Wireshark mailing list archives

Re: External processes in Snort dissector - code execution

From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Tue, 29 Aug 2017 10:13:04 +0200

Hi Peter,

W dniu 2017-08-28 18:50, Peter Wu napisał(a):

This can especially problematic for services like Cloudshark and
Webshark (by Jakub). The former is not yet affected since it does not
use 2.4 code (yet?) but the latter seems theoretically vulnerable as it
has a setconf API function (I was not able to get it to work though as
setconf changes are not visible in dumpconf).

dumpconf now support dumping value of snort.binary(https://code.wireshark.org/review/23268/),and sharkd setconf requested is blocked from webshark API(https://bitbucket.org/jwzawadzki/webshark/commits/2687eec6b0413462e072a660af96896ee7cd6c33).


Thanks,
Jakub.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

External processes in Snort dissector - code execution Peter Wu (Aug 28)
- Re: External processes in Snort dissector - code execution Martin Mathieson via Wireshark-dev (Aug 28)
- Re: External processes in Snort dissector - code execution Jakub Zawadzki (Aug 29)
  - Re: External processes in Snort dissector - code execution Peter Wu (Aug 29)