Tuesday, November 04, 2003

Security Hole in Ethereal; Upgrade Now

The Ethereal project makes the finest open source protocol analyzer available. Yesterday they announced a vulnerability affecting at least Ethereal 0.9.15. They recommend upgrading to 0.9.16 right away. From the advisory:


Potential security issues have been discovered in the following protocol dissectors:

  • An improperly formatted GTP MSISDN string could cause a buffer overflow.
  • A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash.
  • The SOCKS dissector was susceptible to a heap overlfow.


It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.


Upgrade to 0.9.16.

If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.

Beyond the security fixes, you've got to see the new toolbar! Wow, Ethereal is looking good.

No comments: