![]() On Windows machines, if a user opens the malicious pcap file and double-clicks the file URL, the WebDAV share is mounted in the background and the. http and https URLs passed to this function are opened by the browser which is generally safe.įor some other schemes like dav and file however, referenced files will be opened by the system’s standard application associated with their file type.īy preparing internet-hosted file shares and executable files, arbitrary code execution can be achieved via malicious pcap(ng) files or captured live-traffic and some user interaction. Some fields in the Wireshark proto_tree are double-clickable and pass URLs with arbitrary schemes to the QDesktopServices::openUrl function. ![]() The root cause of the problem is that for some schemes, referenced files will be opened by the system’s standard application associated with a particular file type, as Euler explains in his blog post: 17-year-old bugĪ discussion on source code management platform GitLab suggests the issue may have been introduced with changes to Wireshark made as long as 17 years ago. The issue, tracked as CVE-2021-22191, was resolved through a recent update. The attack, discovered by security researcher Lukas Euler of Positive Security, is explained in a recent post on GitLab that features proof-of-concept videos.Įven though developers of Wireshark normally avoid asking for a CVE to be created for potential security issues that require user interaction, an exception was made in this case because of the “low barrier to entry and level of control” an attacker might gain. Variants of the same attack could potentially be thrown against users of the popular network security tool, widely used by security analysts and penetration testers, whether they use Windows or Xubuntu Linux-based systems. Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. ![]() CVE assigned due to potential for harm even though some social engineering trickery is required ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |