Ethereal

News Article
Search:

Home | Introduction | Download | Documentation | Lists | FAQ | Development | Wiki

News

Ethereal 0.10.11 released - Wednesday, May 4, 2005

An aggressive testing program as well as independent discovery has turned up a multitude of security issues:

The ANSI A dissector was susceptible to format string vulnerabilities. Discovered by Bryan Fulton. Versions affected: 0.9.15 to 0.10.10

The GSM MAP dissector could crash. Versions affected: 0.10.0 to 0.10.10

The AIM dissector could cause a crash. Versions affected: 0.9.14 to 0.10.10

The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja van Sprundel Versions affected: 0.9.13 to 0.10.10

The FCELS dissector was susceptible to a buffer overflow. Discovered by Neil Kettle Versions affected: 0.9.9 to 0.10.10

The SIP dissector was susceptible to a buffer overflow. Discovered by Ejovi Nuwere. Versions affected: 0.10.0 to 0.10.10

The KINK dissector was susceptible to a null pointer exception, endless looping, and other problems. Versions affected: 0.10.10

The LMP dissector was susceptible to an endless loop. Versions affected: 0.9.4 to 0.10.10

The Telnet dissector could abort. Versions affected: 0.9.10 to 0.10.10

The TZSP dissector could cause a segmentation fault. Versions affected: 0.10.10 to 0.10.10

The WSP dissector was susceptible to a null pointer exception and assertions. Versions affected: 0.10.0 to 0.10.10

The 802.3 Slow protocols dissector could throw an assertion. Versions affected: 0.10.10

The BER dissector could throw assertions. Versions affected: 0.10.2 to 0.10.10

The SMB Mailslot dissector was susceptible to a null pointer exception and could throw assertions. Versions affected: 0.9.0 to 0.10.10

The H.245 dissector was susceptible to a null pointer exception. Versions affected: 0.10.10

The Bittorrent dissector could cause a segmentation fault. Versions affected: 0.10.8 to 0.10.10

The SMB dissector could cause a segmentation fault and throw assertions. Versions affected: 0.9.0 to 0.10.10

The Fibre Channel dissector could cause a crash. Versions affected: 0.9.9 to 0.10.10

The DICOM dissector could attempt to allocate large amounts of memory. Versions affected: 0.10.4 to 0.10.10

The MGCP dissector was susceptible to a null pointer exception, could loop indefinitely, and segfault. Versions affected: 0.8.14 to 0.10.10

The RSVP dissector could loop indefinitely. Versions affected: 0.9.8 to 0.10.10

The DHCP dissector was susceptible to format string vulnerabilities, and could abort. Versions affected: 0.10.7 to 0.10.10

The SRVLOC dissector could crash unexpectedly or go into an infinite loop. Versions affected: 0.9.8 to 0.10.10

The EIGRP dissector could loop indefinitely. Versions affected: 0.8.18 to 0.10.10

The ISIS dissector could overflow a buffer. Versions affected: 0.8.18 to 0.10.10

The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, and X.509 dissectors could overflow buffers. Versions affected: 0.10.4 to 0.10.10

The NDPS dissector could exhaust system memory or cause an assertion, or crash. Versions affected: 0.9.12 to 0.10.10

The Q.931 dissector could try to free a null pointer and overflow a buffer. Versions affected: 0.10.10

The IAX2 dissector could throw an assertion. Versions affected: 0.10.1 to 0.10.10

The ICEP dissector could try to free the same memory twice. Versions affected: 0.10.7 to 0.10.10

The MEGACO dissector was susceptible to an infinite loop and a buffer overflow. Versions affected: 0.9.14 to 0.10.10

The DLSw dissector was susceptible to an infinite loop. Versions affected: 0.9.1 to 0.10.10

The RPC dissector was susceptible to a null pointer exception. Versions affected: 0.9.2 to 0.10.10

The NCP dissector could overflow a buffer or loop for a large amount of time. Versions affected: 0.10.5 to 0.10.10

The RADIUS dissector could throw an assertion. Versions affected: 0.10.3 to 0.10.10

