Ethereal 0.10.11 has been released.
An aggressive testing program as well as independent discovery has
turned up a multitude of security issues:
The ANSI A dissector was susceptible to format string vulnerabilities.
Discovered by Bryan Fulton.
Versions affected: 0.9.15 to 0.10.10
The GSM MAP dissector could crash.
Versions affected: 0.10.0 to 0.10.10
The AIM dissector could cause a crash.
Versions affected: 0.9.14 to 0.10.10
The DISTCC dissector was susceptible to a buffer overflow.
Discovered by Ilja van Sprundel
Versions affected: 0.9.13 to 0.10.10
The FCELS dissector was susceptible to a buffer overflow.
Discovered by Neil Kettle
Versions affected: 0.9.9 to 0.10.10
The SIP dissector was susceptible to a buffer overflow.
Discovered by Ejovi Nuwere.
Versions affected: 0.10.0 to 0.10.10
The KINK dissector was susceptible to a null pointer exception,
endless looping, and other problems.
Versions affected: 0.10.10
The LMP dissector was susceptible to an endless loop.
Versions affected: 0.9.4 to 0.10.10
The Telnet dissector could abort.
Versions affected: 0.9.10 to 0.10.10
The TZSP dissector could cause a segmentation fault.
Versions affected: 0.10.10 to 0.10.10
The WSP dissector was susceptible to a null pointer exception and
assertions.
Versions affected: 0.10.0 to 0.10.10
The 802.3 Slow protocols dissector could throw an assertion.
Versions affected: 0.10.10
The BER dissector could throw assertions.
Versions affected: 0.10.2 to 0.10.10
The SMB Mailslot dissector was susceptible to a null pointer exception
and could throw assertions.
Versions affected: 0.9.0 to 0.10.10
The H.245 dissector was susceptible to a null pointer exception.
Versions affected: 0.10.10
The Bittorrent dissector could cause a segmentation fault.
Versions affected: 0.10.8 to 0.10.10
The SMB dissector could cause a segmentation fault and throw
assertions.
Versions affected: 0.9.0 to 0.10.10
The Fibre Channel dissector could cause a crash.
Versions affected: 0.9.9 to 0.10.10
The DICOM dissector could attempt to allocate large amounts of memory.
Versions affected: 0.10.4 to 0.10.10
The MGCP dissector was susceptible to a null pointer exception, could
loop indefinitely, and segfault.
Versions affected: 0.8.14 to 0.10.10
The RSVP dissector could loop indefinitely.
Versions affected: 0.9.8 to 0.10.10
The DHCP dissector was susceptible to format string vulnerabilities,
and could abort.
Versions affected: 0.10.7 to 0.10.10
The SRVLOC dissector could crash unexpectedly or go into an infinite
loop.
Versions affected: 0.9.8 to 0.10.10
The EIGRP dissector could loop indefinitely.
Versions affected: 0.8.18 to 0.10.10
The ISIS dissector could overflow a buffer.
Versions affected: 0.8.18 to 0.10.10
The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
and X.509 dissectors could overflow buffers.
Versions affected: 0.10.4 to 0.10.10
The NDPS dissector could exhaust system memory or cause an assertion,
or crash.
Versions affected: 0.9.12 to 0.10.10
The Q.931 dissector could try to free a null pointer and overflow
a buffer.
Versions affected: 0.10.10
The IAX2 dissector could throw an assertion.
Versions affected: 0.10.1 to 0.10.10
The ICEP dissector could try to free the same memory twice.
Versions affected: 0.10.7 to 0.10.10
The MEGACO dissector was susceptible to an infinite loop and a buffer
overflow.
Versions affected: 0.9.14 to 0.10.10
The DLSw dissector was susceptible to an infinite loop.
Versions affected: 0.9.1 to 0.10.10
The RPC dissector was susceptible to a null pointer exception.
Versions affected: 0.9.2 to 0.10.10
The NCP dissector could overflow a buffer or loop for a large amount
of time.
