Thursday, December 29, 2005

Ethereal 0.10.14 Available

Ethereal version 0.10.14 was released Tuesday. It addresses vulnerabilities in the IRC, GTP, and OSPF protocol dissectors. Smart bot net IRC operators could inject evil traffic to attack security researchers looking at command and control messages. That's a great reason to not collect traffic directly with Ethereal. Instead, collect it with Tcpdump, then review it as a non-root user using Ethereal.

1 comment:

Anonymous said...

Gosh...how many vulnerabilities has Ethereal had this year? You'd think the development team would institute privilege separation (lack of it is the reason Ethereal was taken out of the OpenBSD ports tree). Privilege separation would mitigate most of these types of problems. It's still a great tool, but pretty obvious some changes need to be made.