Wireshark updates close critical vulnerabilities
The Wireshark developers have announced the release of version 1.2.15 and 1.4.4 of their open source, cross-platform network protocol analyser; maintenance updates address two highly critical security vulnerabilities that could cause the application to crash.
The first issue (CVE-2011-0538), discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team, could lead to memory corruption when reading a .pcap file in the pcap-ng format – this could be used by a remote attacker, for example, to effect a denial-of-service (DoS) attack. The other (CVE-2011-0713) is a bug that could lead to a heap-based buffer overflow when reading a specially crafted Nokia DCT3 trace file, possibly leading to the execution of arbitrary code. Further changes include fixes for 32-bit systems when reading a malformed 6LoWPAN packet and updates to various dissectors. All users are advised to update to the latest versions as soon as possible.
More details about the maintenance updates, including a full list of changes, can be found in the 1.2.15 and 1.4.4 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download and documentation is provided. Wireshark, formerly known as Ethereal, is licensed under version 2 of the GNU General Public Licence (GPLv2).
- MAC-LTE, ENTTEC, and ASN.1 BER vulnerabilities in Wireshark® version 1.4.0, a Wireshark security advisory.
- Multiple vulnerabilities in Wireshark® version 1.2.0 to 1.2.14, a Wireshark security advisory.
- Wireshark 1.5.0 development preview arrives, a report from The H.