Versions affected: 0.10.5 to 0.10.10
The RADIUS dissector could throw an assertion.
Versions affected: 0.10.3 to 0.10.10
The GSM dissector could access an invalid pointer.
Versions affected: 0.10.10
The SMB PIPE dissector could throw an assertion.
Versions affected: 0.9.0 to 0.10.10
The L2TP dissector was susceptible to an infinite loop.
Versions affected: 0.10.9 to 0.10.10
The SMB NETLOGON dissector could dereference a null pointer.
Versions affected: 0.9.12 to 0.10.10
The MRDISC dissector could throw an assertion.
Versions affected: 0.8.19 to 0.10.10
The ISUP dissector could overflow a buffer or cause a segmentation
fault.
Versions affected: 0.8.19 to 0.10.10
The LDAP dissector could crash.
Versions affected: 0.10.1 to 0.10.10
The TCAP dissector could overflow a buffer or throw an assertion.
Versions affected: 0.10.8 to 0.10.10
The NTLMSSP dissector could crash.
Versions affected: 0.9.7 to 0.10.10
The Presentation dissector could overflow a buffer.
Versions affected: 0.10.1 to 0.10.10
Additionally, a number of dissectors could throw an assertion when
passing an invalid protocol tree item length.
Versions affected: 0.10.8 to 0.10.10
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00019.html
Everyone is encouraged to upgrade.
New and updated features
Many user interface improvements have been made:
The toolbar has been updated.
Packet detail tree items can be expanded and collapsed with the
right and left arrow keys.
The status bar display has been improved.
Live captures can now be restarted from the toolbar.
More improvements have been made to the ring buffer feature.
Display filters are now faster.
The capture engine has received major updates.
New protocol support
9P, Aruba ADP, Camel, DRSUAPI, DUA, HPSW, Monotone Netsync, nettl,
UMA, VNC (RFB)
Updated protocol support
ACSE, AgentX, AIM, AMR, ANSI A, ASN.1 BER/PER, ATM, ATSVC, BACapp,
BOOTP/DHCP, CDP, CMIP, CMP, CMS, CRMF, DCERPC, DHCPFO, DIAMETER,
DICOM, DISTCC, DLSw, EFS, EIGRP, EPM, ESIS, ESS, ETHERIC, Ethernet,
FC, FCELS, FCP, FTAM, G.723, GIOP, GRE, GSM, GSS-API, GTP, H.225,
H.245, H.263, HTTP, IAX2, ICEP, IEEE 802.11, IEEE 802.3 Slow
protocols, INAP, IP, IPsec, ISAKMP, iSCSI, ISIS, ISL, ISMP, ISUP,
JXTA, Kerberos, KINK, Kpasswd, L2TP, LDAP, LMP, M3UA, MANOLITO,
MEGACO, MGCP, MIP6, MMSE, MQ, MRDISC, MTP2, NCP, NDMP, NDPS, NFS, NLM,
OCSP, OSI options, PIM, PKIX1Explitit, PKIX Qualified, PKTC, Portmap,
PPP, PRES, PROFINET DCP, Q.2931, Q.931, Q.933, RADIUS, RDM, RPC, RSVP,
RTP, RTSP, RX, SCCP, SCSI, SCTP, SDP, sFlow, SIP, SKINNY, SM, SMB
(SMB, PIPE, LOGON, Mailslot), SNA, SPNEGO, SRVLOC, SUA, TCAP, TCP,
Telnet, TFTP, TZSP, Vines, WSP, X11, X.509, XML
New and updated capture file support
5Views, HP nettl
Download Sites
The source code, Windows and Solaris installers can be downloaded
immediately from the following locations:
Main site:
Source:
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.bz2
Windows installer:
http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.11.exe
Solaris installers:
http://www.ethereal.com/distribution/solaris/
SourceForge:
http://sourceforge.net/project/showfiles.php?group_id=255
The mirror sites listed at
http://www.ethereal.com/download.html#releases
should be updated shortly.
