Wireshark Updates Vulnerabilities

Friday, March 4, 2011 @ 04:03 PM gHale


Wireshark developers released version 1.2.15 and 1.4.4 of their open source, cross-platform network protocol analyzer; maintenance updates that address two highly critical security vulnerabilities that could cause the application to crash.

The first issue (CVE-2011-0538), discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team, could lead to memory corruption when reading a .pcap file in the pcap-ng format. A remote hacker could use this to effect a denial-of-service (DoS) attack. The other (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0713 CVE-2011-0713) is a bug that could lead to a heap-based buffer overflow when reading a specially crafted Nokia DCT3 trace file, possibly leading to the execution of arbitrary code. Further changes include fixes for 32-bit systems when reading a malformed 6LoWPAN packet and updates to various dissectors. All users should update to the latest versions as soon as possible.

More details about the maintenance updates, including a full list of changes, can be found in the 1.2.15 and 1.4.4 release notes.

Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download and documentation is available. Wireshark, formerly known as Ethereal, has a license under version 2 of the GNU General Public Licence (GPLv2).



Leave a Reply

You must be logged in to post a comment.