In association with heise online

19 December 2007, 10:14

Wireshark network analysis tool version 0.99.7 available

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Wireshark project has marked version 0.99.7 of the open source network analysis tool as stable and released it for public consumption. Security vulnerabilities in a number of software modules were reported just under a month ago. The new version fixes these vulnerabilities. Remote attackers can exploit the bugs to cause previous versions of the software to enter an infinite loop, crash or possibly to inject arbitrary code.

Wireshark could be made to crash when analysing crafted MP3 files or NCP, HTTP and RCP packets. Crafted packets could cause the analysis modules for DNP, Firebird/Interbase, MEGACO, DCP-ETSI and Bluetooth-SDP to enter an infinite loop and thus crash or fully utilise system resources. Buffer overflows in the SSL, ANSI-MAP and PPP analysis modules could allow injection of external code.

Wireshark users should download and install the new version ASAP. Where updated packages are available from Linux distributors, these should likewise be installed without delay.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit