Monday, August 2, 2010

Vulnerabilities In Wireshark

There has been found vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are all versions prior 1.0.15, 1.2.10 or 1.4.0rc2.

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from these advisories:
http://www.wireshark.org/security/wnpa-sec-2010-07.html
http://www.wireshark.org/security/wnpa-sec-2010-08.html

No comments: