CVE-2008-1562
published 2008-03-31CVE-2008-1562: The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
50.69%
98.8th percentile
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malformed LDAP packets targeting Wireshark versions 0.99.2 through 0.99.8 can be used to crash the LDAP dissector; monitor for anomalous/malformed LDAP traffic directed at hosts running vulnerable Wireshark versions. ↗
- →A Metasploit auxiliary module exists for this DoS: modules/auxiliary/dos/wireshark/ldap.rb — presence of this module in use on the network indicates active exploitation attempts. ↗
- →A proof-of-concept PCAP file (31553.pcap) is publicly available and can be used as a signature source for network-based detection of exploit attempts. ↗
- ·Vulnerability affects Wireshark versions 0.99.2 through 0.99.8 (inclusive); versions outside this range are not affected by this specific CVE. ↗
- ·This is a distinct vulnerability from CVE-2006-5740, which also affected the Wireshark LDAP dissector; ensure both are tracked separately. ↗
- ·Arbitrary code execution has not been confirmed; the primary confirmed impact is application crash/denial of service. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wg7h-v77w-f95g: The LDAP dissector in Wireshark (formerly Ethereal) 0
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2008-1562 [MEDIUM] CWE-20 GHSA-wg7h-v77w-f95g: The LDAP dissector in Wireshark (formerly Ethereal) 0
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Red Hat
wireshark: crash in LDAP dissector
vendor_redhat·2008-03-28·CVSS 5.0
CVE-2008-1562 [MEDIUM] wireshark: crash in LDAP dissector
wireshark: crash in LDAP dissector
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Debian
CVE-2008-1562: wireshark - The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows...
vendor_debian·2008·CVSS 5.0
CVE-2008-1562 [MEDIUM] CVE-2008-1562: wireshark - The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows...
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
Exploit-DB
Wireshark 0.99.8 - LDAP Dissector Denial of Service
exploitdb·2008-03-28
CVE-2008-1562 Wireshark 0.99.8 - LDAP Dissector Denial of Service
Wireshark 0.99.8 - LDAP Dissector Denial of Service
---
source: https://www.securityfocus.com/bid/28485/info
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
These issues affect Wireshark 0.99.2 up to and including 0.99.8.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31553.pcap
Metasploit
Wireshark LDAP Dissector DOS
metasploit
Wireshark LDAP Dissector DOS
Wireshark LDAP Dissector DOS
The LDAP dissector in Wireshark 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Bugzilla
CVE-2008-1562 wireshark: crash in LDAP dissector
bugzilla·2008-04-01·CVSS 5.0
CVE-2008-1562 [MEDIUM] CVE-2008-1562 wireshark: crash in LDAP dissector
CVE-2008-1562 wireshark: crash in LDAP dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1562 to the following vulnerability:
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Refences:
http://www.wireshark.org/security/wnpa-sec-2008-02.html
http://www.securityfocus.com/bid/28485
http://www.frsirt.com/english/advisories/2008/1007/references
http://secunia.com/advisories/29569
Discussion:
wireshark-1.0.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-1.0.0-1.fc8 has been pushed to the Fedora 8 stabl
Bugzilla
CVE-2008-0983 lighttpd crashes when it's low on file descriptors
bugzilla·2008-02-22·CVSS 5.0
CVE-2008-0983 [MEDIUM] CVE-2008-0983 lighttpd crashes when it's low on file descriptors
CVE-2008-0983 lighttpd crashes when it's low on file descriptors
Description of problem:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
http://trac.lighttpd.net/trac/ticket/1562
See those references. I am not sure whether they are the same issue (one seems
to be solaris dependent and produces different result), but the debian crash
definitely is of our interest.
If they are the same it can be triggered by opening a lot of connections to the
web server.
Discussion:
*** Bug 435418 has been marked as a duplicate of this bug. ***
---
Upstream bug is closed now with following patch as the final solution:
http://trac.lighttpd.net/trac/changeset/2082
---
lighttpd-1.4.18-6.fc8 has been submitted as an update for Fedora 8
---
lighttpd-1.4.18-3.fc7 has been submitted as an upda
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlhttp://secunia.com/advisories/29569http://secunia.com/advisories/29622http://secunia.com/advisories/29695http://secunia.com/advisories/29736http://secunia.com/advisories/29971http://secunia.com/advisories/32091http://support.avaya.com/elmodocs2/security/ASA-2008-392.htmhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138http://www.gentoo.org/security/en/glsa/glsa-200805-05.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:091http://www.redhat.com/support/errata/RHSA-2008-0890.htmlhttp://www.securityfocus.com/archive/1/490487/100/0/threadedhttp://www.securityfocus.com/bid/28485http://www.securitytracker.com/id?1019728http://www.vupen.com/english/advisories/2008/1007/referenceshttp://www.vupen.com/english/advisories/2008/2773http://www.wireshark.org/security/wnpa-sec-2008-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41516https://issues.rpath.com/browse/RPL-2418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlhttp://secunia.com/advisories/29569http://secunia.com/advisories/29622http://secunia.com/advisories/29695http://secunia.com/advisories/29736http://secunia.com/advisories/29971http://secunia.com/advisories/32091http://support.avaya.com/elmodocs2/security/ASA-2008-392.htmhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138http://www.gentoo.org/security/en/glsa/glsa-200805-05.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:091http://www.redhat.com/support/errata/RHSA-2008-0890.htmlhttp://www.securityfocus.com/archive/1/490487/100/0/threadedhttp://www.securityfocus.com/bid/28485http://www.securitytracker.com/id?1019728http://www.vupen.com/english/advisories/2008/1007/referenceshttp://www.vupen.com/english/advisories/2008/2773http://www.wireshark.org/security/wnpa-sec-2008-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41516https://issues.rpath.com/browse/RPL-2418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html
2008-03-31
Published