There has been found a vulnerability in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerability an attacker may be able to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Vulnerable dissector components are: Catapult DCT2000, IrDA, RLC, ASN.1 BER. GTP- and GSM Management.
Vulnerable versions are: 1.10.0 - 1.10.8
Non vulnerable version of Wireshark 1.10.x series can be downloaded here. The latest stable version, Wireshark 1.12.0 can be downloaded here.
More information can be read from the related advisories:
- wnpa-sec-2014-08
- wnpa-sec-2014-09
- wnpa-sec-2014-10
- wnpa-sec-2014-11
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment