Wireshark updates fix DoS vulnerabilities
The developers at the Wireshark project have released versions 1.6.9 and 1.8.1 to close important security holes in their open source network protocol analyser. The updates to the cross-platform tool address two vulnerabilities that could be exploited by remote attackers to cause a denial of service (DoS).
The vulnerabilities are a problem in the Point-to-Point Protocol (PPP) dissector that leads to a crash and a bug in the Network File System (NFS) dissector that could result in excessive consumption of CPU resources; to take advantage of the holes, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8 and 1.8.0 are affected; upgrading to the new 1.6.9 and 1.8.1 releases fixes the problems. According to the project's security advisories, version 1.4.14 should correct these issues on the 1.4.x branch of Wireshark. However, at the time of writing, Wireshark 1.4.14 is not available on the site and release notes for that version have yet to be published.
More details about these updates, including a full list of known issues and changes, can be found in the 1.6.9 and 1.8.1 release notes. Wireshark 1.6.9 and 1.8.1 are available to download from the project's site and are licensed under the GPLv2.
- PPP dissector crash, a Wireshark security advisory.
- Large loop in the NFS dissector, a Wireshark security advisory.
- Wireshark 1.8.0 can capture from multiple interfaces at once, a report from The H.