• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

Wireshark updated

78 posts in this topic

FYI...

 

Wireshark multiple vulns - update available

- http://secunia.com/advisories/29156/

Release Date: 2008-02-28

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark (formerly Ethereal) 0.x

...The vulnerabilities are reported in various versions prior to 0.99.8.

Solution: Update to version 0.99.8.

http://www.wireshark.org/download.html

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.wireshark.org/security/wnpa-sec-2008-02.html

Name: Multiple problems in Wireshark®versions 0.99.2 to 0.99.8

Docid: wnpa-sec-2008-02

Date: March 31, 2008 -?-

Versions affected: 0.99.2 up to and including 0.99.8 ...

Impact:

It may be possible to make Wireshark crash by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution: Upgrade to Wireshark 1.0.0 or later.

If are running Wireshark 0.99.8 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following:

* Disable the LDAP, Roofnet, and X.509sat dissectors:

o Select Analyze→Enabled Protocols... from the menu.

o Make sure "LDAP," "Roofnet," and "X509SAT" are un-checked.

o Click "Save", then click "OK"...

- http://www.wireshark.org/download.html

"...current stable release of Wireshark is 0.99.8..." (03.28.2008)

 

- http://secunia.com/advisories/29569/

Release Date: 2008-03-28

Critical: Moderately critical

Impact: DoS

Where: From -remote-

Solution Status: Unpatched

...The vulnerabilities are reported in various versions prior to 1.0.0.

Solution: Fixed in an -upcoming- version 1.0.0.

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark 1.0 released

- http://www.wireshark.org/

Mar 31, 2008 - "...In this release:

Security-related vulnerabilities in the X.509sat, Roofnet, LDAP, and SCCP dissectors have been fixed. See the advisory for details: http://www.wireshark.org/security/wnpa-sec-2008-02.html

 

Download:

- http://www.wireshark.org/download.html

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark multiple vulns - update available

- http://secunia.com/advisories/30886/

Release Date: 2008-07-01

Critical: Moderately critical

Impact: Exposure of sensitive information, DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark (formerly Ethereal) 0.x, Wireshark 1.x

Solution: Update to version 1.0.1...

Original Advisory: http://www.wireshark.org/security/wnpa-sec-2008-03.html

 

The current stable release of Wireshark is 1.0.1. It supersedes all previous releases...

- http://www.wireshark.org/download.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.0.2 released

- http://secunia.com/advisories/31044/

Release Date: 2008-07-11

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

...The vulnerability is reported in versions 0.8.19 to 1.0.1.

Solution:

Update to version 1.0.2.

http://www.wireshark.org/download.html

 

> http://www.wireshark.org/security/wnpa-sec-2008-04.html

 

//

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.0.3 released

- http://secunia.com/advisories/31674/

Release Date: 2008-09-04

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark (formerly Ethereal) 0.x, Wireshark 1.x...

Solution: Update to version 1.0.3.

http://www.wireshark.org/download.html

 

- http://www.wireshark.org/security/wnpa-sec-2008-05.html

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3146

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark multiple vulns - update available

- http://secunia.com/advisories/32355/

Release Date: 2008-10-21

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

...The weakness and the vulnerability affect versions 0.99.7 to 1.0.3.

Solution: Update to version 1.0.4.

http://www.wireshark.org/download.html ...

Original Advisory:

http://www.wireshark.org/security/wnpa-sec-2008-06.html ...

 

> http://www.wireshark.org/news/20081020.html

"...Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931, MATE, and USB dissectors, as well as the Tammos CommView file parser have been fixed... Many other bugs have been fixed..."

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark SMTP Processing DoS vuln - v1.0.4

- http://secunia.com/advisories/32840/

Release Date: 2008-11-24

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Workaround

Software: Wireshark 1.x

...The vulnerability is reported in version 1.0.4. Prior versions may also be affected...

Original Advisory: http://lists.grok.org.uk/pipermail/full-di...ber/065840.html

...prerelease version of Wireshark 1.0.5 here:

http://www.wireshark.org/download/prerelease/

(See wireshark-setup-1.0.5pre1-26885.exe 30-Nov-2008 10:38 21M)

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-5285

Last revised: 12/01/2008

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark 1.0.5 Released

- http://www.wireshark.org/news/20081210.html

Dec 10, 2008

 

- http://www.wireshark.org/download.html

 

- http://www.wireshark.org/security/wnpa-sec-2008-07.html

"...Wireshark 1.0.5 fixes the following vulnerabilities:

* The SMTP dissector could consume excessive amounts of CPU and memory. Versions affected: 1.0.4

* The WLCCP dissector could go into an infinte loop. Versions affected: 0.99.7 to 1.0.4

Impact:

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Resolution:

Upgrade to Wireshark 1.0.5 or later...:

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark vuln - update available

- http://secunia.com/advisories/33872/

Release Date: 2009-02-09

Critical: Moderately critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

...The vulnerability is reported in versions 0.99.7 through 1.0.5.

Solution: Update to version 1.0.6.

- http://www.wireshark.org/security/wnpa-sec-2009-01.html

 

- http://www.wireshark.org/download.html

The current stable release of Wireshark is 1.0.6. It supersedes all previous releases...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark vuln - unpatched

- http://secunia.com/advisories/34542/

Release Date: 2009-03-31

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Unpatched

Software: Wireshark 1.x

...The vulnerability is confirmed in version 1.0.6. Other versions may also be affected...

- http://secunia.com/advisories/34542/2/

Solution: Disable support for the "PN-DCP" protocol..." (upgrade when available)

> http://www.wireshark.org/download.html

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1210

Last revised: 04/03/2009

CVSS v2 Base Score: 10.0 (HIGH)

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.0.7 released

- http://www.wireshark.org/download.html

April 08, 2009 - "The current stable release of Wireshark is 1.0.7. It supersedes all previous releases..."

 

- http://www.wireshark.org/security/wnpa-sec-2009-02.html

Wireshark 1.0.7 fixes the following vulnerabilities:

• The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382) Versions affected: 0.99.6 to 1.0.6 CVE-2009-1210

• The LDAP dissector could crash on Windows. (Bug 3262) Versions affected: 0.99.2 to 1.0.6 CVE-2009-1267

• The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269) Versions affected: 0.9.6 to 1.0.6 CVE-2009-1268

• Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6 CVE-2009-1269 ...

Resolution: Upgrade to Wireshark 1.0.7 or later...

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1210

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1267

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1268

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1269

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.0.8 released

- http://www.wireshark.org/download.html

May 21, 2008 - "The current stable release of Wireshark is 1.0.8. It supersedes all previous releases..."

 

Wireshark 1.0.8 Release Notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.0.8.html

 

- http://www.wireshark.org/news/20090521.html

"...In this release:

A security-related bug in the PCNFSD dissector has been fixed. See the advisory* for details... Many other bugs have been fixed..."

 

* http://www.wireshark.org/security/wnpa-sec-2009-03.html

Wireshark 1.0.8 fixes the following vulnerability:

• The PCNFSD dissector could crash. Versions affected: 0.8.20 to 1.0.7 ...

 

- http://secunia.com/advisories/35201/2/

Release Date: 2009-05-22

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark 1.x

Solution: Update to version 1.0.8...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.0 released

- http://www.wireshark.org/download.html

June 15, 2009 - "The current stable release of Wireshark is 1.2.0. It supersedes all previous releases..."

 

Wireshark 1.2.0 Release Notes - Bug Fixes

- http://www.wireshark.org/docs/relnotes/wir...0.html#BugFixes

"... Some notable fixes are:

* Type-ahead search now works properly.

* Several bugs that affected capture from pipes have been fixed.

* Many Lua-related bugs have been fixed.

* Several memory leaks have been found and fixed.

* The "Follow TCP Stream" feature could show two streams at the same time. The hex dump view has been narrowed.

* WPA and SSL decryption bugs have been fixed.

* Readability problems on 256-color displays on Windows have been fixed...

 

- http://www.wireshark.org/news/20090615.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.1 released

- http://www.wireshark.org/download.html

July 20, 2009 - "The current stable release of Wireshark is 1.2.1. It supersedes all previous releases..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wir...1.html#WhatsNew

 

- http://www.wireshark.org/news/20090720.html

 

- http://www.wireshark.org/security/wnpa-sec-2009-04.html

... Wireshark 1.2.1 fixes the following vulnerabilities:

• The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0

• The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0

• The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0

• The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0

• The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0

• The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0

• The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0

 

- http://secunia.com/advisories/35884/2/

Release Date: 2009-07-21

Critical: Moderately critical

Impact: DoS

Where: From remote ...

