- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- The GSM A RR dissector could crash.
Versions affected: 1.2.0 to 1.2.1
- The OpcUa dissector could use excessive CPU and memory.
Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
- The TLS dissector could crash on some platforms.
Versions affected: 1.2.0 to 1.2.1
- The following bugs have been fixed:
- The "Capture->Interfaces" window can't be closed. (Bug 1740)
- tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)
- Memory leak fixes. (Bug 3330)
- Display filter autocompletion doesn't work for some RADIUS and
WiMAX ASNCP fields. (Bug 3538)
- Wireshark Portable includes wrong WinPcap installer. (Bug
3547)
- Crash when loading a profile. (Bug 3640)
- The proto,colinfo tap doesn't work if the INFO column isn't
being printed. (Bug 3675)
- Flow Graph adds too much unnecessary garbage. (Bug 3693)
- The EAP Diameter dictionary file was missing in the
distribution. (Bug 3761)
- Graph analysis window is behind other window. (Bug 3773)
- IKEv2 Cert Request payload dissection error. (Bug 3782)
- DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified
domain-name. (Bug 3792)
- Malformed RTCP Packet error while sending Payload specific
RTCP feedback packet( as per RFC 4585). (Bug 3800)
- 802.11n Block Ack packet Bitmap field missing. (Bug 3806)
- Wireshark doesn't decode WBXML/ActiveSync information
correctly. (Bug 3811)
- Malformed packet when IPv6 packet has Next Header == 59. (Bug
3820)
- Wireshark could crash while reading an ERF file. (Bug 3849)
- Minor errors in gsm rr dissectors. (Bug 3889)
- WPA Decryption Issues. (Bug 3890)
- GSM A RR sys info dissection problem. (Bug 3901)
- GSM A RR inverts MEAS-VALID values. (Bug 3915)
- PDML output leaks ~300 bytes / packet. (Bug 3913)
- Incorrect station identifier parsing in Kingfisher dissector.
(Bug 3946)
- DHCPv6, Vendor-Specific Informantion, SubOption"Option
Request" parser incorrect. (Bug 3987)
- Wireshark could leak memory while analyzing SSL.
- Wireshark could crash while updating menu items after reading
a file in some cases.
- The Mac OS X ChmodBPF script now works correctly under Snow
Leopard.
- Updated Protocol Support
DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11,
IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP,
SSL, TCP, WBXML, ZRTP
- Updated Capture File Support
ERF
New features:
- Wireshark has a spiffy new start page.
- Display filters now autocomplete.
- Support for the c-ares resolver library has been added. It has many
- advantages over ADNS.
- Many new protocol dissectors and capture file formats have been added.
- Macintosh OS X support has been improved.
- GeoIP database lookups.
- OpenStreetMap + GeoIP integration.
- Improved Postscript(R) print output.
- The preference handling code is now much smarter about changes.
- Support for Pcap-ng, the next-generation capture file format.
- Support for process information correlation via IPFIX.
- Column widths are now saved.
- The last used configuration profile is now saved.
- Protocol preferences are changeable from the packet details context menu.
- Support for IP packet comparison.
- Capinfos now shows the average packet rate.
Security fixes:
- The AFS dissector could crash.
- The Infiniband dissector could crash on some platforms.
this pkg can be built against a gnutls which was built without
"openssl emulation". We build against the real openssl anyway, and
having both the real openssl and one emulated by gnutls has some
potential for namespace collisions, thus I'm considering to build
the pkgsrc gnutls w/o openssl emulation.
(This is just a build issue as far as wireshark is concerned, so
no PKGREV bump is needed.)
- Bug Fixes:
- The PCNFSD dissector could crash. (wnpa-sec-2009-03)
- Lua integration could crash.
- The SCCP dissector could crash when loading more than one file in
a single session.
- The NDMP dissector could crash if reassembly was enabled.
- Updated Protocol Support:
All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066
- Security-related bugs in the Profinet, LDAP, and CPHAP dissectors and
the Tektronix K12 file format have been fixed.
- Many other bugs have been fixed.