The GSM dissector could access an invalid pointer. Versions affected: 0.10.10

The SMB PIPE dissector could throw an assertion. Versions affected: 0.9.0 to 0.10.10

The L2TP dissector was susceptible to an infinite loop. Versions affected: 0.10.9 to 0.10.10

The SMB NETLOGON dissector could dereference a null pointer. Versions affected: 0.9.12 to 0.10.10

The MRDISC dissector could throw an assertion. Versions affected: 0.8.19 to 0.10.10

The ISUP dissector could overflow a buffer or cause a segmentation fault. Versions affected: 0.8.19 to 0.10.10

The LDAP dissector could crash. Versions affected: 0.10.1 to 0.10.10

The TCAP dissector could overflow a buffer or throw an assertion. Versions affected: 0.10.8 to 0.10.10

The NTLMSSP dissector could crash. Versions affected: 0.9.7 to 0.10.10

The Presentation dissector could overflow a buffer. Versions affected: 0.10.1 to 0.10.10

Additionally, a number of dissectors could throw an assertion when passing an invalid protocol tree item length. Versions affected: 0.10.8 to 0.10.10

Please see the application advisory for more information.

Everyone is encouraged to upgrade.

New and updated features

Many user interface improvements have been made:

 The toolbar has been updated.

 Packet detail tree items can be expanded and collapsed with the right and left arrow keys.

 The status bar display has been improved.

 Live captures can now be restarted from the toolbar.

More improvements have been made to the ring buffer feature.

Display filters are now faster.

The capture engine has received major updates.

New protocol support

9P, Aruba ADP, Camel, DRSUAPI, DUA, HPSW, Monotone Netsync, nettl, UMA, VNC (RFB)

Updated protocol support

ACSE, AgentX, AIM, AMR, ANSI A, ASN.1 BER/PER, ATM, ATSVC, BACapp, BOOTP/DHCP, CDP, CMIP, CMP, CMS, CRMF, DCERPC, DHCPFO, DIAMETER, DICOM, DISTCC, DLSw, EFS, EIGRP, EPM, ESIS, ESS, ETHERIC, Ethernet, FC, FCELS, FCP, FTAM, G.723, GIOP, GRE, GSM, GSS-API, GTP, H.225, H.245, H.263, HTTP, IAX2, ICEP, IEEE 802.11, IEEE 802.3 Slow protocols, INAP, IP, IPsec, ISAKMP, iSCSI, ISIS, ISL, ISMP, ISUP, JXTA, Kerberos, KINK, Kpasswd, L2TP, LDAP, LMP, M3UA, MANOLITO, MEGACO, MGCP, MIP6, MMSE, MQ, MRDISC, MTP2, NCP, NDMP, NDPS, NFS, NLM, OCSP, OSI options, PIM, PKIX1Explitit, PKIX Qualified, PKTC, Portmap, PPP, PRES, PROFINET DCP, Q.2931, Q.931, Q.933, RADIUS, RDM, RPC, RSVP, RTP, RTSP, RX, SCCP, SCSI, SCTP, SDP, sFlow, SIP, SKINNY, SM, SMB (SMB, PIPE, LOGON, Mailslot), SNA, SPNEGO, SRVLOC, SUA, TCAP, TCP, Telnet, TFTP, TZSP, Vines, WSP, X11, X.509, XML

New and updated capture file support

5Views, HP nettl

This release fixes three security and stability-related issues:

Matevz Pustisek discovered a buffer overflow in the Etheric dissector. (CAN-2005-0704)

The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. (CAN-2005-0705)

Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This flaw was later reported by Leon Juranic. (CAN-2005-0699)

Leon Juranic discovered a buffer overflow in the IAPP dissector.

A bug in the JXTA dissector could make Ethereal crash.

A bug in the sFlow dissector could make Ethereal crash.

Please see the application advisory for more information

Everyone is encouraged to upgrade.

New and updated features

Tree view item context menus now let you browse to the display filter reference and wiki pages for a particular protocol.

Online help has been expanded.

VoIP call analysis (including nifty connection diagrams) has been added.

GSS-API decryption has been greatly enhanced.

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com .
Last modified: Wed, May 04 2005.