Wednesday, January 11, 2012

Vulnerabilities In Wireshark

There has been found three vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute arbitrary code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are all versions prior 1.4.11 or 1.6.5.

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from these advisories:
- http://www.wireshark.org/security/wnpa-sec-2012-01.html
- http://www.wireshark.org/security/wnpa-sec-2012-02.html
- http://www.wireshark.org/security/wnpa-sec-2012-03.html

No comments: