This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Untrusted search path vulnerability in Wireshark. π **Consequences**: Local users can execute malicious Lua scripts to gain **privileged access**.β¦
π¦ **Affected Versions**: 1. Wireshark **1.4.x** (before 1.4.9) 2. Wireshark **1.6.x** (before 1.6.2). β οΈ Note: Wireshark was formerly known as **Ethereal**.
Q4What can hackers do? (Privileges/Data)
π **Attacker Action**: A local user places a **Trojan Lua script** in an unmonitored directory. π **Result**: When Wireshark runs, it executes this script with **elevated privileges**. Data integrity is compromised.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Low**. Requires **Local User** access. No remote exploitation or complex authentication bypass needed. Just physical/logical access to the local machine.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exploit**: **No** public PoC or wild exploit found in the provided data. π **References**: Only vendor advisories (RedHat, Mandriva) and mailing list discussions (oss-security) are listed.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Check your Wireshark version. 2. Is it **< 1.4.9** or **< 1.6.2**? 3. Inspect Lua script directories for unauthorized files. 4. Use vulnerability scanners targeting Wireshark CVE-2011-3360.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **Yes**. Official patches are available. π§ **Mitigation**: Upgrade to **Wireshark 1.4.9+** or **1.6.2+**. Vendor advisories from RedHat and Mandriva confirm the fix.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: 1. **Restrict permissions** on Lua script directories. 2. **Disable Lua scripting** if not needed. 3. Ensure only **trusted sources** are in the search path. 4.β¦