|
EtherealEthereal 0.99.0 Release Notes |
|
||
|
|
EtherealEthereal 0.99.0 Release Notes |
|
||
Table of Contents
Ethereal is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
Many security vulnerabilities have been fixed since the previous release. See the application advisory for more details.
The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933
The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937
The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937
Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932
The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935
The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal:
The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937
Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938
An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937
The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937
The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939
The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939
The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938
The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933
The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940
The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934
The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934
The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934
The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936
ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939
The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937
The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939
The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939
Under Windows, Unicode characters in profile and configuration file paths could cause problems. Versions affected: 0.10.14.
The Coverity audit turned up several UI-related bugs that could make Ethereal crash.
The following features are new (or have been significantly updated) since the last release:
The new command line tool dumpcap makes it possible to capture network data without the drawbacks of (t)ethereal (memory usage, security problems, ...) while keeping the benefit of advanced techniques like multiple (ringbuffer) files and alike.
The man page of dumpcap in HTML format is available at http://www.ethereal.com/docs/man-pages/dumpcap.1.html.
The source distribution of Ethereal now supports SSL, IPsec ESP, and ISAKMP decryption. (This feature has not yet been enabled in the Windows installer.)
Win32: Catch hardware exceptions caused by buggy dissectors. If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now but displays the exception and tries to continue decoding packets.
The Windows version of Ethereal now uses native open and save file dialogs.
In related news, Ethereal now runs as a full-fledged Unicode application under Windows.
Recent versions of Ethereal were flagging packets with an incorrect TCP checksum as malformed. False positives were being triggered on systems that use TCP checksum offloading. We now check to see if the checksum is not 0x0000 before flagging the packet as malformed.
If your system uses TCP checksum offloading and Ethereal still shows bad checksums for outgoing TCP packets and the checksums for outgoing TCP packets are not 0x0000, this could mean that your operating system is exposing kernel memory unneccessarily. If this is the case, you should report the problem to your OS vendor.
The expert analysis feature has been enhanced.
3G A11, 802.11, 802.1Q, 802.3 Slow Protocols, AIM, ALCAP, ANSI MAP, ASF, ASN.1 BER, ASN.1 PER, BACapp, BACnet, BFD, BGP, BPDU, BSSAP, BSSGP, Camel, CDP, CLNP, CMP, COPS, DCERPC (DCERPC, LSA, NT, PNP), DCOM (CBA, DCOM, Dispatch), DHCP, DIAMETER, DNS, DOCSIS DCC, eDonkey, Ethernet, FC, FCP, FIX, G.723, GIOP, GRE, GSM A, GSM MAP, GSSAPI, GTP, H.245, H.248, H.450, HTTP, IAPP, ICMPv6, iFCP, IP, IPMI, IPP, IPsec, IPv6, ISAKMP, iSCSI, ISUP, IuUP, Juniper GGSN, JXTA, K12, Kerberos, LAPD, LDAP, LLDP, LOOP, M3UA, MEGACO, MPLS, MS MMS, MS NLB, MS Proxy, MTP3, NBNS, NCP 2222, NDPS, Netflow, NFS, NJACK, NLM, NSIP, NTLMSSP, PN-DCP, POP, PPP, Q.931, Radiotap, RADIUS, RANAP, RNSAP, RPC, RSYNC, RTCP, RTP, SCCP, SCCP MG, SCSI, SDP, Sebek, SES, SIGCOMP, SIGCOMP UDVM, SIP, SKINNY, SMB2, SMB (Mailslot, PIPE, SMB), SMPP, SNDCP, SNMP, SOCKS, SPNEGO, SRVLOC, SSL, STUN, Syslog, T.38, TACACS, TCAP, TCP, TDS, Telnet, TIPC, UDP, UMA, WSP, X11, X.411, X.509, XML
Download ethereal-setup-0.99.0.exe from the Windows download area on the main web site. Double-click the installer executable.
Download the appropriate package from the Solaris download area on the main web site. Uncompress the package using bzip2, and install it using pkgadd.
Download ethereal-0.99.0.tar.gz from the main download area on the web site. Extract the package using tar and gzip. Run "configure ; make ; make install".
Most Linux and Unix vendors supply their own Ethereal packages. You can install or upgrade Ethereal using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Ethereal web site.
Ethereal and Tethereal look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
On Windows systems the packet list scroll bar can sometimes disappear or become unusable. Until the problem is fixed you can work around it by resizing the packet list or the main window. (Bug #220)
The button is nonfunctional in the file dialogs under Windows.
Trying to save flow data may crash Ethereal. (Bug #396)
It may not be possible to re-order coloring rules under Windows. (Bug #699)
Multiple tap interfaces may cause a crash under FreeBSD. (Bug #757)
Ethereal may crash while viewing TCP streams. (Bug #852)
Ethereal may crash while adjusting column preferences. (Bug #886)
Community support is available on the ethereal-users mailing list. Subscription information and archives for all of Ethereal's mailing lists can be found on the web site. There is also an IRC channel dedicated to Ethereal.
Commercial support, training, and development services are available from Ethereal Software.
A complete FAQ is available on the Ethereal web site.