Wireshark mailing list archives
Re: External processes in Snort dissector - code execution
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Tue, 29 Aug 2017 10:13:04 +0200
Hi Peter, W dniu 2017-08-28 18:50, Peter Wu napisaĆ(a):
This can especially problematic for services like Cloudshark and Webshark (by Jakub). The former is not yet affected since it does not use 2.4 code (yet?) but the latter seems theoretically vulnerable as it has a setconf API function (I was not able to get it to work though as setconf changes are not visible in dumpconf).
dumpconf now support dumping value of snort.binary (https://code.wireshark.org/review/23268/), and sharkd setconf requested is blocked from webshark API (https://bitbucket.org/jwzawadzki/webshark/commits/2687eec6b0413462e072a660af96896ee7cd6c33).
Thanks, Jakub. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- External processes in Snort dissector - code execution Peter Wu (Aug 28)
- Re: External processes in Snort dissector - code execution Martin Mathieson via Wireshark-dev (Aug 28)
- Re: External processes in Snort dissector - code execution Jakub Zawadzki (Aug 29)
- Re: External processes in Snort dissector - code execution Peter Wu (Aug 29)