Solution: Update to version 1.2.1...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.2 released

- http://www.wireshark.org/download.html

Sep. 15, 2009 - "The current stable release of Wireshark is 1.2.2. It supersedes all previous releases..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wir...2.html#WhatsNew

 

- http://www.wireshark.org/news/20090915.html

 

- http://www.wireshark.org/security/wnpa-sec-2009-06.html

Wireshark 1.2.2 fixes the following vulnerabilities:

* The GSM A RR dissector could crash. (Bug 3893)

Versions affected: 1.2.0 to 1.2.1

* The OpcUa dissector could use excessive CPU and memory. (Bug 3986)

Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1

* The TLS dissector could crash on some platforms. (Bug 4008)

Versions affected: 1.2.0 to 1.2.1 ...

 

- http://secunia.com/advisories/36754/2/

Release Date: 2009-09-16

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark 1.x...

Solution: Update to version 1.0.9 or 1.2.2...

Original Advisory:

http://www.wireshark.org/security/wnpa-sec-2009-05.html

http://www.wireshark.org/security/wnpa-sec-2009-06.html

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.3 released

- http://www.wireshark.org/download.html

Oct. 27, 2009 - "The current stable release of Wireshark is 1.2.3. It supersedes all previous releases..."

 

- http://www.wireshark.org/security/wnpa-sec-2009-07.html

Wireshark 1.2.3 fixes the following vulnerabilities:

• The Paltalk dissector could crash on alignment-sensitive processors...

Versions affected: 1.2.0 to 1.2.2

CVE-2009-3549

• The DCERPC/NT dissector could crash.

Versions affected: 0.10.10 to 1.2.2

CVE-2009-3550

• The SMB dissector could crash.

Versions affected: 1.2.0 to 1.2.2

CVE-2009-3551 ...

Resolution: Upgrade to Wireshark 1.2.3 or later...

 

- http://secunia.com/advisories/37175/2/

Release Date: 2009-10-28

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.4 released

- http://www.wireshark.org/download.html

Nov. 16, 2009 - "The current stable release of Wireshark is 1.2.4. It supersedes all previous releases.."

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.4.html#BugFixes

The following bugs have been fixed:

• Can't save RTP stream in both directions. (Bug 4120)

• Wireshark could crash at startup on Windows. (Bug 4155)

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.5 released

- http://www.wireshark.org/download.html

Dec. 17, 2009 - "The current stable release of Wireshark is 1.2.5. It supersedes all previous releases..."

 

Release Notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.5.html#WhatsNew

 

Bug fixes

- http://www.wireshark.org/security/wnpa-sec-2009-09.html

Wireshark 1.2.5 fixes the following vulnerabilities:

• The Daintree SNA file parser could overflow a buffer. (Bug 4294)

Versions affected: 1.2.0 to 1.2.4

• The SMB and SMB2 dissectors could crash. (Bug 4301)

Versions affected: 0.9.0 to 1.2.4

• The IPMI dissector could crash on Windows. (Bug 4319)

Versions affected: 1.2.0 to 1.2.4

Impact

It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.2.5 or later. Due to the nature of the Daintree SNA vulnerability, there is no workaround..."

 

- http://secunia.com/advisories/37842/2/

Release Date: 2009-12-18

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch ...

Solution: Update to version 1.2.5...

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.6 released

- http://www.wireshark.org/download.html

Jan. 27, 2010 - "The current stable release of Wireshark is 1.2.6. It supersedes all previous releases..."

 

Release Notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html

 

BugFixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html#BugFixes

Babi discovered several buffer overflows in the LWRES dissector.

Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5

The following bugs have been fixed:

Wireshark could crash while decrypting Kerberos data.