Changes between 1.0.5 and 1.0.6.:
- The following vulnerabilities have been fixed:
* On non-Windows systems, Wireshark could crash if the HOME environment
variable contained sprintf-style string formatting characters.
* Wireshark could crash while reading a malformed NetScreen snoop file.
* Wireshark could crash while reading a Tektronix K12 text capture file.
- The following bugs have been fixed:
* Crash when loading capture file and Preferences: NO Info column
* Some Lua scripts may lead to corruption via out of bounds stack
* Build with GLib 1.2 fails with error: 'G_MININT32' undeclared
* Wrong decoding IMSI with GSM MAP protocol
* Segmentation fault for "Follow TCP stream" (Bug 3119)
* SMPP optional parameter 'network_error_code' incorrectly decoded
* DHCPv6 dissector doesn't handle malformed FQDN
* WCCP overrides CFLOW as decoded protocol (Bug 3175)
* Improper decoding of MPLS echo reply IPv4 Interface and Label Stack Object
* ANSI MAP fix for TRN digits/SMS and OTA subdissection (Bug 3214)
- Updated Protocol Support
* AFS, ATM, DHCPv6, DIS, E.212, RTP, UDP, USB, WCCP, WPS
- New and Updated Capture File Support
* NetScreen snoop
Changes between version 1.0.4 and 1.0.5:
- The following vulnerabilities have been fixed. See the security advisory
for details and a workaround.
* The SMTP dissector could consume excessive amounts of CPU and memory.
* The WLCCP dissector could go into an infinte loop.
- The following bugs have been fixed:
* Missing CRLF during HTTP POST in the "packet details" window
* Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3
* Diameter dissector fails RFC 4005 compliance
* LDP vendor private TLV type is not correctly shown
* Wireshark on MacOS does not run when there are spaces in its path
* Compilation broke when compiling without zlib
* Memory leak: saved_repoid
* Memory leak: follow_info
* Memory leak: follow_info
* Memory leak: tacplus_data
* Memory leak: col_arrows
* Memory leak: col_arrows
* Incorrect address structure assigned for find_conversation() in WSP
* Memory leak with unistim in voip_calls
* Error parsing the BSSGP protocol
* Assertion thrown in fvalue_get_uinteger when decoding TIPC
* LUA script : Wireshark crashes after closing and opening again a window
used by a listener.draw() function.
- Updated Protocol Support
* ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP, MPEG PES
* PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG 5066, TACACS, TIPC
* WLCCP, WSP
The package update was provided by Matthias Drochner in private e-mail.
- Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931,
MATE, and USB dissectors, as well as the Tammos CommView file parser have
been fixed.
- Many other bugs have been fixed.
This update addresses the security vulnerabilies reported
in wnpa-sec-2008-06.
- Security-related bugs in the NCP dissector, zlib compression code, and
Tektronix .rf5 file parser have been fixed.
- WPA group key decryption is now supported.
- A bug that could cause packets to be wrongly dissected as "Redback
Lawful Intercept" has been fixed.
This update address the security vulnerability reported in CVE-2008-3146.
The following vulnerabilities have been fixed:
- Wireshark could crash while reassembling packets.
The following bugs have been fixed:
- Dumpcap could crash on some versions of Windows (primarily Vista).
- Security-related vulnerabilities in the SCTP, SNMP, and TFTP dissectors
have been fixed.
- This release adds configuration profiles, temporary coloring rules,
enhanced I/O graphs, WLAN traffic statistics, and many other useful
features.
version 0.99.6:
- Fixes for the security problems reported in "wnpa-sec-2007-03"
- Most of the capture code has been moved out of the GUI, which means
that Wireshark no longer needs to be run as root.
- Many display filter names have been cleaned up. If your favorite
display filter just went missing, please consult the display filter
reference to find out where it ended up.
- You can now filter directly on SNMP OIDs.
- IO graphs have more display options, and you can now export graphs.
- You can now follow UDP streams in addition to TCP and SSL streams.
- You can now disable coloring rules without deleting them.
- Main window toolbar buttons are now available even when the window is
small.
- Optimizations have been applied in some places to make Wireshark start up
and run faster.
- New Protocol Support
ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT,
ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah,
IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN,
WiMAX ASN Control Plane, X.224
- Updated Protocol Support
3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT,
CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC
ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI,
DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS,
DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE,
FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP,
IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS,
ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP,
MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2,
MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER,
PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP,
Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP,
RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB,
SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP,
text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX,
WLCCP, X.411, X.420, X.509 SAT, XML
- New and Updated Capture File Support
Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks,
Windows Sniffer (NetXRay)
Changes since version 0.99.4:
- Bug Fixes
o The TCP dissector could hang or crash while reassembling HTTP
packets.
Versions affected: 0.99.2 to 0.99.4
CVE-2007-0459
o The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0458
o On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
CVE-2007-0457
o On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0456
The following bugs have been fixed:
o The end of HTTP chunked encoding wasn't being displayed.
o The Follow TCP Stream window could omit characters.
o Opening a flow graph could crash Wireshark.
o Follow TCP Stream would sometimes get the direction wrong.
o The foreground text in the coloring rules editor was always
black.
o The CSV export format was incorrect.
o On some Windows systems Wireshark could take a long time to
start up.
o Malformed UDLD packets could cause an exception.
o The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
- New and Updated Features
o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
o 64-bit file handling has been improved.
o The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL
stream dialogs.
o Main window keyboard navigation has been improved.
o ASN.1 BER-encoded files can now be dissected according to a
user-specified syntax.
- New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
v2
- Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
- New and Updated Capture File Support
Catapult DCT2000, Netttl, Windows Sniffer / NetXray
Changes since version 0.99.3:
- Bug fixes
o The HTTP dissector could crash. (Bugs 1050 and 1079)
Versions affected: 0.99.3.
CVE-2006-5468
o The LDAP dissector (and possibly others) could crash. (Bug 1054)
Versions affected: 0.99.3.
o The XOT dissector could attempt to allocate a large amount of
memory and crash. (Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805
o The WBXML dissector could crash. (Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469
o The MIME Multipart dissector was susceptible to an off-by-one
error. (Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574
o If AirPcap support was enabled, parsing a WEP key could
sometimes cause a crash.
Versions affected: 0.99.3.
o The file set dialog could grow excessively large. (Bug 331)
o Trying to save flow data may crash Wireshark. (Bug 396)
o The personal hosts configuration file wasn't being parsed
correctly. (Bug 795)
o "Save as" to an existing file wasn't allowed. (Bug 927)
o The SNMP dissector was not handling 64-bit counters properly.
(Bug 1047)
o The HTTP content-length field was a string instead of an
integer. (Bug 1109)
o Invalid characters could show up in PDML output. (Bug 1110)
- New and Updated Features
o AirPcap, support (which provides raw mode capture under
Windows) has been enhanced to allow capturing on multiple
AirPcap adapters simultaneously using the Multi-Channel
Aggregator.
o VoIP call playback has been enhanced. If Wireshark is linked
with the PortAudio library, you can play back G.711
conversations.
o The capture interface dialog display has been enhanced.
o The "Save" button has been removed from the "Ok" / "Apply" /
"Cancel" button group in the following dialogs:
o Edit/Preferences
o View/Coloring Rules
o Capture/Capture Filters
o Analyze/Display Filters
o Analyze/Enabled Protocols
If you're fond of the "Save" button it can be resurrected in
the User Interface preferences.
o Expert analysis has been improved.
o Wireshark now supports USB as a media type. If you're running
a Linux distribution with version 2.6.11 of the kernel or
greater and you have the usbmon module enabled and you have a
recent CVS version of libpcap (post-0.9.5) installed you can
also do live captures. More details can be found at the
USB capture setup page on the wiki.
o The number of WEP keys that the user can specify in the IEEE
802.11 protocol preferences has been increased from 4 to 64.
