Search This Blog

Showing posts with label Network Analyzer Softwares. Show all posts

Wireshark released version 1.8.1 and 1.6.9 to close critical vulnerability

Wireshark Team have released versions 1.8.1 and 1.6.9 to close important vulnerabilities in their open source network protocol analyser.

The vulnerabilities are a problem in the Point-to-Point Protocol (PPP) dissector that leads to a crash and a bug in the Network File System (NFS) dissector that could result in excessive consumption of CPU resources; to take advantage of the holes, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file.

Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8 and 1.8.0 are affected; Users are advised to upgrade to 1.6.9 and 1.8.1 to fix the problem.

Wireshark 1.6.9 and 1.8.1 are available to download

Wireshark 1.6 and 1.4 Released

Wireshark Team has released updated version 1.6.1 and 1.4.8 to fix the security flaw in previous versions.

According to their security advisory, the previous versions 1.4.0 to 1.4.7 are vulnerable to  Lucent/Ascend file parser and ANSI MAP vulnerabilities.

"It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file" security advisory reads. The vulnerabilities have been patched in the 1.4.8 version.

The same vulnerability affects the version 1.6.0 to 1.6.0 .  It has been fixed in the latest version 1.6.1

Official page:Download Wireshark