入れてみました。
Wireshark http://www.wireshark.org/security/wnpa-sec-2009-02.html
> Summary
> Name: Multiple problems in Wireshark® versions 0.9.6 to 1.0.6
> Docid: wnpa-sec-2009-02
> Date: April 6, 2009
> Versions affected: 0.9.6 up to and including 1.0.6
(Snip)
> Impact
> It may be possible to make Wireshark crash by altering the HOME environment
> variable or by convincing someone to read a malformed packet trace file.
(Snip)
> If are running Wireshark 1.0.6 or earlier (including Ethereal 0.99.0)
> and cannot upgrade, you can work around each of the problems listed
> above by doing the following:
> * For each user that will run Wireshark (including root if you're
> running Wireshark as a privileged user), make sure the HOME environment
> variable doesnt' contain any "%" characters.
> * Don't open any Tektronix K12 text or NetScreen capture files.
Wireshark http://www.wireshark.org/docs/relnotes/wireshark-1.0.7.html
> Wireshark 1.0.7 Release Notes
ダウンロードページ↓。
Wireshark http://www.wireshark.org/download.html
> Get Wireshark
> The current stable release of Wireshark is 1.0.7.
> It supersedes all previous releases, including all releases of Ethereal.
> You can also download the latest development release (1.1.3) and documentation.
(Snip)
なにかデジャビュな感じがしますが、実は直ってなかったってことでしょうか。
(関連)
有限責任中間法人 JPCERT コーディネーションセンター http://www.jpcert.or.jp/wr/2009/wr091401.txt
> 【3】Wireshark に脆弱性
http://d.hatena.ne.jp/TsuSUZUKI/20090208/1234023685
http://d.hatena.ne.jp/TsuSUZUKI/20080717/1216268785
いじょうです。
-
- -