- New Protocol Support
Enea LINX, Ethernet Powerlink (v1 and v2), H.248 Q.1950 Annex A,
Linux pktgen, MP2T, NEWMAIL, PNG, SCSI OSD, UDLD, UMTS FP, USB,
WLCCP, WZCSVC
- Updated Protocol Support
3Com NJACK, 802.11, ACSE, AH, ALCAP, ANSI MAP, ATM, ASN.1, BACapp,
BER, BGP, BSSAP, Camel, Catapult DCT2000, CFlow, CLNP, Common
Windows networking, DAP, DCERPC (DCERPC, ATSVC, DFS, EFS, EPM,
EVENTLOG, INITSHUTDOWN, MAPI, NT, PIPE, SAMR, SPOOLSS, SRVSVC,
SVCCTL, WINREG), DCOM (DCOM, CBA-ACCO, SYSACT), DIAMETER, DISP,
DNS, DOP, DSP, ESP, Ethernet, FC, FCP, GSM A, GSM MAP, GSM SMS,
GSSAPI, GTP, H.225, H.245, H.248, HTTP, ICQ, IKE, ISAKMP, iSCSI,
ISUP, IUUP, Kerberos 4, LAP-D, LDAP, LLC, LogotypeCertExtn,
MEGACO, MIME Multipart, MIP6, MMS, MSRP, MTP3, NCP, NDMP, NDPS,
NFS, NTP, OSI, PER, PN-MRP, PPP, 19154Q.931, RADIUS, Redback, RPC,
RTCP, RTP, SCCP, SCSI, SDP, SIP, SMB, SMRSE, SNMP, SSL, STANAG
5066, STP, TCAP, TCP, TFTP, TIPC, UDP, UMA, VLAN, VNC, VRRP,
X.509ce X11, YMSG, WTLS
- Removed Protocols
The CISCOWL dissector has been superseded by WLCCP.
- New and Updated Capture File Support
Catapult DCT2000, EyeSDN, iSeries
The following vulnerabilities have been fixed:
o The SCSI dissector could crash. Versions affected: 0.99.2.
o If Wireshark was compiled with ESP decryption support, the
IPsec ESP preference parser was susceptible to off-by-one
errors. Versions affected: 0.99.2.
o If the SSCOP dissector has a port range configured and the
SSCOP payload protocol is Q.2931, a malformed packet could
make the Q.2931 dissector use up available memory. No port
range is configured by default. Versions affected: 0.7.9 -
0.99.2.
The following bugs have been fixed:
o The VOIP call analysis feature could cause an assertion.
o The RTP analysis feature could freeze for an extended period.
o Selecting "Apply as Filter" wouldn't work for some tree items.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The packet list context menu now includes a conversation
filter.
o Wireshark can now generate ACL rules for several popular
firewall products.
New Protocol Support
Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control,
Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
Updated Protocol Support
All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637,
AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS,
EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER,
DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP,
Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT,
Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny,
SMB, SSL, TCP, text/media, Time, XML
New and Updated Capture File Support
Catapult DCT2000, nettl
Wireshark is a network protocol analyzer and the successor of "ethereal".
Changes since "ethereal" version 0.99.0:
- The GSM BSSMAP dissector could crash. Versions affected:
0.10.11.
- The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0.
- The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10.
- The MQ dissector was vulnerable to a format string overflow.
Versions affected: 0.10.4.
- The XML dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The MOUNT dissector could attempt to allocate large amounts of
memory. Versions affected: 0.9.4.
- The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7.
- The NTP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The SSH dissector was vulnerable to an infinite loop. Versions
affected: 0.9.10.
- The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16.
- The "Follow TCP Stream" dialog now wraps long lines.
- Problems with ring buffers under 0.99.0 have been fixed.
- It was possible for Wireshark to crash when closing the
capture information dialog. This has been fixed.
- It was possible for Wireshark to crash when using the "Find"
feature. This has been fixed.
- Wireshark could crash if an interface was removed while
viewing the interface list. This has been fixed.
- Multicast stream analysis (Statistics->Multicast Streams) has
been added. It lets you determine burst size, output buffer
size, and losses for multicast data.
- TCP reassembly has been updated and improved.
- Expert analysis has been updated and improved.
- SCSI service response time statistics have been added.
- You can now find next/previous marked frames.
- The LDAP and SNMP dissectors have been completely rewriten.
- The SMB dissector now tracks filenames and share names.
