Wireshark の Ver.1.2.2 が出たみたいです。
脆弱性があった模様↓です。
Wireshark http://www.wireshark.org/security/wnpa-sec-2009-06.html
> wnpa-sec-2009-06
1.2.1 以下を使い続ける場合、対象 "Protocols" に以下のモノは使うな、と云うことらしいです。
"GSM CCCH", "OpcUa", and "SSL"。
News Release:
Wireshark http://www.wireshark.org/news/20090915.html
> Wireshark 1.2.2, 1.0.9, and 1.3.0 Released
> Sep 15, 2009
Release Notes:
Wireshark http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
> Wireshark 1.2.2 Release Notes
ダウンロードページ:
Wireshark http://www.wireshark.org/download.html
> Get Wireshark
>
> The current stable release of Wireshark is 1.2.2.
> It supersedes all previous releases, including all
> releases of Ethereal. You can also download the latest
> development release (1.3.0) and documentation.
(Snip)
(VirusTotal、Result: 0/41 (0.00%))
(図3)
Wireshark 1.2.2。
(画像サイズ 70KB 51KB)
(関連)
SANS Internet Storm Center http://isc.sans.org/diary.html?storyid=7132
> Wireshark 1.2.2 (and 1.0.9) is out!
"An attacker might force Wireshark to crash remotely during live captures or by convincing someone to read a malformed packet trace file." とのことです。
Secunia Advisories http://secunia.com/advisories/36754/
> Wireshark Multiple Denial of Service Vulnerabilities
危険度は、"Moderately critical" で、"From remote " から攻撃可。
怪しい(Craftedな)パケットを拾わせるか、pcap ファイルを送りつけて開かせるかってところです。
いじょうです。
-
- -