Address display filters hang Wireshark. (Bug 658)

PSML - structure context node missing. (Bug 1564)

Wireshark doesn't dynamically update the packet list. (Bug 1605)

LUA: There's no tvb_get_stringz() equivalent. (Bug 2244)

tvb_new_real_data is prone to memory leak. (Bug 3917)

Malformed OPC UA traffic makes Wireshark "freeze". (Bug 3986)

Analyze→Expert... doesn't show IP "Bad Checksum" errors. (Bug 4177)

Wireshark can't decrypt WPA(2)-PSK when passphrase is 63 bytes. (Bug 4183)

RTP stream analysis: Wrong jitter values after clicking the refresh button. (Bug 4340)

Wireshark decodes bootp option 2 incorrectly. (Bug 4342)

Deleting SMI modules causes Wireshark to crash. (Bug 4354)

Wireshark decodes kerberos AS-REQ PADATA incorrect. (Bug 4363)

PDML output from TShark includes invalid characters. (Bug 4402)

Empty GPRS LLC S frames cause truncated data exception. (Bug 4417) ...

 

- http://secunia.com/advisories/38257/2/

Release Date: 2010-01-28

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Wireshark 1.x

Solution: Update to version 1.0.11 or 1.2.6.

Original Advisory:

http://www.wireshark.org/security/wnpa-sec-2010-01.html

http://www.wireshark.org/security/wnpa-sec-2010-02.html

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.7 released

- http://www.wireshark.org/download.html

March 31, 2010 - "The current stable release of Wireshark is 1.2.7. It supersedes all previous releases..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html#BugFixes

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI....

 

Wireshark v1.2.8 released

- http://www.wireshark.org/download.html

May 5, 2010 - The current stable release of Wireshark is 1.2.8...

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html#BugFixes

 

Security advisory and a workaround

- http://www.wireshark.org/security/wnpa-sec-2010-03.html

 

- http://www.wireshark.org/security/wnpa-sec-2010-04.html

 

- http://secunia.com/advisories/39661/

Release Date: 2010-05-06

Criticality level: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Solution: Update to version 1.0.13 or 1.2.8.

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.9 released

- http://www.wireshark.org/download.html

June 9, 2010 - "The current stable release of Wireshark is 1.2.9..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html#BugFixes

 

- http://secunia.com/advisories/40112/

Release Date: 2010-06-10

Criticality level: Moderately critical

Impact: DoS

Where: From remote

Solution: Update to version 1.0.14 and 1.2.9.

Original Advisory:

http://www.wireshark.org/security/wnpa-sec-2010-05.html

http://www.wireshark.org/security/wnpa-sec-2010-06.html

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.2.10 released

- http://www.wireshark.org/download.html

July 29, 2010 - "The current stable release of Wireshark is 1.2.10. It supersedes all previous releases..."

- http://www.wireshark.org/news/20100729.html

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html#BugFixes

 

- http://www.wireshark.org/security/wnpa-sec-2010-08.html

CVE-2010-2284, CVE-2010-2287

 

- http://secunia.com/advisories/40783/

Release Date: 2010-07-30

Criticality level: Moderately critical

Impact: DoS, System access

Where: From remote

Solution: Update to version 1.0.15 or 1.2.10.

Original Advisory:

http://www.wireshark.org/security/wnpa-sec-2010-07.html

http://www.wireshark.org/security/wnpa-sec-2010-08.html

 

- http://securitytracker.com/alerts/2010/Jul/1024269.html

July 31, 2010

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark 1.4.0, 1.2.11, and 1.0.16 released

- http://www.wireshark.org/download.html

August 30, 2010 - "The current stable release of Wireshark is 1.4.0. It supersedes all previous releases..."

 

Release notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.0.16.html

 

Wireshark 1.4.0, 1.2.11, and 1.0.16 Released

- http://www.wireshark.org/news/20100830.html

"...In 1.2.11 and 1.0.16 - A DLL hijacking bug described in Microsoft Security Advisory 2269637 has been fixed..."

 

- http://secunia.com/advisories/41064/

Last Update: 2010-08-31

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution: Update to version 1.0.16 or 1.2.11.

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3133

CVSS v2 Base Score: 9.3 (HIGH)

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.4.1/v1.2.2 released

- http://www.wireshark.org/download.html

October 11, 2010 - "The current stable release of Wireshark is 1.4.1. It supersedes all previous releases..."

 

- http://www.wireshark.org/news/20101011.html

Wireshark 1.4.1 and 1.2.12 Released, 1.0.x EOL

 

- http://www.wireshark.org/security/wnpa-sec-2010-12.html

 

Release notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.1.html

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.4.2/v1.2.13 released

- http://www.wireshark.org/download.html

Nov 19, 2010 - "The current stable release of Wireshark is 1.4.2. It supersedes all previous releases..."

