Software-update: Ethereal 0.10.13

Gisteren is versie 0.10.13 van Ethereal uitgebracht. Dit programma is een zogenaamde packet-sniffer en is in staat om de data die over het netwerk wordt verstuurd te analyseren in verschillende netwerk protocollen waardoor je het netwerkverkeer in zijn geheel kan monitoren. Tevens kan je ook reeds opgeslagen dataverkeer gebruiken als invoer voor het programma. In deze release een hele reeks belangrijke beveiliginglekken gedicht en het is daarom belangrijk te upgraden naar deze versie. Het complete changelog ziet er als volgt uit:

Bug Fixes

• The ISAKMP dissector could exhaust system memory. Versions affected: 0.10.11 to 0.10.12.
• The FC-FCS dissector could exhaust system memory. Versions affected: 0.9.0 to 0.10.12.
• The RSVP dissector could exhaust system memory. Versions affected: 0.9.4 to 0.10.12.
• The ISIS LSP dissector could exhaust system memory. Versions affected: 0.8.18 to 0.10.12.
• The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
• The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1 to 0.10.12.
• The BER dissector was susceptible to an infinite loop. Versions affected: 0.10.3 to 0.10.12.
• The SCSI dissector could dereference a null pointer and crash. Versions affected: 0.10.3 to 0.10.12.
• If the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory. This option is disabled by default. Versions affected: 0.7.7 to 0.10.12.
• The sFlow dissector could dereference a null pointer and crash. Versions affected: 0.9.14 to 0.10.12.
• The RTnet dissector could dereference a null pointer and crash. Versions affected: 0.10.8 to 0.10.12.
• The SigComp UDVM could go into an infinite loop or crash. Versions affected: 0.10.12.
• If SMB transaction payload reassembly is enabled the SMB dissector could crash. This preference is disabled by default. Versions affected: 0.9.7 to 0.10.12.
• The X11 dissector could attempt to divide by zero. Versions affected: 0.10.1 to 0.10.12.
• The AgentX dissector could overflow a buffer. Versions affected: 0.10.10 to 0.10.12.
• The WSP dissector could free an invalid pointer. Versions affected: 0.10.1 to 0.10.12.
• The NCP dissector was susceptible to an infinite loop. Versions affected: 0.9.7 to 0.10.12.
• The ACSE dissector was susceptible to infinite recursion. Versions affected: 0.10.12.
• iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions affected: 0.10.0 to 0.10.12.
• When trying to save a flow graph, Ethereal could crash.
• When viewing protocol hierarchy statistics, Ethereal and Tethereal could crash.
• The PCRE library that ships with the Windows installer has been upgraded from version 4.4 to 6.3 in response to a security vulnerability.

New and Updated Features

• The timestamp display precision of the Packet List can be adjusted now. The precision will be automatically adjusted depending on the file format loaded, e.g. libpcap typically uses microsecond resolution displayed like "0.000000". In addition you can adjust the precision manually through the View/Time Display Format menu items.
• The WinPcap version 3.1 installer was released since the last Ethereal release. The version included in the Ethereal Windows installer has been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap separately or install a different version you can download it from: the WinPcap web site.
• The behavior of the display filter "ip.checksum_bad" has changed. Instead of merely checking for its presence you must now make sure it is set, e.g. instead of using "ip.checksum_bad" you must now use "ip.checksum_bad == 1".
• A new capture file format "Nanosecond libpcap (Ethereal)" was added. It is very similar to the common libpcap file format but is capable of keeping nanosecond resolution timestamps. This format is currently supported only by Ethereal.
• Ethereal's memory managment has been greatly improved.
• Ethereal can now save gzip-compressed capture files.

New Protocol Support

• CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS Replication, X.411, X.420

Updated Protocol Support

• 802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13, ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP, AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP, BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS, DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR, SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT, FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP, H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2, IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC, IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12, Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO, MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NCP, NDMP, NS_CERT_EXTS, OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP, RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow, SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN, T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25, X.509, XML, YMSG

New and Updated Capture File Support

• 5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows Sniffer, Tektronix K12

[break]