-$Id: NEWS,v 1.129 2003/06/10 17:24:40 guy Exp $
+Wireshark 0.99.5 Release Notes
-== June ?, 2003
+ ------------------------------------------------------------------
-Ethereal 0.9.13 has been released.
+What is Wireshark?
- This release fixes several security issues discovered by Timo
- Sirainen and others. See
+ Wireshark is the world's most popular network protocol analyzer.
+ It is used for troubleshooting, analysis, development, and
+ education.
- http://www.ethereal.com/appnotes/enpa-sa-00010.html
+What's New
- for more details.
+ Bug Fixes
-New and updated features
+ The following vulnerabilities have been fixed. See the [1]security
+ advisory for details and a workaround.
- Ethereal now supports a system-wide color filter file.
+ o The TCP dissector could hang or crash while reassembling HTTP
+ packets. (Bug [2]1200)
- Support for the GNU ADNS library has been added. ADNS allows
- asynchronous DNS lookups.
-
- "Decode As..." functionality has been added to Tethereal via the "-d"
- flag.
+ Versions affected: 0.99.2 to 0.99.4
-New protocols
+ [3]CVE-2007-0459
-distcc,
-MSRPC ATSVC,
+ o The HTTP dissector could crash.
-Updated protocols
+ Versions affected: 0.99.3 to 0.99.4
-802.11,
-AIM,
-BGP,
-CLNP,
-COTP,
-CPHA,
-DCERPC,
-DNS,
-EAPOL,
-Ethernet,
-GSSAPI,
-IP,
-ISAKMP,
-ISIS,
-LDAP,
-LSP,
-M2PA,
-MAPI,
-Modbus,
-NDPS,
-NFS,
-NTLMSSP,
-OpenBSD pflog,
-OSI,
-OSPF,
-PPTP,
-RMCP,
-RMI,
-RPC,
-RTP,
-SCSI,
-SCTP,
-SIP,
-SMB,
-SMPP,
-SNMP,
-SPNEGO,
-TACACS,
-TCP,
-WBXML,
-WSP,
-WTP,
+ [4]CVE-2007-0458
-Updated capture file support
+ o On some systems, the IEEE 802.11 dissector could crash.
- HP-UX nettl, VMS UCX$TRACE,
+ Versions affected: 0.10.14 to 0.99.4
+ [5]CVE-2007-0457
+ o On some systems, the LLT dissector could crash.
-== May 1, 2003
+ Versions affected: 0.99.3 to 0.99.4
-Ethereal 0.9.12 has been released.
+ [6]CVE-2007-0456
- This release fixes several off-by-one and integer overflow errors
- discovered by Timo Sirainen. See
+ The following bugs have been fixed:
- http://www.ethereal.com/appnotes/enpa-sa-00009.html
+ o On Windows systems the packet list scroll bar could sometimes
+ disappear or become unusable. ([7]Bug 220)
- for more details.
+ o The end of HTTP chunked encoding wasn't being displayed.
+ ([8]Bug 646)
-New and updated features
+ o The Follow TCP Stream window could omit characters. ([9]Bug
+ 1043)
- TCP sequence number analysis received a few improvements.
+ o Opening a flow graph could crash Wireshark. ([10]Bug 1117)
- General packet reassembly has been improved.
+ o Follow TCP Stream would sometimes get the direction wrong.
+ ([11]Bug 1138)
- The "Follow TCP Stream" window now allows you to filter out the current
- stream.
+ o The foreground text in the coloring rules editor was always
+ black.. ([12]Bug 1164)
- The Vines code received significant updates.
+ o The CSV export format was incorrect. ([13]Bug 1173)
- Several enhancements were made to the text2pcap utility.
+ o On some Windows systems Wireshark could take a long time to
+ start up.
-New protocols
+ o Malformed UDLD packets could cause an exception.
- ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
+ o The ISUP statistics report could overflow a buffer and crash
+ when displaying IPv6 addresses.
-Updated protocols
+ New and Updated Features
- 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI, EAP,
- IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP, M2UA,
- M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP, PGM,
- Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH, SUA,
- TCP, Telnet, Vines, WBXML, WSP, WTP
+ The following features are new (or have been significantly
+ updated) since the last release:
-Updated capture file support
+ o We are now offering Wireshark as a [14]U3 package for Windows.
+ U3 packages are suitable for using on USB drives and CD-ROMs.
+ It's still experimental, but you're welcome to try it out and
+ report any problems or successes.
- Netxray
+ o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
+ TDS / MS SQL dissector now de-obfuscates passwords.
+ o 64-bit file handling has been improved.
-== March 10, 2003
+ o The Find function now selects the corresponding packet detail
+ item. Find functionality has been added to the TCP and SSL
+ stream dialogs.
-Ethereal 0.9.11 has been released.
+ o Main window keyboard navigation has been improved.
