Security update for Wireshark
Version 1.0.4 of the free network analyser Wireshark eliminates five vulnerabilities that make the program crash when analysing certain packets. The errors are located in the dissectors, which are modules for processing Bluetooth ACLs, RFCOMM connections, and the Q.931 protocol.
The dissectors for the rarely encountered parallel redundancy protocol (PRP), MATE, and Tamos CommView capture files also contain similar errors. Versions 0.10.3 to 1.0.3 inclusive are affected.
Although the crashing of Wireshark is not, in itself, a security issue the problem comes where a network is being monitored by Wireshark. An attacker could cover their tracks by first crashing the Wireshark monitoring before commencing their actual attack, making forensic analysis of the intrusion much harder.
See also:
- Multiple problems in Wireshark, Wireshark advisory
(djwm)