Digests
MD5(ethereal-0.10.11.tar.bz2)=03aa7fe2cbef9aa0654637cdc60e0458
SHA1(ethereal-0.10.11.tar.bz2)=8ce2f276cd71b6dae23b75496316f72285bab547
RIPEMD160(ethereal-0.10.11.tar.bz2)=3064136913a762f8cad1e4c925c70cce9895f05a
MD5(ethereal-0.10.11.tar.gz)=6d669d23dfb4364f4ac60b51cd81c0dc
SHA1(ethereal-0.10.11.tar.gz)=338e75ca2ff55b545621a2a14061a23fc36dc928
RIPEMD160(ethereal-0.10.11.tar.gz)=cf778f8ca6f1febd018fb5ad0c6a234e0b44322a
MD5(ethereal-setup-0.10.11.exe)=6e9503aab51a30e88d311e90aa32fb8e
SHA1(ethereal-setup-0.10.11.exe)=ca2ab7e31721177b45bf68f44ce416ccf6a47b06
RIPEMD160(ethereal-setup-0.10.11.exe)=8f5ba58dbbd9384db774153b17b070966ef100cd
MD5(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=cc917e2f15b369d546ddfc58410118ee
SHA1(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=0abca8f5794f128139d472d05964edce9d321132
RIPEMD160(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=db7d363ba1f26be01a267e0df01609bca8362520
MD5(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=7aae18f81df9ee57996ecd2d58f4432c
SHA1(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=352ad8f56f4240c806e131631a4c92927a82b668
RIPEMD160(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=6b83eb397a05ecce1511123fb64c446b7c452c67
MD5(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=c2ec966f18f919aef9e7f20ed9e475fe
SHA1(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=bdd0355771448ea5a42e1e2d1847e235465c7a95
RIPEMD160(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=9e930b4eeca68caaa139558cf93d10a576dff047
An aggressive testing program as well as independent discovery has
turned up a multitude of security issues:
The ANSI A dissector was susceptible to format string vulnerabilities.
Discovered by Bryan Fulton.
Versions affected: 0.9.15 to 0.10.10
The GSM MAP dissector could crash.
Versions affected: 0.10.0 to 0.10.10
The AIM dissector could cause a crash.
Versions affected: 0.9.14 to 0.10.10
The DISTCC dissector was susceptible to a buffer overflow.
Discovered by Ilja van Sprundel
Versions affected: 0.9.13 to 0.10.10
The FCELS dissector was susceptible to a buffer overflow.
Discovered by Neil Kettle
Versions affected: 0.9.9 to 0.10.10
The SIP dissector was susceptible to a buffer overflow.
Discovered by Ejovi Nuwere.
Versions affected: 0.10.0 to 0.10.10
The KINK dissector was susceptible to a null pointer exception,
endless looping, and other problems.
Versions affected: 0.10.10
The LMP dissector was susceptible to an endless loop.
Versions affected: 0.9.4 to 0.10.10
The Telnet dissector could abort.
Versions affected: 0.9.10 to 0.10.10
The TZSP dissector could cause a segmentation fault.
Versions affected: 0.10.10 to 0.10.10
The WSP dissector was susceptible to a null pointer exception and
assertions.
Versions affected: 0.10.0 to 0.10.10
The 802.3 Slow protocols dissector could throw an assertion.
Versions affected: 0.10.10
The BER dissector could throw assertions.
Versions affected: 0.10.2 to 0.10.10
The SMB Mailslot dissector was susceptible to a null pointer exception
and could throw assertions.
Versions affected: 0.9.0 to 0.10.10
The H.245 dissector was susceptible to a null pointer exception.
Versions affected: 0.10.10
The Bittorrent dissector could cause a segmentation fault.
Versions affected: 0.10.8 to 0.10.10
The SMB dissector could cause a segmentation fault and throw
assertions.
