CVE-2017-6468 : Security Advisory and Response

Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10 are affected by a NetScaler file parser crash due to improperly formatted capture files. The issue has been resolved by validating the connection between pages and records.

Understanding CVE-2017-6468

What is CVE-2017-6468?

In Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, a crash in the NetScaler file parser occurs due to malformed capture files.

The Impact of CVE-2017-6468

The vulnerability could lead to a denial of service (DoS) condition by crashing the NetScaler file parser in Wireshark.

Technical Details of CVE-2017-6468

Vulnerability Description

The crash in the NetScaler file parser is triggered by improperly formatted capture files, affecting Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10.

Affected Systems and Versions

Wireshark versions 2.2.0 to 2.2.4
Wireshark versions 2.0.0 to 2.0.10

Exploitation Mechanism

The vulnerability is exploited by using a malformed capture file to trigger the crash in the NetScaler file parser.

Mitigation and Prevention

Immediate Steps to Take

Update Wireshark to the latest version to patch the vulnerability.
Avoid opening suspicious or untrusted capture files.

Long-Term Security Practices

Regularly update and patch software to prevent known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Ensure timely installation of security updates and patches provided by Wireshark to address the NetScaler file parser crash.