a38c1417f7
svn path=/trunk/; revision=17852
524 lines
16 KiB
XML
524 lines
16 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
<!-- $Id$ -->
|
|
|
|
<!--
|
|
DOCUMENT SECTION
|
|
-Use this section to encode all document information
|
|
-->
|
|
|
|
<!--
|
|
Ethereal Info
|
|
-->
|
|
<!ENTITY EtherealCurrentVersion "0.99.0">
|
|
|
|
]>
|
|
|
|
<article>
|
|
<title>Ethereal &EtherealCurrentVersion; Release Notes</title>
|
|
|
|
<section id="WhatIs"><title>What is Ethereal?</title>
|
|
<para>
|
|
Ethereal is the world's most popular network protocol analyzer. It
|
|
is used for troubleshooting, analysis, development, and education.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="WhatsNew"><title>What's New</title>
|
|
<section><title>Bug Fixes</title>
|
|
<para>
|
|
Many security vulnerabilities have been fixed since the
|
|
previous release. See the
|
|
<ulink url="http://www.ethereal.com/appnotes/enpa-sa-00022.html">application
|
|
advisory</ulink> for more details.
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
|
The H.248 dissector could crash.
|
|
<!-- Fixed in r16967, r17015 -->
|
|
<!-- Bug IDs: 651 -->
|
|
Versions affected: 0.10.14.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The UMA dissector could go into an infinite loop.
|
|
<!-- Fixed in r17119, r17273 -->
|
|
<!-- Bug IDs: 716 -->
|
|
Versions affected: 0.10.12.
|
|
</para></listitem>
|
|
|
|
<!-- Canary bugs found after r17235 -->
|
|
|
|
<listitem><para>
|
|
The X.509if dissector could crash.
|
|
<!-- Fixed in r16995, r17337 -->
|
|
<!-- Bug IDs: None -->
|
|
Versions affected: 0.10.14.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The SRVLOC dissector could crash.
|
|
<!-- Fixed in r17001 -->
|
|
<!-- Bug IDs: None -->
|
|
Versions affected: 0.10.0.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The H.245 dissector could crash.
|
|
<!-- Fixed in r17022 -->
|
|
<!-- Bug IDs: 667 -->
|
|
Versions affected: 0.10.13.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Ethereal's OID printing routine was susceptible to an
|
|
off-by-one error.
|
|
<!-- Fixed in r17048 -->
|
|
<!-- Bug IDs: 698 -->
|
|
Versions affected: 0.10.14.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The COPS dissector could overflow a buffer.
|
|
<!-- Fixed in r17051 -->
|
|
<!-- Bug IDs: None -->
|
|
Versions affected: 0.9.15.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The ALCAP dissector could overflow a buffer.
|
|
<!-- Fixed in r17495 -->
|
|
<!-- Bug IDs: 794 -->
|
|
Versions affected: 0.10.14.
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
<!-- Coverity bugs (r17489 and above) -->
|
|
|
|
Under a grant funded by the U.S. Department of Homeland Security,
|
|
<ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
|
|
a number of vulnerabilities in Ethereal:
|
|
<itemizedlist>
|
|
|
|
<!-- CID 1 - 30: DEADCODE -->
|
|
<!-- CID 31: Post-0.10.14 -->
|
|
|
|
<listitem><para>
|
|
The statistics counter could crash Ethereal.
|
|
<!-- Fixed in r17497 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 32 -->
|
|
Versions affected: 0.10.10.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Ethereal could crash while reading a malformed Sniffer capture.
|
|
<!-- Fixed in r17556 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 33 -->
|
|
Versions affected: 0.8.12.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
An invalid display filter could crash Ethereal.
|
|
<!-- Fixed in r17555 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 34 -->
|
|
Versions affected: 0.9.16.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The general packet dissector could crash Ethereal.
|
|
<!-- Fixed in r17494 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 35 -->
|
|
Versions affected: 0.10.9.
|
|
</para></listitem>
|
|
|
|
<!-- CID 36 - 38: Bogus -->
|
|
|
|
<listitem><para>
|
|
The AIM dissector could crash Ethereal.
|
|
<!-- Fixed in r17512 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 39 -->
|
|
Versions affected: 0.10.7.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The RPC dissector could crash Ethereal.
|
|
<!-- Fixed in r17546 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 40 -->
|
|
Versions affected: 0.9.8.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The DCERPC dissector could crash Ethereal.
|
|
<!-- Fixed in r17657 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 41 -->
|
|
Versions affected: 0.9.16.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The ASN.1 dissector could crash Ethereal.
|
|
<!-- Fixed in r17548, r17710, r17736, r17770 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 42, 43, 146 -->
|
|
Versions affected: 0.9.8.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The SMB PIPE dissector could crash Ethereal.
|
|
<!-- Fixed in r17509, r17523, r17621, r17708 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 44, 46, 47, 48 -->
|
|
Versions affected: 0.8.20.
