2007年12月20日

[installer 1362] wireshark-0.99.7

wireshark-0.99.7 出ました。

今回も複数のセキュリティホール修正が含まれています。
リリースエンジニアリングが酷くて、セキュリティホール情報を自分たちで
出してからリリースまでかなり日が経っています…
(CVE も CVE-2007-6111〜6121 が振られていたのですが、新たに振り直された
ようです)
http://www.wireshark.org/security/wnpa-sec-2007-03.html

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6451
参照のこと。

☆ wireshark-0.99.7
http://www.wireshark.org/
http://sourceforge.net/projects/wireshark/
http://sourceforge.net/project/showfiles.php?group_id=255&package_id=193847
http://www.wireshark.org/download/src/wireshark-0.99.7.tar.gz

Wireshark 0.99.7 Release Notes

------------------------------------------------------------------

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development, and
education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the [1]security
advisory for details and a workaround.

o Wireshark could crash when reading an MP3 file.

Versions affected: 0.99.6

o Beyond Security discovered that Wireshark could loop
excessively while reading a malformed DNP packet.

Versions affected: 0.10.12 to 0.99.6

o Stefan Esser discovered a buffer overflow in the SSL
dissector.

Versions affected: 0.99.0 to 0.99.6

o The ANSI MAP dissector could be susceptible to a buffer
overflow on some platforms.

Versions affected: 0.99.5 to 0.99.6

o The Firebird/Interbase dissector could go into an infinite
loop or crash.

Versions affected: 0.99.6

o The NCP dissector could cause a crash.

Versions affected: 0.99.6

o The HTTP dissector could crash on some systems while decoding
chunked messages.

Versions affected: 0.10.14 to 0.99.6

o The MEGACO dissector could enter a large loop and consume
system resources.

Versions affected: 0.9.14 to 0.99.6

o The DCP ETSI dissector could enter a large loop and consume
system resources.

Versions affected: 0.99.6

o Fabiodds discovered a buffer overflow in the iSeries (OS/400)
Communication trace file parser.

Versions affected: 0.99.0 to 0.99.6

o The PPP dissector could overflow a buffer.

Versions affected: 0.99.6

o The Bluetooth SDP dissector could go into an infinite loop.

Versions affected: 0.99.2 to 0.99.6

o A malformed RPC Portmap packet could cause a crash.

Versions affected: 0.8.16 to 0.99.6

o The IPv6 dissector could loop excessively.

Versions affected: 0.99.6

o The USB dissector could loop excessively or crash.

Versions affected: 0.99.6

o The SMB dissector could crash.

Versions affected: 0.99.6

o The RPL dissector could go into an infinite loop.

Versions affected: 0.9.8 to 0.99.6

o The WiMAX dissector could crash due to unaligned access on
some platforms.

Versions affected: 0.99.6

o The CIP dissector could attempt to allocate a huge amount of
memory and crash.

Versions affected: 0.9.14 to 0.99.6

The following bugs have been fixed:

o Handling of non-ASCII file names and paths has been improved.

o Wireshark could crash while editing a coloring rule or a UAT
table.

o The display filter code could crash while bitwise ANDing an
IPv4 address.

New and Updated Features

The following features are new (or have been significantly
updated) since the last release:

o Most of the capture code has been moved out of the GUI, which
means that Wireshark no longer needs to be run as root.

o Many display filter names have been cleaned up. If your
favorite display filter just went missing, please consult the
[2]display filter reference to find out where it ended up.

o You can now filter directly on SNMP OIDs.

o IO graphs have more display options, and you can now export
graphs.

o You can now follow UDP streams in addition to TCP and SSL
streams.

o You can now disable coloring rules without deleting them.

o Main window toolbar buttons are now available even when the
window is small.

o The version of WinPcap that ships with the Windows installers
has been updated to 4.0.2.

o The Windows installers now include a "services" file, which
maps port numbers to names.

o The Windows installer now enables npf.sys by default under
Vista. Wireshark will print a warning at startup if npf.sys
isn't loaded under Vista.

o Optimizations have been applied in some places to make
Wireshark start up and run faster.

New Protocol Support

ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS,
EtherCAT, ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and
802.1ah, IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM,
Wake on LAN, WiMAX ASN Control Plane, X.224,

Updated Protocol Support

3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL,
CDT, CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP,
DCERPC ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP
ETSI, DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP,
DNS, DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC,
FCOE, FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP,
HTTP, IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP,
ISIS, iSNS, ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP,
LINX, LPD, LWAPP, MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG
PES, MPEG, MTP2, MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF,
P_MUL, PANA, PER, PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE,
PRES, PROFINET, PTP, Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS,
RANAP, RNSAP, ROS, RTCP, RTP, RTSE, RTSP, SCCP, SCTP, SDP,
SIGCOMP, SIP, Slow Protocols, SMB, SMPP, SMTP, SNDCP, SNMP, SRP,
SSL, STANAG 4406, STUN2, TCAP, TCP, text/media, TIPC, ULP, UMA,
UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX, WLCCP, X.411, X.420, X.509
SAT, XML,

New and Updated Capture File Support

Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual
Networks, Windows Sniffer (NetXRay)

Getting Wireshark

Wireshark source code and installation packages are available from
the [3]download page on the main web site.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
packages can be found on the [4]download page on the Wireshark web
site.

File Locations

Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.

Known Problems

Saving to the currently-open file doesn't work under Windows.
([5]Bug 2080)

The Filter button is nonfunctional in the file dialogs under
Windows. ([6]Bug 942)

GTK+ 2.x [7]renders white text on 8-bit displays under Windows.
You can work around this by installing the GTK+ 1.2 version of
Wireshark or by increasing your display depth to 15 bits or more.

Getting Help

Community support is available on the wireshark-users mailing
list. Subscription information and archives for all of Wireshark's
mailing lists can be found on [8]the web site.

Commercial support, training, and development services are
available from [9]CACE Technologies.

Frequently Asked Questions

A complete FAQ is available on the [10]Wireshark web site.

References

Visible links
1. http://www.wireshark.org/security/wnpa-sec-2007-02.html
2. http://www.wireshark.org/docs/dfref/
3. http://www.wireshark.org/download.html
4. http://www.wireshark.org/download.html#otherplat
5. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2080
6. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
7. http://bugzilla.gnome.org/show_bug.cgi?id=438652
8. http://www.wireshark.org/lists/
9. http://www.cacetech.com/
10. http://www.wireshark.org/faq.html

----
こがよういちろう


投稿者 xml-rpc : 2007年12月20日 10:11
役に立ちました?:
過去のフィードバック 平均:(-1) 総合:(-7) 投票回数:(7)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/67845
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。