Wireshark updates patch vulnerability
The Wireshark Project developers have released version 1.2.12 and 1.4.1 of their open source, cross-platform network protocol analyser. According to the developers, the security updates address a vulnerability (CVE-2010-3445) that could cause the application to crash.
Reportedly, the vulnerability is triggered either by injecting a series of malformed packets, or by having a victim open a specially crafted packet trace file, leading to a stack overflow in the ASN.1 BER dissector. The developers note that, due to the nature of the issues, they do not advise trying to work around the problem by disabling dissectors. Apparently, all versions up to and including 1.2.11 and 1.4.0 are affected. The vulnerabilities were discovered by the Penetration Test Team of NCNIPC (China). Other changes in each of the updates include updated protocol support and various bug fixes ranging from user interface issues to problems in the packet list.
The developers also announced that the 1.0.x branch of Wireshark has reached its end-of-life (EOL). Users currently running Wireshark 1.0.x are encouraged to upgrade to the latest release.
Further information about the updates, including a full list of changes, can be found in the 1.2.12 and 1.4.1 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download from the project's site and documenation is provided. Wireshark, formerly known as Ethereal, is licensed under version 2 of the GNU General Public Licence (GPLv2).
See also:
- ASN.1 BER vulnerability in Wireshark version 1.4.0, a Wireshark security advisory.
- Vulnerabilities in Wireshark version 1.2.0 to 1.2.11, a Wireshark security advisory.
- Wireshark 1.4.0 drops Windows 2000 support, a report from The H.
(crve)