|
|
</para></listitem>
|
|
|
|
<!-- CID 45: Bogus -->
|
|
<!-- CID 46 - 48: See CID 44 -->
|
|
<!-- CID 49: Bogus -->
|
|
<!-- CID 50 - 62: Not security-related -->
|
|
<!-- CID 63 - 66: Bogus -->
|
|
|
|
<listitem><para>
|
|
The BER dissector could loop excessively.
|
|
<!-- Fixed in r17498, r17625 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 67, 68, 136 -->
|
|
Versions affected: 0.10.4.
|
|
</para></listitem>
|
|
|
|
<!-- CID 69 - 72: Bogus -->
|
|
|
|
<listitem><para>
|
|
The SNDCP dissector could abort.
|
|
<!-- Fixed in r17518 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 73 -->
|
|
Versions affected: 0.10.4.
|
|
</para></listitem>
|
|
|
|
<!-- CID 74 - 78: Bogus -->
|
|
<!-- CID 79: Lemon is a build-time tool -->
|
|
<!-- CID 80: Bogus -->
|
|
<!-- CID 81: Post-0.10.14 -->
|
|
|
|
<listitem><para>
|
|
The Network Instruments file code could overrun a buffer.
|
|
<!-- Fixed in r17520 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 82 -->
|
|
Versions affected: 0.10.0.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The NetXray/Windows Sniffer file code could overrun a buffer.
|
|
<!-- Fixed in r17580 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 83 -->
|
|
Versions affected: 0.10.13.
|
|
</para></listitem>
|
|
|
|
<!-- CID 83 - 103: Bogus -->
|
|
|
|
<listitem><para>
|
|
The GSM SMS dissector could crash Ethereal.
|
|
<!-- Fixed in r17506 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 104 -->
|
|
Versions affected: 0.9.16.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The ALCAP dissector could overrun a buffer.
|
|
<!-- Fixed in r17724 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 105 -->
|
|
Versions affected: 0.10.14.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The telnet dissector could overrun a buffer.
|
|
<!-- Fixed in r17487 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 106 -->
|
|
Versions affected: 0.8.5.
|
|
</para></listitem>
|
|
|
|
<!-- CID 107: See CID 79 -->
|
|
<!-- CID 108: Not security-related -->
|
|
|
|
<listitem><para>
|
|
ASN.1-based dissectors could crash Ethereal.
|
|
<!-- Fixed in r17489 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 109 -->
|
|
Versions affected: 0.9.10.
|
|
</para></listitem>
|
|
|
|
<!-- CID 110: Not security-related -->
|
|
<!-- CID 111: Bogus -->
|
|
<!-- CID 112: Not security-related -->
|
|
|
|
<listitem><para>
|
|
The H.248 dissector could crash Ethereal.
|
|
<!-- Fixed in r17571 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 113,114 -->
|
|
Versions affected: 0.10.11.
|
|
</para></listitem>
|
|
|
|
<!-- CID 115, 116: See CID 79 -->
|
|
<!-- CID 117: Bogus -->
|
|
<!-- CID 118 - 119: Not security-related -->
|
|
<!-- CID 120 - 121: Bogus -->
|
|
<!-- CID 122 - 126: Not security-related -->
|
|
<!-- CID 127: Bogus -->
|
|
|
|
<listitem><para>
|
|
The DCERPC NT dissector could crash Ethereal.
|
|
<!-- Fixed in r17511 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 128 -->
|
|
Versions affected: 0.9.14.
|
|
</para></listitem>
|
|
|
|
<!-- CID 129: Bogus -->
|
|
<!-- CID 130 - 134: Not security-related -->
|
|
|
|
<listitem><para>
|
|
The PER dissector could crash Ethereal.
|
|
<!-- Fixed in r17511 -->
|
|
<!-- Bug IDs: None -->
|
|
<!-- Coverity CID 135 -->
|
|
Versions affected: 0.9.14.
|
|
</para></listitem>
|
|
|
|
<!-- CID 136: See CID 67 -->
|
|
<!-- CID 137 - 139: Not security-releated -->
|
|
<!-- CID 140 - 141: Bogus -->
|
|
<!-- CID 142: Not security-releated -->
|
|
<!-- CID 143 - 144: See CID 79 -->
|
|
<!-- CID 144: Lemon is a build-time tool -->
|
|
<!-- CID 145: Post-0.10.14 -->
|
|
<!-- CID 146: See CID 42 -->
|
|
<!-- CID 147 - 148: Post-0.10.14 -->
|
|
<!-- CID 149: DEADCODE -->
|
|
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<para>
|
|
Win32: Unicode characters in the users profile path causes problems
|
|
reading/writing the preferences (and alike) files.
|
|
<!-- Fixed in r17024,r17025 -->
|
|
<!-- Bug IDs: 648 -->
|
|
Versions affected: 0.10.14.
|
|
</para>
|
|
|
|
<para>
|
|
The Coverity audit turned up several UI-related bugs that could
|
|
make Ethereal crash.
