Wireshark · Wireshark-dev: Re: [Wireshark-dev] External processes in Snort dissector

Wireshark-dev: Re: [Wireshark-dev] External processes in Snort dissector - code execution

From: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>

Date: Tue, 29 Aug 2017 10:13:04 +0200

Hi Peter,

W dniu 2017-08-28 18:50, Peter Wu napisał(a):

This can especially problematic for services like Cloudshark and
Webshark (by Jakub). The former is not yet affected since it does not
use 2.4 code (yet?) but the latter seems theoretically vulnerable as it
has a setconf API function (I was not able to get it to work though as
setconf changes are not visible in dumpconf).

dumpconf now support dumping value of snort.binary(https://code.wireshark.org/review/23268/),and sharkd setconf requested is blocked from webshark API(https://bitbucket.org/jwzawadzki/webshark/commits/2687eec6b0413462e072a660af96896ee7cd6c33).


Thanks,
Jakub.

Follow-Ups:
- Re: [Wireshark-dev] External processes in Snort dissector - code execution
  - From: Peter Wu

References:
- [Wireshark-dev] External processes in Snort dissector - code execution
  - From: Peter Wu

Prev by Date: Re: [Wireshark-dev] External processes in Snort dissector - code execution
Next by Date: [Wireshark-dev] Idea about Adding extra functionality in wireshark.
Previous by thread: Re: [Wireshark-dev] External processes in Snort dissector - code execution
Next by thread: Re: [Wireshark-dev] External processes in Snort dissector - code execution
Index(es):
- Date
- Thread