In association with heise online

23 May 2012, 14:30

Wireshark updates close DoS security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Wireshark logo Versions 1.6.8 and 1.4.13 of the open source Wireshark network protocol analyser have been released, fixing bugs and closing security holes. The maintenance and security updates to the cross-platform tool address a total of three vulnerabilities that could be exploited by an attacker to cause a denial-of-service (DoS).

These include a memory allocation flaw in the DIAMETER dissector, infinite and large loops in eight other dissectors, and a memory alignment flaw when running on SPARC or Itanium processors. For an attack to be successful, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.12 and 1.6.0 to 1.6.7 are affected; upgrading to 1.4.13 or 1.6.8 corrects these problems.

A full list of changes and bug fixes in the updates can be found in the 1.4.13 and 1.6.8 release notes. Wireshark 1.4.13 and 1.6.8 are available to download from the project's site and are licensed under the GPLv2.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1582717
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit