Ethereal 0.10.14 Available

Ethereal version 0.10.14 was released Tuesday. It addresses vulnerabilities in the IRC, GTP, and OSPF protocol dissectors. Smart bot net IRC operators could inject evil traffic to attack security researchers looking at command and control messages. That's a great reason to not collect traffic directly with Ethereal. Instead, collect it with Tcpdump, then review it as a non-root user using Ethereal.


Anonymous said… many vulnerabilities has Ethereal had this year? You'd think the development team would institute privilege separation (lack of it is the reason Ethereal was taken out of the OpenBSD ports tree). Privilege separation would mitigate most of these types of problems. It's still a great tool, but pretty obvious some changes need to be made.

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia