SMB: Wireshark Insecure Search Path Script Execution
An insecure search path vulnerability exists in Wireshark. The vulnerability exists in when opening a pcap or capture file, the application searches for a script "console.lua" from the same directory that the pcap was found. A remote attacker could exploit this vulnerability by enticing a user to open a pcap file from a remote SMB share. Successful exploitation could allow an attacker to execute an arbitrary lua script in the context of the user running Wireshark.
Extended Description
Wireshark is prone to a vulnerability that lets attackers execute arbitrary code. A successful exploit can allow the attacker to execute arbitrary Lua script in the context of the affected application. Wireshark 1.6.0 to 1.6.1 and 1.4.0 to 1.4.8 are vulnerable.
Affected Products
Wireshark wireshark
References
BugTraq: 49528
CVE: CVE-2011-3360
URL: http://www.Wireshark.org/security/wnpa-sec-2011-15.html http://www.wireshark.org/security/wnpa-sec-2011-15.html
Short Name
SMB:FILE:WIRESHARK-INSECUREPATH
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMB
Keywords
CVE-2011-3360 Execution Insecure Path Script Search Wireshark bid:49528
Release Date
12/15/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3552
False Positive
Unknown
Vendors
Mandriva
Debian
Wireshark
CVSS Score
9.3