 

- http://www.wireshark.org/news/20101119.html

Nov 19, 2010 - "Wireshark 1.4.2 and 1.2.13 have been released..."

 

Fixed in Wireshark 1.4.2

- http://www.wireshark.org/security/wnpa-sec-2010-14.html

Fixed in Wireshark 1.2.13

- http://www.wireshark.org/security/wnpa-sec-2010-13.html

 

- http://secunia.com/advisories/42290/

Release Date: 2010-11-19

Criticality level: Moderately critical

Impact: DoS

Where: From remote

Solution: Update to version 1.4.2 or 1.2.13.

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.4.3 released

- http://www.wireshark.org/download.html

Jan 11, 2011 - "The current stable release of Wireshark is 1.4.3. It supersedes all previous releases..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html#BugFixes

 

Known Problems

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html#KnownProblems

 

Wireshark 1.4.3 and 1.2.14 Released

- http://www.wireshark.org/news/20110111.html

Jan 11, 2011

 

- http://www.wireshark.org/security/wnpa-sec-2011-01.html

 

- http://www.wireshark.org/security/wnpa-sec-2011-02.html

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.4.4 released

- http://www.wireshark.org/download.html

Mar. 1, 2011 - "The current stable release of Wireshark is 1.4.4. It supersedes all previous releases..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html#BugFixes

 

Known Problems

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html#KnownProblems

 

Wireshark 1.4.4 and 1.2.15 Released

- http://www.wireshark.org/news/20110301.html

___

 

- http://secunia.com/advisories/43554/

Last Update: 2011-03-03

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote...

Solution: Update to version 1.2.15 or 1.4.4.

 

- http://www.securitytracker.com/id/1025148

Mar 2 2011

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark 1.4.6 has been released. It fixes a bug in the TCP dissector that inadvertently made it into Wireshark 1.4.5.

- http://www.wireshark.org/download.html

4.18.2011

___

 

Wireshark v1.4.5 released

- http://www.wireshark.org/download.html

4.15.2011 - "The current stable release of Wireshark is 1.4.5..."

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html#BugFixes

 

Known Problems

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html#KnownProblems

 

Wireshark 1.4.5 and 1.2.16 Released

- http://www.wireshark.org/news/20110415.html

 

- http://secunia.com/advisories/44172/

Release Date: 2011-04-18

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote

Solution: Update to version 1.2.16 and 1.4.5.

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.4.7 released

- http://www.wireshark.org/download.html

May 31, 2011 - "The current stable release of Wireshark is 1.4.7. It supersedes all previous releases..."

 

Release Notes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.7.html

 

Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.7.html#BugFixes

 

- http://www.wireshark.org/security/wnpa-sec-2011-08.html

 

- http://secunia.com/advisories/44449/

Release Date: 2011-06-01

Criticality level: Moderately critical

Impact: DoS

Where: From remote

Solution: Update to version 1.2.17 or 1.4.7.

 

- http://www.securitytracker.com/id/1025597

Jun 2 2011

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.0 released

- http://www.wireshark.org/download.html

June 7, 2011 - "The current stable release of Wireshark is 1.6.0. It supersedes all previous releases..."

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html#WhatsNew

 

- http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html#BugFixes

 

- http://www.wireshark.org/news/20110607.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark 1.2.18.

- http://www.wireshark.org/docs/relnotes/wireshark-1.2.18.html

 

- http://www.wireshark.org/security/wnpa-sec-2011-09.html

 

NOTE: The 1.2.x series of Wireshark releases will reach end of life on June 30, 2011. If you are still using Wireshark 1.2 we strongly encourage you to upgrade to 1.6.

- http://www.wireshark.org/download.html

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.1 released

- http://www.wireshark.org/download.html

18 Jul 2011 - "The current stable release of Wireshark is 1.6.1. It supersedes all previous releases..."

 

What's New / Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.6.1.html#WhatsNew

 

- http://www.wireshark.org/security/wnpa-sec-2011-11.html

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2597

 

Also: Wireshark 1.4.8 is now available

- http://www.wireshark.org/lists/wireshark-announce/201107/msg00001.html

18 Jul 2011

 

What's New / Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.8.html#WhatsNew

___

 

- http://secunia.com/advisories/45086/

Last Update: 2011-07-19

Criticality level: Moderately critical

Impact: DoS

Where: From remote

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.2 released

- http://www.wireshark.org/download.html

7 Sep 2011 - "The current stable release of Wireshark is 1.6.2. It supersedes all previous releases..."

What's New / Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#WhatsNew

 

Also: Wireshark 1.4.9 is now available

- http://www.wireshark.org/lists/wireshark-announce/201109/msg00001.html

7 Sep 2011

What's New / Bug Fixes

- http://www.wireshark.org/docs/relnotes/wireshark-1.4.9.html#WhatsNew

___

 

- http://www.securitytracker.com/id/1026030

Sep 8 2011

... vendor has issued a fix (1.4.9, 1.6.2)...

http://www.wireshark.org/security/wnpa-sec-2011-12.html

http://www.wireshark.org/security/wnpa-sec-2011-14.html

http://www.wireshark.org/security/wnpa-sec-2011-15.html

http://www.wireshark.org/security/wnpa-sec-2011-16.html

 

- https://secunia.com/advisories/45927/

Release Date: 2011-09-09

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote

CVE Reference: CVE-2011-3266

Solution: Update to versions 1.4.9 or 1.6.2.

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.3 released

- https://www.wireshark.org/download.html

Nov. 1, 2011 - "The current stable release of Wireshark is 1.6.3. It supersedes all previous releases..."

 

What's New - Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html#WhatsNew

 

- https://www.wireshark.org/security/wnpa-sec-2011-17.html

 

- https://www.wireshark.org/security/wnpa-sec-2011-18.html

 

- https://www.wireshark.org/security/wnpa-sec-2011-19.html

___

 

- https://secunia.com/advisories/46644/

Release Date: 2011-11-02

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote...

Solution: Update to version 1.6.3 or 1.4.10.

___

 

Wireshark v1.4.10 released

- https://www.wireshark.org/lists/wireshark-announce/201111/msg00001.html

 

:!: :!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.5 released

- https://www.wireshark.org/download.html

Jan. 10, 2011 - "The current stable release of Wireshark is 1.6.5..."

 

Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html#BugFixes

 

Wireshark 1.4.11 is now available

- https://www.wireshark.org/lists/wireshark-announce/201201/msg00000.html

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.6 released

- https://www.wireshark.org/download.html

Mar 27, 2012 - "The current stable release of Wireshark is 1.6.6..."

 

Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html#BugFixes

 

Wireshark 1.4.12 is now available

- https://www.wireshark.org/lists/wireshark-announce/201203/msg00001.html

___

 

- https://secunia.com/advisories/48548/

Release Date: 2012-03-28

Criticality level: Moderately critical

Impact: DoS

Where: From remote...

Solution: Update to version 1.4.12 or 1.6.6.

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.7 released

- https://www.wireshark.org/download.html

April 6, 2012 - "The current stable release of Wireshark is 1.6.7. It supersedes all previous releases..."

 

Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html#BugFixes

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.6.8 released

- https://www.wireshark.org/download.html

May 22, 2012 - "The current stable release of Wireshark is 1.6.8. It supersedes all previous releases..."

 

BugFixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html#BugFixes

 

- https://www.wireshark.org/lists/wireshark-announce/201205/msg00000.html

 

___

 

Wireshark v1.4.13 released

- https://www.wireshark.org/lists/wireshark-announce/201205/msg00001.html

 

Bug Fixes:

The following vulnerabilities have been fixed.

o wnpa-sec-2012-08

Infinite and large loops in the ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed.

Discovered by Laurent Butti. (Bugs 7118, 7119, 7121, 7122, 7124, 7125)

Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

o wnpa-sec-2012-09

The DIAMETER dissector could try to allocate memory improperly and crash. (Bug 7138)

Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

o wnpa-sec-2012-10

Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann. (Bug 7221)

Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

The following bugs have been fixed:

o User-Password - PAP decoding passwords longer than 16 bytes. (Bug 6779)

o Wireshark error message for failure to open an rpcap: URL for a remote device is malformed. (Bug 6922)

o Wireshark doesn't calculate the right IPv4 destination using source routing options when bad options precede them. (Bug 7043)

o Wrong values in DNS CERT RR. (Bug 7130)...

 

:!: :!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.8.0 released

- https://www.wireshark.org/download.html

21 Jun 2012 - "The current stable release of Wireshark is 1.8.0. It supersedes all previous releases..."

 

Release Notes

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html#BugFixes

 

- https://www.wireshark.org/lists/wireshark-announce/201206/msg00002.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.8.1 released

- https://www.wireshark.org/download.html

July 23, 2012 - "The current stable release of Wireshark is 1.8.1. It supersedes all previous releases..."

 

Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.1.html#BugFixes

 

- https://www.wireshark.org/lists/wireshark-announce/201207/msg00001.html

 

- https://www.wireshark.org/lists/wireshark-announce/201207/msg00002.html

Wireshark 1.6.9 is now available...

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html

 

Wireshark Q&A

>> http://ask.wireshark.org/

___

 

- https://secunia.com/advisories/49971/

Release Date: 2012-07-24

Criticality level: Moderately critical

Impact: DoS

Where: From remote...

CVE Reference(s):

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4048

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4049

Solution: Update to version 1.8.1, 1.6.9, or 1.4.14.

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.8.2 released

- https://www.wireshark.org/download.html

15 Aug 2012 - "The current stable release of Wireshark is 1.8.2. It supersedes all previous releases..."

 

What's New/Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html#WhatsNew

 

> https://www.wireshark.org/lists/wireshark-announce/201208/msg00002.html

___

 

- https://isc.sans.edu/diary.html?storyid=13909

Last Updated: 2012-08-15

 

- http://www.securitytracker.com/id/1027404

CVE Reference: CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298

Aug 15 2012

Version(s): prior to versions 1.4.15, 1.6.10, 1.8.2

Description: Multiple vulnerability were reported in Wireshark. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions...

Impact: A remote user can execute arbitrary code on the target system...

Solution: The vendor has issued a fix (1.4.15, 1.6.10, 1.8.2)...

 

- https://secunia.com/advisories/50276/

Release Date: 2012-08-16

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote

... vulnerabilities are reported in versions prior to 1.8.2, 1.6.10, and 1.4.15.

Solution: Update to version 1.8.2, 1.6.10, or 1.4.15.

___

 

Support for the 1.4.x series of releases ended on August 30, 2012

- http://wiki.wireshark.org/Development/LifeCycle

See: End of Life planning

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.8.3 released

- https://www.wireshark.org/download.html

02 Oct 2012 - "The current stable release of Wireshark is 1.8.3. It supersedes all previous releases..."

 

What's New/Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html#WhatsNew

 

> https://www.wireshark.org/lists/wireshark-announce/201210/msg00000.html

- CVE-2012-5237, CVE-2012-5238, CVE-2012-5239, CVE-2012-5240

 

- https://secunia.com/advisories/50843/

Release Date: 2012-10-03

Criticality level: Highly critical

Impact: DoS, System access

Where: From remote

...vulnerabilities are reported in versions prior to 1.8.3.

Solution: Update to version 1.8.3.

Original Advisory:

https://www.wireshark.org/security/wnpa-sec-2012-26.html

https://www.wireshark.org/security/wnpa-sec-2012-27.html

https://www.wireshark.org/security/wnpa-sec-2012-28.html

https://www.wireshark.org/security/wnpa-sec-2012-29.html

___

 

Wireshark v1.6.11 released

- https://www.wireshark.org/lists/wireshark-announce/201210/msg00001.html

- CVE-2012-5239

 

What's New/Bug Fixes

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html#WhatsNew

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Wireshark v1.8.4 released

- https://www.wireshark.org/download.html

Nov 28, 2012 - "The current stable release of Wireshark is 1.8.4. It supersedes all previous releases..."

 

What's New/Bug Fixes

- https://www.wireshark.org/lists/wireshark-announce/201211/msg00000.html

 

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html#BugFixes

___

 

- https://secunia.com/advisories/51422/

Release Date: 2012-11-29

Criticality level: Moderately critical

Impact: DoS

Where: From remote

... vulnerabilities are reported in versions prior to 1.8.4 and 1.6.12.

Solution: Update to version 1.8.4 or 1.6.12.

Original Advisory:

- https://www.wireshark.org/security/wnpa-sec-2012-30.html

- https://www.wireshark.org/security/wnpa-sec-2012-31.html

- https://www.wireshark.org/security/wnpa-sec-2012-32.html

- https://www.wireshark.org/security/wnpa-sec-2012-33.html

- https://www.wireshark.org/security/wnpa-sec-2012-34.html

- https://www.wireshark.org/security/wnpa-sec-2012-35.html

- https://www.wireshark.org/security/wnpa-sec-2012-36.html

- https://www.wireshark.org/security/wnpa-sec-2012-37.html

- https://www.wireshark.org/security/wnpa-sec-2012-38.html

- https://www.wireshark.org/security/wnpa-sec-2012-39.html

- https://www.wireshark.org/security/wnpa-sec-2012-40.html

___

 

Wireshark v1.6.12 released

- https://www.wireshark.org/lists/wireshark-announce/201211/msg00001.html

Nov 28, 2012

 

- https://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html#WhatsNew

___

 

- http://www.securitytracker.com/id/1027822

CVE Reference: CVE-2012-5592, CVE-2012-5593, CVE-2012-5594, CVE-2012-5595, CVE-2012-5596, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-5601, CVE-2012-5602

Nov 29 2012

Impact: Denial of service via network, Disclosure of system information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.6.12, 1.8.4

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI..

Wireshark v1.8.5 released
- https://www.wireshark.org/download.html
Jan 29, 2013 - "The current stable release of Wireshark is 1.8.5. It supersedes all previous releases..."

What's New/Bug Fixes
- https://www.wireshark.org/lists/wireshark-announce/201301/msg00000.html

- https://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html#BugFixes
___

Wireshark 1.6.13 is now available
- https://www.wireshark.org/lists/wireshark-announce/201301/msg00001.html
___

- https://secunia.com/advisories/51968/
Release Date: 2013-01-30
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
... vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13.
Solution: Update to version 1.8.5 or 1.6.13.

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Wireshark 1.8.6 released
- https://www.wireshark.org/download.html
Mar 6, 2013 - "The current stable release of Wireshark is 1.8.6. It supersedes all previous releases..."

Bug Fixes
- https://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html#BugFixes

- https://www.wireshark.org/lists/wireshark-announce/201303/msg00000.html

Wireshark 1.6.14
- https://www.wireshark.org/lists/wireshark-announce/201303/msg00001.html
___

- http://www.securitytracker.com/id/1028254
CVE Reference: CVE-2013-2475, CVE-2013-2476, CVE-2013-2477, CVE-2013-2479, CVE-2013-2480, CVE-2013-2481, CVE-2013-2482, CVE-2013-2483, CVE-2013-2484, CVE-2013-2485, CVE-2013-2486, CVE-2013-2487, CVE-2013-2488
Mar 7 2013
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 1.6.14, 1.8.6 ...
Impact: A remote user can cause the target service to hang or crash.
Solution: The vendor has issued a fix (1.6.14, 1.8.6)...

- https://secunia.com/advisories/52471/
Release Date: 2013-03-07
Criticality level: Moderately critical
Impact: DoS
Where: From remote ...
Solution: Update to version 1.6.14 or 1.8.6.

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Wireshark 1.10.0 released
- https://www.wireshark.org/download.html
June 5, 2013 - "The current stable release of Wireshark is 1.10.0. It supersedes all previous releases..."

Bug Fixes
- https://www.wireshark.org/docs/relnotes/wireshark-1.10.0.html#_bug_fixes

New and Updated Features
- https://www.wireshark.org/docs/relnotes/wireshark-1.10.0.html#_new_and_updated_features

- https://www.wireshark.org/lists/wireshark-announce/201306/msg00000.html

- http://h-online.com/-1884507
7 June 2013
___

Wireshark 1.8.8 released
- https://www.wireshark.org/lists/wireshark-announce/201306/msg00001.html
7 Jun 2013

Wireshark 1.6.16 released
- https://www.wireshark.org/lists/wireshark-announce/201306/msg00002.html
7 Jun 2013 - "... the 1.6 branch has reached end of life and this will be the last 1.6 release..."
___

- https://secunia.com/advisories/53762/
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
CVE Reference(s): CVE-2013-4074, CVE-2013-4075, CVE-2013-4076, CVE-2013-4077, CVE-2013-4078, CVE-2013-4079, CVE-2013-4080, CVE-2013-4081, CVE-2013-4082, CVE-2013-4083
Solution: Update to version 1.6.16 or 1.8.8.
Original Advisory:
http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

- https://www.wireshark.org/download/win32/

- https://www.wireshark.org/download/win64/

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now