- The Ethereal 0.9.10 release was packaged improperly. This release fixes
- the packaging, and adds minor updates and fixes for the following
- protocols:
-
- AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
-
- IA64 support has been improved.
-
+ o Windows file dialogs now show the "places" bar (Desktop, My
+ Documents, My Computer, My Network Places, etc). File dialogs
+ now default to "My Documents" in accordance with Microsoft's
+ HIG.
-== March 7, 2003
+ o [15]AirPcap support (which provides raw mode capture under
+ Windows) has been enhanced to allow capturing on multiple
+ AirPcap adapters simultaneously.
-Ethereal 0.9.10 has been released.
+ o You can no longer install Wireshark on Windows 95, 98, or ME.
+ (OK, so it's not a feature per se, but it's an important
+ change). The last version known to work on these systems is
+ [16]Ethereal 0.99.0.
- This release fixes a security hole discovered by Georgi Guninski in the
- SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
- All users of previous versions are encouraged to upgrade. See
+ o ASN.1 BER-encoded files can now be dissected according to a
+ user-specified syntax.
- http://www.ethereal.com/appnotes/enpa-sa-00008.html
+ New Protocol Support
- for more details.
+ DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
+ v2
+ Updated Protocol Support
-New and Updated Features
+ 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
+ BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
+ EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
+ DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
+ HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
+ IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
+ MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
+ NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
+ RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
+ SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
+ TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
+ USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
- Many small updates were made to the user interface.
-
- The "Help" menu now includes the FAQ.
-
- The TCP dissector was enhanced. Many more fields are filterable.
+ New and Updated Capture File Support
- Tethereal received more IO stats: TCP and UDP top talkers.
-
- Packet reassembly has been improved.
-
- The "Follow TCP Stream" feature can now export C byte arrays.
-
- RTP streams can now be saved to a file.
-
+ Catapult DCT2000, Netttl, Windows Sniffer / NetXray
-Bug Fixes
+Getting Wireshark
- A missing comma in a string array could cause Ethereal to crash when
- opening the preferences dialog.
+ Wireshark source code and installation packages are available from
+ the [17]download page on the main web site.
+ Vendor-supplied Packages
-New Protocols
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package
+ management system specific to that platform. A list of third-party
+ packages can be found on the [18]download page on the Wireshark
+ web site.
- MSN Messenger, Rsync, SSH, Yahoo! Messenger
+File Locations
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
+ These locations vary from platform to platform. You can use
+ About->Folders to find the default locations on your system.
-Updated Protocols
+Known Problems
- AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS, DCCP,
- DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
- extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC, LSA,
- M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
- OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA, SNMP,
- SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
- Wellfleet BofL X.25, X11
+ The Filter button is nonfunctional in the file dialogs under
+ Windows. ([19]Bug 942)
+Getting Help
-Updated Capture File Support
-
- NetXRay, NGSniffer, Snoop
+ Community support is available on the wireshark-users mailing
+ list. Subscription information and archives for all of Wireshark's
+ mailing lists can be found on [20]the web site.
+ Commercial support, training, and development services are
+ available from [21]CACE Technologies.
-== January 23, 2003
+Frequently Asked Questions
-Ethereal 0.9.9 has been released.
+ A complete FAQ is available on the [22]Wireshark web site.
- Please note the next release will NOT be 1.0. There are still more
- features to be added before a 1.0 release will be ready.
-
-
-New and Updated Features
-
- Plugin search behavior was improved under Unix, allowing more than one
- version of Ethereal to be installed at one time.
-
- The statistics graphs have been enhanced. More statistics have been
- added:
-
- Round-trip-time statistics are now computed for SMB traffic.
-
- NCP Call and Reply times are now tracked.
-
- Top talker statistics for Ethernet, IP and Token Ring are now
- available (tethereal only).
-
- Color allocation and handling was improved.
-
- The RADIUS dissector can now decrypt user passwords.
-
- Tethereal now supports reading from a pipe under Unix.
-
- The ATM code received major improvements.
-
- The DOS Sniffer code also received major improvements.
-
- For those that compile Ethereal from source, some fixes and updates
- have been made to the configuration and build environment.
-
-
-Bug Fixes
-
- The capture progress window now shows the correct number of elapsed
- minutes.
-
- A potential infinite loop in the TCP graphing code has been fixed.
-
-
-New Protocols
-
- MDSHDR, MEGACO, MySQL, SDLC, X.29
-
-
-Updated Protocols
-
- 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP, DCE
- RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC, L2TP,
- LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
- RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC, SRVSVC,
- SUA, TNS, Token Ring, Wellfleet HDLC, X.25
-
-
-Updated Capture File Support
-
- Firewall-1, Netmon, NetXRay, Radcom, Sniffer
-
-
-== December 7, 2002
-
-Ethereal 0.9.8 has been released.
-
- Serious problems with the BGP, LMP, PPP, and TDS dissectors have been
- discovered. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00007.html
-
- for more details.
-
-
-New and Updated Features
-
- The TAP subsystem received major updates. Tethereal can display
- more statistics, and several graphs have been added to Ethereal.
-
- A protocol hierarchy statistics tap was added to tethereal. This code
- may be used to replace the hierarchy statistics code in Ethereal.
-
- More updates have been added to TCP analysis.
-
- After a long hiatus, the Windows installer once again includes SNMP
- support.
-
- The total running time of the capture is now displayed in the capture
- progress dialog box. The capture progress dialog also shows ARP packets.
-
- The look of the plugins dialog was revamped.
-
-
-Bug Fixes and Updates
-
- A bug which caused Ethereal under Windows to crash when "Update list of
- packets in real time" was enabled has been fixed.
-
- The stability of the text2pcap utility has been improved.
-
- In tethereal, the packet count is properly displayed when you ^C out of a
- capture.
-
-
-New Protocols
-
- ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI, MDNS,
- PCLI, RPL
-
-
-Updated Protocols
-
- AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
- DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
- iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS, NTLMSSP,
- OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
- Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120, WEP,
- YPSERV
-
-
-Updated Capture File Support
-
- AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
-
-
-== September 28, 2002
-
-Ethereal 0.9.7 has been released.
-
-New Features
-
- In order to improve the out-of-box responsiveness of Ethereal and
- Tethereal, network name resolution has been disabled by default.
-
- TCP analysis (a feature added in the 0.9.6 release) was improved.
-
- The NCP code base received quite a few updates.
-
- Initial support for version 2 of the GTK+ library was added.
-
- RPC staticstics (which use the new Tap API) were added.
-
- Due to added and updated support for the NTLM, SNEGO, and GSS-API
- protocols, Ethereal can now dissect most of the security blobs for
- Windows 2000 authentication.
-
- The Ethernet "manuf" file now handles addresses specified with a
- mask, and contains many well-known addresses.
-
-
-New Protocols
-
- 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and Juniper),
- SCCP-Management, SPNEGO
-
- The following DCE/RPC protocols were also added:
-
- AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, DNSSERVER,
- DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, REP_PROC,
- ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
- RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
-
-
-Updated Protocols
-
- AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, DCE/RPC
- NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-IS,
- Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, OSI
- Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, WSP,
-
-
-== August 20, 2002
-
-Ethereal 0.9.6 has been released.
-
-Bugs Fixed
-
- A buffer overflow in the ISIS dissector has been fixed. More
- information can be found at
- http://www.ethereal.com/appnotes/enpa-sa-00006.html.
-
- A bad TCP header could cause problems for the "Follow TCP Stream"
- feature.
-
- Setting "column.format" from the command line no longer crashes
- Ethereal and Tethereal.
-
- Problems with capture files being overwritten (e.g. if you try to save over
- the current capture file) have been fixed.
-
- An SMB conversation handling bug has been fixed.
-
- Thanks to Valgrind, several memory leaks have been fixed.
-
- Some problems with printing under Windows have been fixed.
-
-
-New Features
-
- TCP sequence number analysis has been added.
-
- The DCE RPC NETLOGON dissector has received a major overhaul.
-
- Data types throughout the code have been cleaned up.
-
-
-New Protocols
-
- CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
-
-
-Updated Protocols
-
- 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC
- REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP,
- LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP,
- Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
- SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
-
-
-Capture File Updates
-
-CheckPoint Firewall-1 monitor file support and CoSine debug file support
-were added. Support for pppdump and Netmon files was updated.
-
-
-== June 28, 2002
-
-Ethereal 0.9.5 has been released. This version fixes several potential
-security problems revealed since the release of 0.9.4. See the security
-advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
-more details.
-
-
-New Features:
-
-The ability to read packet data from a pipe was enhanced. Printing
-under Windows now works.
-
-
-New Protocols
-
-802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
-
-
-Updated Protocols
-
-ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
-MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
-SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
-WCP, WEP, WSP, WTP
-
-
-Capture File Updates
-
-Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
-NetXRay, and libpcap code all received updates.
+References
+ Visible links
+ 1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
+ 2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200
+ 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
+ 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
+ 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
+ 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
+ 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
+ 8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
+ 9. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
+ 10. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
+ 11. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
+ 12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
+ 13. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
+ 14. http://www.u3.com/
+ 15. http://www.cacetech.com/products/airpcap.htm
+ 16. http://www.ethereal.com/
+ 17. http://www.wireshark.org/download.html
+ 18. http://www.wireshark.org/download.html#otherplat
+ 19. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
+ 20. http://www.wireshark.org/lists/
+ 21. http://www.cacetech.com/
+ 22. http://www.wireshark.org/faq.html