Wireshark updates patch vulnerabilities
The Wireshark development team has announced the release of version 1.2.16 and 1.4.5 of its open source, cross-platform network protocol analyser. According to the developers, these maintenance and security updates address multiple vulnerabilities that could, for example, cause the application to crash or allow remote code execution.
The 1.4.x branch of Wireshark is vulnerable to a bug in the NFS dissector that could lead it to crash on Windows, as well as a buffer overflow issue in the DECT dissector. Paul Makowski from SEI/CERT, who discovered the buffer overflow problem, is said to have verified that this "could allow remote code execution on many platforms". Versions 1.4.0 up to and including 1.4.4 are reportedly affected; Wireshark 1.4.5 fixes these issues. However, the developers have already updated the 1.4.x branch to version 1.4.6 to address a bug in the TCP dissector which could cause the application to crash.
A third problem in the X.509if dissector, which could lead to a crash, affecting both the 1.4.x and 1.2.x branches of Wireshark, has also been fixed. Wireshark 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4 are confirmed to be affected. All users are advised to update to the latest versions as soon as possible.
Further information about these maintenance and security updates, including a full list of changes, can be found in the 1.2.16 and 1.4.5 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download and documenation is provided.
Wireshark, formerly known as Ethereal, is licensed under version 2 of the GNU General Public Licence (GPLv2). The latest development version is version 1.5.1, the first point update to the Wireshark 1.5.x branch, a development preview of what will become Wireshark 1.6.
- DECT, NFS, and X.509if vulnerabilities in Wireshark® version 1.4.0, a Wireshark security advisory.
- X.509if vulnerability in Wireshark® version 1.2.0 to 1.2.15, a Wireshark security advisory.