administrators are advised to allow only trusted users to have network access.
- Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.
- Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
- Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
- Administrators are advised to monitor affected systems.