The root cause of the problem is that for some schemes, referenced files will be opened by the system’s standard application associated with a particular file type, as Euler explains in his blog post: 17-year-old bugĪ discussion on source code management platform GitLab suggests the issue may have been introduced with changes to Wireshark made as long as 17 years ago. The issue, tracked as CVE-2021-22191, was resolved through a recent update. The attack, discovered by security researcher Lukas Euler of Positive Security, is explained in a recent post on GitLab that features proof-of-concept videos.Įven though developers of Wireshark normally avoid asking for a CVE to be created for potential security issues that require user interaction, an exception was made in this case because of the “low barrier to entry and level of control” an attacker might gain. Variants of the same attack could potentially be thrown against users of the popular network security tool, widely used by security analysts and penetration testers, whether they use Windows or Xubuntu Linux-based systems. Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. CVE assigned due to potential for harm even though some social engineering trickery is required
0 kommentar(er)