Versions affected: 0.9.0 to 0.10.10
The Fibre Channel dissector could cause a crash.
Versions affected: 0.9.9 to 0.10.10
The DICOM dissector could attempt to allocate large amounts of memory.
Versions affected: 0.10.4 to 0.10.10
The MGCP dissector was susceptible to a null pointer exception, could
loop indefinitely, and segfault.
Versions affected: 0.8.14 to 0.10.10
The RSVP dissector could loop indefinitely.
Versions affected: 0.9.8 to 0.10.10
The DHCP dissector was susceptible to format string vulnerabilities,
and could abort.
Versions affected: 0.10.7 to 0.10.10
The SRVLOC dissector could crash unexpectedly or go into an infinite
loop.
Versions affected: 0.9.8 to 0.10.10
The EIGRP dissector could loop indefinitely.
Versions affected: 0.8.18 to 0.10.10
The ISIS dissector could overflow a buffer.
Versions affected: 0.8.18 to 0.10.10
The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
and X.509 dissectors could overflow buffers.
Versions affected: 0.10.4 to 0.10.10
The NDPS dissector could exhaust system memory or cause an assertion,
or crash.
Versions affected: 0.9.12 to 0.10.10
The Q.931 dissector could try to free a null pointer and overflow
a buffer.
Versions affected: 0.10.10
The IAX2 dissector could throw an assertion.
Versions affected: 0.10.1 to 0.10.10
The ICEP dissector could try to free the same memory twice.
Versions affected: 0.10.7 to 0.10.10
The MEGACO dissector was susceptible to an infinite loop and a buffer
overflow.
Versions affected: 0.9.14 to 0.10.10
The DLSw dissector was susceptible to an infinite loop.
Versions affected: 0.9.1 to 0.10.10
The RPC dissector was susceptible to a null pointer exception.
Versions affected: 0.9.2 to 0.10.10
The NCP dissector could overflow a buffer or loop for a large amount
of time.
Versions affected: 0.10.5 to 0.10.10
The RADIUS dissector could throw an assertion.
Versions affected: 0.10.3 to 0.10.10
The GSM dissector could access an invalid pointer.
Versions affected: 0.10.10
The SMB PIPE dissector could throw an assertion.
Versions affected: 0.9.0 to 0.10.10
The L2TP dissector was susceptible to an infinite loop.
Versions affected: 0.10.9 to 0.10.10
The SMB NETLOGON dissector could dereference a null pointer.
Versions affected: 0.9.12 to 0.10.10
The MRDISC dissector could throw an assertion.
Versions affected: 0.8.19 to 0.10.10
The ISUP dissector could overflow a buffer or cause a segmentation
fault.
Versions affected: 0.8.19 to 0.10.10
The LDAP dissector could crash.
Versions affected: 0.10.1 to 0.10.10
The TCAP dissector could overflow a buffer or throw an assertion.
Versions affected: 0.10.8 to 0.10.10
The NTLMSSP dissector could crash.
Versions affected: 0.9.7 to 0.10.10
The Presentation dissector could overflow a buffer.
Versions affected: 0.10.1 to 0.10.10
Additionally, a number of dissectors could throw an assertion when
passing an invalid protocol tree item length.
Versions affected: 0.10.8 to 0.10.10
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00019.html
Everyone is encouraged to upgrade.
New and updated features
Many user interface improvements have been made:
The toolbar has been updated.
Packet detail tree items can be expanded and collapsed with the
right and left arrow keys.
The status bar display has been improved.
Live captures can now be restarted from the toolbar.
More improvements have been made to the ring buffer feature.
Display filters are now faster.
The capture engine has received major updates.
