WireShark v1.2.6 released

Wireshark is the world’s most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2

Wireshark 1.2.6 (stable) has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available. This release fixes a vulnerability in the LWRES dissector. See the advisory below for details.

JPEG - 27 kb

Name:LWRES vulnerability in Wireshark® version 0.9.0 to 1.2.5

Docid: wnpa-sec-2010-02

Date: January 27, 2010

Versions affected: 0.9.0 up to and including 1.2.5
Details

Description

Wireshark 1.2.6 fixes the following vulnerabilities:

  • Babi discovered several buffer overflows in the LWRES dissector.
    Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5

Impact

It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.2.6 or later.

If are running Wireshark 1.2.5 or earlier (including Ethereal) and cannot upgrade, you can work around each of the problems listed above by doing the following:

  • Disable the LWRES dissector:
  • Select Analyze→Enabled Protocols... from the menu.
  • Make sure "LWRES" is un-checked.
  • Click "Save", then click "OK".