Linux Security
Linux Security
Linux Security

Pwning the pen tester: Malicious Wireshark packet capture file risk revealed

Date 16 Mar 2021
211
Posted By Brittany Day
Screen Shot 2021 03 16 At 7.47.31 AM

Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. A CVE has been assigned to the security issue (now resolved through a recent update) due its potential for harm, despite the fact that some social engineering trickery is required.

Variants of the same attack could potentially be thrown against users of the popular network security tool, widely used by security analysts and penetration testers, whether they use Windows or Xubuntu Linux-based systems.

The attack, discovered by security researcher Lukas Euler of Positive Security, is explained in a recent post on GitLab that features proof-of-concept videos.

Even though developers of Wireshark normally avoid asking for a CVE to be created for potential security issues that require user interaction, an exception was made in this case because of the “low barrier to entry and level of control” an attacker might gain.

The issue, tracked as CVE-2021-22191, was resolved through a recent update.

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"67","type":"x","order":"1","pct":75.28,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.73,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.99,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.