In association with heise online

28 June 2007, 12:05

Six fewer DoS vulnerabilities in new Wireshark version

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In Version 0.99.6 of the network protocol analyser Wireshark (formerly Ethereal), multiple vulnerabilities have been eliminated which, among other things, could influence the stability and security of a system. As already noted in many of the previous vulnerabilities in Wireshark and Ethereal, errors have occurred during the reading of capture files or while analysing specific protocol packets. In this latest case, Wireshark crashed during the parsing of crafted HTTP chunked response packets and DHCP/BOOTP packets.

The analysis of faulty DCP-ETSI, SSL and MMS packets could exhaust system memory or created an infinite loop. Ultimately, Wireshark crashed while reading specific iSeries capture files. In addition, some vulnerabilities have been fixed in Version 0.99.6 which are not relevant to security.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit