Wireshark LDAP dissector DOS
The LDAP dissector in Wireshark 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Rank
- Normal
Authors
- MC < mc [at] metasploit.com >
Vulnerability References
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/dos/wireshark/ldap
msf auxiliary(ldap) > set RHOST [TARGET IP]
msf auxiliary(ldap) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/dos/wireshark/ldap
msf auxiliary(ldap) > set RHOST [TARGET IP]
msf auxiliary(ldap) > run
Module Options
| INTERFACE | The name of the interface |
| RHOST | The target address |
| RPORT | The destination port (default: 389) |
| SHOST | This option can be used to specify a spoofed source address |
| SNAPLEN | The number of bytes to capture (default: 65535) |
| TIMEOUT | The number of seconds to wait for new data (default: 500) |
| GATEWAY | The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set. |
| NETMASK | The local network mask. This is used to decide if an address is in the local network. |
| UDP_SECRET | The 32-bit cookie for UDP probe requests. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |