In association with heise online

22 October 2008, 10:49

Security update for Wireshark

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 1.0.4 of the free network analyser Wireshark eliminates five vulnerabilities that make the program crash when analysing certain packets. The errors are located in the dissectors, which are modules for processing Bluetooth ACLs, RFCOMM connections, and the Q.931 protocol.

The dissectors for the rarely encountered parallel redundancy protocol (PRP), MATE, and Tamos CommView capture files also contain similar errors. Versions 0.10.3 to 1.0.3 inclusive are affected.

Although the crashing of Wireshark is not, in itself, a security issue the problem comes where a network is being monitored by Wireshark. An attacker could cover their tracks by first crashing the Wireshark monitoring before commencing their actual attack, making forensic analysis of the intrusion much harder.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit