-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ethereal 0.99.0 has been released.
What is Ethereal?
Ethereal is the world's most popular network protocol analyzer. It
is used for troubleshooting, analysis, development, and education.
What's New
Bug Fixes
Many security vulnerabilities have been fixed since the previous
release. See the release notes and application advisory at
http://www.ethereal.com/docs/release-notes/ethereal-0.99.0.html
http://www.ethereal.com/appnotes/enpa-sa-00023.html
for more details.
o The H.248 dissector could crash. Versions affected: 0.10.14.
CVE: CVE-2006-1937
o The UMA dissector could go into an infinite loop. Versions
affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933
o The X.509if dissector could crash. Versions affected: 0.10.14.
CVE: CVE-2006-1937
o The SRVLOC dissector could crash. Versions affected: 0.10.0 -
0.10.14. CVE: CVE-2006-1937
o The H.245 dissector could crash. Versions affected: 0.10.13 -
0.10.14. CVE: CVE-2006-1937
o Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14. CVE:
CVE-2006-1932
o The COPS dissector could overflow a buffer. Versions affected:
0.9.15 - 0.10.14. CVE: CVE-2006-1935
o The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14. CVE: CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security,
Coverity has uncovered a number of vulnerabilities in
Ethereal:
o The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937
o Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14. CVE:
CVE-2006-1938
o An invalid display filter could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The general packet dissector could crash Ethereal. Versions
affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937
o The AIM dissector could crash Ethereal. Versions affected:
0.10.7 - 0.10.14. CVE: CVE-2006-1937
o The RPC dissector could crash Ethereal. Versions affected:
0.9.8 - 0.10.14. CVE: CVE-2006-1939
o The DCERPC dissector could crash Ethereal. Versions affected:
0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The ASN.1 dissector could crash Ethereal. Versions affected:
0.9.8 - 0.10.14. CVE: CVE-2006-1939
o The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938
o The BER dissector could loop excessively. Versions affected:
0.10.4 - 0.10.14. CVE: CVE-2006-1933
o The SNDCP dissector could abort. Versions affected: 0.10.4 -
0.10.14. CVE: CVE-2006-1940
o The Network Instruments file code could overrun a buffer.
Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934
o The NetXray/Windows Sniffer file code could overrun a buffer.
Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934
o The GSM SMS dissector could crash Ethereal. Versions affected:
0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The ALCAP dissector could overrun a buffer. Versions affected:
0.10.14. CVE: CVE-2006-1934
o The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936
o ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939
o The H.248 dissector could crash Ethereal. Versions affected:
0.10.11 - 0.10.14. CVE: CVE-2006-1937
o The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939
o The PER dissector could crash Ethereal. Versions affected:
0.9.14 - 0.10.14. CVE: CVE-2006-1939
Under Windows, Unicode characters in profile and configuration
file paths could cause problems. Versions affected: 0.10.14.
The Coverity audit turned up several UI-related bugs that could
make Ethereal crash.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The new command line tool dumpcap makes it possible to capture
network data without the drawbacks of (t)ethereal (memory
usage, security problems, ...) while keeping the benefit of
advanced techniques like multiple (ringbuffer) files and
alike.
The man page of dumpcap in HTML format is available at
http://www.ethereal.com/docs/man-pages/dumpcap.1.html.
o The source distribution of Ethereal now supports SSL, IPsec
ESP, and ISAKMP decryption. (This feature has not yet been
enabled in the Windows installer.)
o Win32: Catch hardware exceptions caused by buggy dissectors.
If e.g. a NULL pointer exceptions occurs, Ethereal won't crash
now but displays the exception and tries to continue decoding
packets.
o The Windows version of Ethereal now uses native open and save
file dialogs.
In related news, Ethereal now runs as a full-fledged Unicode
application under Windows.
o Recent versions of Ethereal were flagging packets with an
incorrect TCP checksum as malformed. False positives were
being triggered on systems that use TCP checksum offloading.
We now check to see if the checksum is not 0x0000 before
flagging the packet as malformed.
Please Note
If your system uses TCP checksum offloading and Ethereal still
shows bad checksums for outgoing TCP packets and the checksums
for outgoing TCP packets are not 0x0000, this could mean that
your operating system is exposing kernel memory
unnecessarily. If this is the case, you should report the
problem to your OS vendor.
o The expert analysis feature has been enhanced.
New Protocol Support
ACP133, E.212, Nortel LGE Monitor, OICQ
Updated Protocol Support
3G A11, 802.11, 802.1Q, 802.3 Slow Protocols, AIM, ALCAP, ANSI
MAP, ASF, ASN.1 BER, ASN.1 PER, BACapp, BACnet, BFD, BGP, BPDU,
BSSAP, BSSGP, Camel, CDP, CLNP, CMP, COPS, DCERPC (DCERPC, LSA,
NT, PNP), DCOM (CBA, DCOM, Dispatch), DHCP, DIAMETER, DNS, DOCSIS
DCC, eDonkey, Ethernet, FC, FCP, FIX, G.723, GIOP, GRE, GSM A, GSM
MAP, GSSAPI, GTP, H.245, H.248, H.450, HTTP, IAPP, ICMPv6, iFCP,
IP, IPMI, IPP, IPsec, IPv6, ISAKMP, iSCSI, ISUP, IuUP, Juniper
GGSN, JXTA, K12, Kerberos, LAPD, LDAP, LLDP, LOOP, M3UA, MEGACO,
MPLS, MS MMS, MS NLB, MS Proxy, MTP3, NBNS, NCP 2222, NDPS,
Netflow, NFS, NJACK, NLM, NSIP, NTLMSSP, PN-DCP, POP, PPP, Q.931,
Radiotap, RADIUS, RANAP, RNSAP, RPC, RSYNC, RTCP, RTP, SCCP, SCCP
MG, SCSI, SDP, Sebek, SES, SIGCOMP, SIGCOMP UDVM, SIP, SKINNY,
SMB2, SMB (Mailslot, PIPE, SMB), SMPP, SNDCP, SNMP, SOCKS, SPNEGO,
SRVLOC, SSL, STUN, Syslog, T.38, TACACS, TCAP, TCP, TDS, Telnet,
TIPC, UDP, UMA, WSP, X11, X.411, X.509, XML
New and Updated Capture File Support
iSeries, Snoop, Windows Sniffer
Getting Ethereal
The source code, Windows and Solaris installers can be downloaded
immediately from the following locations:
Main site:
Windows installer:
http://www.ethereal.com/distribution/win32/ethereal-setup-0.99.0.exe
Source code:
http://www.ethereal.com/distribution/ethereal-0.99.0.tar.gz
http://www.ethereal.com/distribution/ethereal-0.99.0.tar.bz2
Source RPM:
http://www.ethereal.com/distribution/rpms/
Solaris installers:
http://www.ethereal.com/distribution/solaris/
SourceForge:
http://sourceforge.net/project/showfiles.php?group_id=255
The mirror sites listed at
http://www.ethereal.com/download.html#releases
should be updated shortly.
-------------------------------------------------------------------
Digests
ethereal-0.99.0.tar.bz2: 8884587 bytes
MD5(ethereal-0.99.0.tar.bz2)=f9905b9d347acdc05af664a7553f7f76
SHA1(ethereal-0.99.0.tar.bz2)=466299ac49f21904ed91b93e81667f226637e868
RIPEMD160(ethereal-0.99.0.tar.bz2)=f86e21ae60d53e1ed60b61e58c2941ecfd4d8696
ethereal-0.99.0.tar.gz: 11284145 bytes
MD5(ethereal-0.99.0.tar.gz)=92490abe23df1b2078579c512c788f9d
SHA1(ethereal-0.99.0.tar.gz)=a5a824ed3b4d0c5511441cc924e8333a8628bc7a
RIPEMD160(ethereal-0.99.0.tar.gz)=33a19a57fb1df3455d693bc7731ad543972fd8c6
ethereal-setup-0.99.0.exe: 13053058 bytes
MD5(ethereal-setup-0.99.0.exe)=c61cd84500b60adc045e548dd1b2c228
SHA1(ethereal-setup-0.99.0.exe)=39b25256757ffc59c0577aa3291bbf8673e83a1c
RIPEMD160(ethereal-setup-0.99.0.exe)=a35343c2679f3bbf30871fa8bf9d66211a5390fa
ethereal-0.99.0-1.src.rpm: 11268280 bytes
MD5(ethereal-0.99.0-1.src.rpm)=060b7b9d416a9d3d7a35e9ffc359f588
SHA1(ethereal-0.99.0-1.src.rpm)=d3827a3a1c53d8648739b7471e45ca5146f1b2f7
RIPEMD160(ethereal-0.99.0-1.src.rpm)=e87d6f119ccb84be9c24e035b4ee55503d36fc98
ethereal-0.99.0-solaris2.8-sparc-local.bz2: 13737042 bytes
MD5(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=400fecaa17006b08e33befa936f2b54a
SHA1(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=299038e4e7df73e20eed67f7d78c4959ac317b45
RIPEMD160(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=5004e9ff5918ed37033815af7060f59a4722f781
ethereal-0.99.0-solaris2.9-sparc-local.bz2: 13725364 bytes
MD5(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=7c406279bcb13141642921edb7a9c05b
SHA1(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=06d0d3caa91967b52ce09c5cd7d7ad197d35b8f0
RIPEMD160(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=3e12a434497379524676f0a50d833f9fed74ed84
patch-ethereal-0.10.14-to-0.99.0.diff.bz2: 1282447 bytes
MD5(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=64ed94711c4f7e1e1b81111d81cbf938
SHA1(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=72fd5b423082266689380335430e78fec13ac76c
RIPEMD160(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=e4b522ca7acbbcc1b5ca560cbbfb84a9862171cb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFETUFukXaEuZt2wEERAtStAJ9tm7dk/9IjsISLBoCLH4cVY2L86wCguJG8
6HZRcqLqSiC9d5/bncdqnH4=
=xL6R
-----END PGP SIGNATURE-----
_______________________________________________
Ethereal-announce mailing list
Ethereal-announce@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-announce
Hash: SHA1
Ethereal 0.99.0 has been released.
What is Ethereal?
Ethereal is the world's most popular network protocol analyzer. It
is used for troubleshooting, analysis, development, and education.
What's New
Bug Fixes
Many security vulnerabilities have been fixed since the previous
release. See the release notes and application advisory at
http://www.ethereal.com/docs/release-notes/ethereal-0.99.0.html
http://www.ethereal.com/appnotes/enpa-sa-00023.html
for more details.
o The H.248 dissector could crash. Versions affected: 0.10.14.
CVE: CVE-2006-1937
o The UMA dissector could go into an infinite loop. Versions
affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933
o The X.509if dissector could crash. Versions affected: 0.10.14.
CVE: CVE-2006-1937
o The SRVLOC dissector could crash. Versions affected: 0.10.0 -
0.10.14. CVE: CVE-2006-1937
o The H.245 dissector could crash. Versions affected: 0.10.13 -
0.10.14. CVE: CVE-2006-1937
o Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14. CVE:
CVE-2006-1932
o The COPS dissector could overflow a buffer. Versions affected:
0.9.15 - 0.10.14. CVE: CVE-2006-1935
o The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14. CVE: CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security,
Coverity has uncovered a number of vulnerabilities in
Ethereal:
o The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937
o Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14. CVE:
CVE-2006-1938
o An invalid display filter could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The general packet dissector could crash Ethereal. Versions
affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937
o The AIM dissector could crash Ethereal. Versions affected:
0.10.7 - 0.10.14. CVE: CVE-2006-1937
o The RPC dissector could crash Ethereal. Versions affected:
0.9.8 - 0.10.14. CVE: CVE-2006-1939
o The DCERPC dissector could crash Ethereal. Versions affected:
0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The ASN.1 dissector could crash Ethereal. Versions affected:
0.9.8 - 0.10.14. CVE: CVE-2006-1939
o The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938
o The BER dissector could loop excessively. Versions affected:
0.10.4 - 0.10.14. CVE: CVE-2006-1933
o The SNDCP dissector could abort. Versions affected: 0.10.4 -
0.10.14. CVE: CVE-2006-1940
o The Network Instruments file code could overrun a buffer.
Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934
o The NetXray/Windows Sniffer file code could overrun a buffer.
Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934
o The GSM SMS dissector could crash Ethereal. Versions affected:
0.9.16 - 0.10.14. CVE: CVE-2006-1939
o The ALCAP dissector could overrun a buffer. Versions affected:
0.10.14. CVE: CVE-2006-1934
o The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936
o ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939
o The H.248 dissector could crash Ethereal. Versions affected:
0.10.11 - 0.10.14. CVE: CVE-2006-1937
o The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939
o The PER dissector could crash Ethereal. Versions affected:
0.9.14 - 0.10.14. CVE: CVE-2006-1939
Under Windows, Unicode characters in profile and configuration
file paths could cause problems. Versions affected: 0.10.14.
The Coverity audit turned up several UI-related bugs that could
make Ethereal crash.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The new command line tool dumpcap makes it possible to capture
network data without the drawbacks of (t)ethereal (memory
usage, security problems, ...) while keeping the benefit of
advanced techniques like multiple (ringbuffer) files and
alike.
The man page of dumpcap in HTML format is available at
http://www.ethereal.com/docs/man-pages/dumpcap.1.html.
o The source distribution of Ethereal now supports SSL, IPsec
ESP, and ISAKMP decryption. (This feature has not yet been
enabled in the Windows installer.)
o Win32: Catch hardware exceptions caused by buggy dissectors.
If e.g. a NULL pointer exceptions occurs, Ethereal won't crash
now but displays the exception and tries to continue decoding
packets.
o The Windows version of Ethereal now uses native open and save
file dialogs.
In related news, Ethereal now runs as a full-fledged Unicode
application under Windows.
o Recent versions of Ethereal were flagging packets with an
incorrect TCP checksum as malformed. False positives were
being triggered on systems that use TCP checksum offloading.
We now check to see if the checksum is not 0x0000 before
flagging the packet as malformed.
Please Note
If your system uses TCP checksum offloading and Ethereal still
shows bad checksums for outgoing TCP packets and the checksums
for outgoing TCP packets are not 0x0000, this could mean that
your operating system is exposing kernel memory
unnecessarily. If this is the case, you should report the
problem to your OS vendor.
o The expert analysis feature has been enhanced.
New Protocol Support
ACP133, E.212, Nortel LGE Monitor, OICQ
Updated Protocol Support
3G A11, 802.11, 802.1Q, 802.3 Slow Protocols, AIM, ALCAP, ANSI
MAP, ASF, ASN.1 BER, ASN.1 PER, BACapp, BACnet, BFD, BGP, BPDU,
BSSAP, BSSGP, Camel, CDP, CLNP, CMP, COPS, DCERPC (DCERPC, LSA,
NT, PNP), DCOM (CBA, DCOM, Dispatch), DHCP, DIAMETER, DNS, DOCSIS
DCC, eDonkey, Ethernet, FC, FCP, FIX, G.723, GIOP, GRE, GSM A, GSM
MAP, GSSAPI, GTP, H.245, H.248, H.450, HTTP, IAPP, ICMPv6, iFCP,
IP, IPMI, IPP, IPsec, IPv6, ISAKMP, iSCSI, ISUP, IuUP, Juniper
GGSN, JXTA, K12, Kerberos, LAPD, LDAP, LLDP, LOOP, M3UA, MEGACO,
MPLS, MS MMS, MS NLB, MS Proxy, MTP3, NBNS, NCP 2222, NDPS,
Netflow, NFS, NJACK, NLM, NSIP, NTLMSSP, PN-DCP, POP, PPP, Q.931,
Radiotap, RADIUS, RANAP, RNSAP, RPC, RSYNC, RTCP, RTP, SCCP, SCCP
MG, SCSI, SDP, Sebek, SES, SIGCOMP, SIGCOMP UDVM, SIP, SKINNY,
SMB2, SMB (Mailslot, PIPE, SMB), SMPP, SNDCP, SNMP, SOCKS, SPNEGO,
SRVLOC, SSL, STUN, Syslog, T.38, TACACS, TCAP, TCP, TDS, Telnet,
TIPC, UDP, UMA, WSP, X11, X.411, X.509, XML
New and Updated Capture File Support
iSeries, Snoop, Windows Sniffer
Getting Ethereal
The source code, Windows and Solaris installers can be downloaded
immediately from the following locations:
Main site:
Windows installer:
http://www.ethereal.com/distribution/win32/ethereal-setup-0.99.0.exe
Source code:
http://www.ethereal.com/distribution/ethereal-0.99.0.tar.gz
http://www.ethereal.com/distribution/ethereal-0.99.0.tar.bz2
Source RPM:
http://www.ethereal.com/distribution/rpms/
Solaris installers:
http://www.ethereal.com/distribution/solaris/
SourceForge:
http://sourceforge.net/project/showfiles.php?group_id=255
The mirror sites listed at
http://www.ethereal.com/download.html#releases
should be updated shortly.
-------------------------------------------------------------------
Digests
ethereal-0.99.0.tar.bz2: 8884587 bytes
MD5(ethereal-0.99.0.tar.bz2)=f9905b9d347acdc05af664a7553f7f76
SHA1(ethereal-0.99.0.tar.bz2)=466299ac49f21904ed91b93e81667f226637e868
RIPEMD160(ethereal-0.99.0.tar.bz2)=f86e21ae60d53e1ed60b61e58c2941ecfd4d8696
ethereal-0.99.0.tar.gz: 11284145 bytes
MD5(ethereal-0.99.0.tar.gz)=92490abe23df1b2078579c512c788f9d
SHA1(ethereal-0.99.0.tar.gz)=a5a824ed3b4d0c5511441cc924e8333a8628bc7a
RIPEMD160(ethereal-0.99.0.tar.gz)=33a19a57fb1df3455d693bc7731ad543972fd8c6
ethereal-setup-0.99.0.exe: 13053058 bytes
MD5(ethereal-setup-0.99.0.exe)=c61cd84500b60adc045e548dd1b2c228
SHA1(ethereal-setup-0.99.0.exe)=39b25256757ffc59c0577aa3291bbf8673e83a1c
RIPEMD160(ethereal-setup-0.99.0.exe)=a35343c2679f3bbf30871fa8bf9d66211a5390fa
ethereal-0.99.0-1.src.rpm: 11268280 bytes
MD5(ethereal-0.99.0-1.src.rpm)=060b7b9d416a9d3d7a35e9ffc359f588
SHA1(ethereal-0.99.0-1.src.rpm)=d3827a3a1c53d8648739b7471e45ca5146f1b2f7
RIPEMD160(ethereal-0.99.0-1.src.rpm)=e87d6f119ccb84be9c24e035b4ee55503d36fc98
ethereal-0.99.0-solaris2.8-sparc-local.bz2: 13737042 bytes
MD5(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=400fecaa17006b08e33befa936f2b54a
SHA1(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=299038e4e7df73e20eed67f7d78c4959ac317b45
RIPEMD160(ethereal-0.99.0-solaris2.8-sparc-local.bz2)=5004e9ff5918ed37033815af7060f59a4722f781
ethereal-0.99.0-solaris2.9-sparc-local.bz2: 13725364 bytes
MD5(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=7c406279bcb13141642921edb7a9c05b
SHA1(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=06d0d3caa91967b52ce09c5cd7d7ad197d35b8f0
RIPEMD160(ethereal-0.99.0-solaris2.9-sparc-local.bz2)=3e12a434497379524676f0a50d833f9fed74ed84
patch-ethereal-0.10.14-to-0.99.0.diff.bz2: 1282447 bytes
MD5(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=64ed94711c4f7e1e1b81111d81cbf938
SHA1(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=72fd5b423082266689380335430e78fec13ac76c
RIPEMD160(patch-ethereal-0.10.14-to-0.99.0.diff.bz2)=e4b522ca7acbbcc1b5ca560cbbfb84a9862171cb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFETUFukXaEuZt2wEERAtStAJ9tm7dk/9IjsISLBoCLH4cVY2L86wCguJG8
6HZRcqLqSiC9d5/bncdqnH4=
=xL6R
-----END PGP SIGNATURE-----
_______________________________________________
Ethereal-announce mailing list
Ethereal-announce@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-announce