New protocol support
9P, Aruba ADP, Camel, DRSUAPI, DUA, HPSW, Monotone Netsync, nettl,
UMA, VNC (RFB)
Updated protocol support
ACSE, AgentX, AIM, AMR, ANSI A, ASN.1 BER/PER, ATM, ATSVC, BACapp,
BOOTP/DHCP, CDP, CMIP, CMP, CMS, CRMF, DCERPC, DHCPFO, DIAMETER,
DICOM, DISTCC, DLSw, EFS, EIGRP, EPM, ESIS, ESS, ETHERIC, Ethernet,
FC, FCELS, FCP, FTAM, G.723, GIOP, GRE, GSM, GSS-API, GTP, H.225,
H.245, H.263, HTTP, IAX2, ICEP, IEEE 802.11, IEEE 802.3 Slow
protocols, INAP, IP, IPsec, ISAKMP, iSCSI, ISIS, ISL, ISMP, ISUP,
JXTA, Kerberos, KINK, Kpasswd, L2TP, LDAP, LMP, M3UA, MANOLITO,
MEGACO, MGCP, MIP6, MMSE, MQ, MRDISC, MTP2, NCP, NDMP, NDPS, NFS, NLM,
OCSP, OSI options, PIM, PKIX1Explitit, PKIX Qualified, PKTC, Portmap,
PPP, PRES, PROFINET DCP, Q.2931, Q.931, Q.933, RADIUS, RDM, RPC, RSVP,
RTP, RTSP, RX, SCCP, SCSI, SCTP, SDP, sFlow, SIP, SKINNY, SM, SMB
(SMB, PIPE, LOGON, Mailslot), SNA, SPNEGO, SRVLOC, SUA, TCAP, TCP,
Telnet, TFTP, TZSP, Vines, WSP, X11, X.509, XML
New and updated capture file support
5Views, HP nettl
Download Sites
The source code, Windows and Solaris installers can be downloaded
immediately from the following locations:
Main site:
Source:
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.bz2
Windows installer:
http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.11.exe
Solaris installers:
http://www.ethereal.com/distribution/solaris/
SourceForge:
http://sourceforge.net/project/showfiles.php?group_id=255
The mirror sites listed at
http://www.ethereal.com/download.html#releases
should be updated shortly.
Digests
MD5(ethereal-0.10.11.tar.bz2)=03aa7fe2cbef9aa0654637cdc60e0458
SHA1(ethereal-0.10.11.tar.bz2)=8ce2f276cd71b6dae23b75496316f72285bab547
RIPEMD160(ethereal-0.10.11.tar.bz2)=3064136913a762f8cad1e4c925c70cce9895f05a
MD5(ethereal-0.10.11.tar.gz)=6d669d23dfb4364f4ac60b51cd81c0dc
SHA1(ethereal-0.10.11.tar.gz)=338e75ca2ff55b545621a2a14061a23fc36dc928
RIPEMD160(ethereal-0.10.11.tar.gz)=cf778f8ca6f1febd018fb5ad0c6a234e0b44322a
MD5(ethereal-setup-0.10.11.exe)=6e9503aab51a30e88d311e90aa32fb8e
SHA1(ethereal-setup-0.10.11.exe)=ca2ab7e31721177b45bf68f44ce416ccf6a47b06
RIPEMD160(ethereal-setup-0.10.11.exe)=8f5ba58dbbd9384db774153b17b070966ef100cd
MD5(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=cc917e2f15b369d546ddfc58410118ee
SHA1(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=0abca8f5794f128139d472d05964edce9d321132
RIPEMD160(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=db7d363ba1f26be01a267e0df01609bca8362520
MD5(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=7aae18f81df9ee57996ecd2d58f4432c
SHA1(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=352ad8f56f4240c806e131631a4c92927a82b668
RIPEMD160(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=6b83eb397a05ecce1511123fb64c446b7c452c67
MD5(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=c2ec966f18f919aef9e7f20ed9e475fe
SHA1(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=bdd0355771448ea5a42e1e2d1847e235465c7a95
RIPEMD160(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=9e930b4eeca68caaa139558cf93d10a576dff047
Attached Files:
-
signature.asc (0.18 KB)