Wireshark 1.6.1 Malformed IKE Packet DoS


New vulnerability have been discovered in Wireshark 1.6.1 that affects IKEv1 protocol function proto_tree_add_item() this bug allow to conduct a denial of service attack.

This is not the first vulnerability that has been discovered lately in wireshark as in the 18th of April Paul Makowski working for SEI/CERT discovered vulnerability allows a remote user that can send specially crafted data to trigger a buffer overflow in the DECT dissector and execute arbitrary code on the target system [CVE-2011-1591]. The code will run with the privileges of the target service.

Wireshark is one of the best network analyzer that operates as tcpdump with a graphical interface. The tool has a reach dashboard that displays all detected packets on the network with the possibility of filtering gathered information.

Currently there are no workaround but you can expact a patch for this issue soon.

Update: on Twitter @StigBjorlykke Wireshark Core Developer wrote on his twitter account that the vulnerability is just fixed.