|
|
</para>
|
|
|
|
</section>
|
|
|
|
<section><title>New and Updated Features</title>
|
|
<para>
|
|
The following features are new (or have been significantly updated)
|
|
since the last release:
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
|
The new command line tool <command>dumpcap</command> makes it
|
|
possible to capture network data without the drawbacks of (t)ethereal
|
|
(memory usage, security problems, ...) while keeping the benefit of
|
|
advanced techniques like multiple (ringbuffer) files and alike.
|
|
</para>
|
|
<para>
|
|
The manpage of <command>dumpcap</command> in HTML format is available
|
|
at: <ulink url="http://www.ethereal.com/docs/"/>
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Win32: Catch hardware exceptions caused by buggy dissectors.
|
|
If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now
|
|
but displays the exception and tries to continue decoding packets.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
The Windows version of Ethereal now uses native open and save
|
|
file dialogs.
|
|
</para>
|
|
<para>
|
|
In related news, Ethereal now runs as a full-fledged Unicode
|
|
application under Windows.
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
Recent versions of Ethereal were flagging packets with an
|
|
incorrect TCP checksum as malformed. False positives were
|
|
being triggered on systems that use TCP checksum offloading.
|
|
We now check to see if the checksum is <emphasis>not</emphasis>
|
|
0x0000 before flagging the packet as malformed.
|
|
|
|
<note><title>Please Note</title>
|
|
<para>
|
|
If your system uses TCP checksum offloading <emphasis>and</emphasis>
|
|
Ethereal still shows bad checksums for outgoing TCP packets
|
|
<emphasis>and</emphasis> the checksums for outgoing TCP packets
|
|
are <emphasis>not</emphasis> 0x0000, this could mean that your
|
|
operating system is exposing kernel memory unneccessarily. If
|
|
this is the case, you should report the problem to your OS
|
|
vendor.
|
|
</para>
|
|
</note>
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>New Protocol Support</title>
|
|
<para>
|
|
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Updated Protocol Support</title> <para>
|
|
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>New and Updated Capture File Support</title>
|
|
<para>
|
|
|
|
</para>
|
|
</section>
|
|
|
|
</section>
|
|
|
|
<section id="GettingEthereal"><title>Getting Ethereal</title>
|
|
<section><title>Microsoft Windows</title>
|
|
<para>
|
|
Download ethereal-setup-&EtherealCurrentVersion;.exe from the
|
|
<ulink url="http://www.ethereal.com/distribution/win32/">Windows
|
|
download area</ulink> on the main web site. Double-click the
|
|
installer executable.
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Sun Solaris</title>
|
|
<para>
|
|
Download the appropriate package from the
|
|
<ulink url="http://www.ethereal.com/distribution/solaris/">Solaris
|
|
download area</ulink> on the main web site. Uncompress the package
|
|
using bzip2, and install it using pkgadd.
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Source Code</title>
|
|
<para>
|
|
Download ethereal-&EtherealCurrentVersion;.tar.gz from the
|
|
<ulink url="http://www.ethereal.com/distribution/">main
|
|
download area</ulink> on the web site. Extract the package
|
|
using tar and gzip. Run "configure ; make ; make install".
|
|
</para>
|
|
</section>
|
|
|
|
<section><title>Vendor-supplied Packages</title>
|
|
<para>
|
|
Most Linux and Unix vendors supply their own Ethereal packages.
|
|
You can install or upgrade Ethereal using the package management
|
|
system specific to that platform. A list of third-party packages
|
|
can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Ethereal web site.
|
|
</para>
|
|
</section>
|
|
|
|
</section>
|
|
|
|
<!-- XXX needs to be written
|
|
<section id="RemovingEthereal"><title>Removing Ethereal</title>
|
|
<para>
|
|
</para>
|
|
</section>
|
|
-->
|
|
|
|
<section id="FileLocations"><title>File Locations</title>
|
|
<para>
|
|
Ethereal and Tethereal look in several different locations for
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
These locations vary from platform to platform. You can use
|
|
About->Folders to find the default locations on your system.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="KnownProblems"><title>Known Problems</title>
|
|
|
|
<para>
|
|
On Windows systems the packet list scroll bar can sometimes disappear
|
|
or become unusable. Until the problem is fixed you can work around it
|
|
by resizing the packet list or the main window.
|
|
(<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220">Bug
|
|
#220</ulink>)
|
|
</para>
|
|
|
|
<para>
|
|
The <guibutton>Filter</guibutton> button is nonfunctional in the
|
|
file dialogs under Windows.
|
|
</para>
|
|
|
|
<para>
|
|
Trying to save flow data may crash Ethereal.
|
|
(<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=396">Bug
|
|
#396</ulink>)
|
|
</para>
|
|
|
|
<para>
|
|
It may not be possible to re-order coloring rules under Windows.
|
|
(<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=699">Bug
|
|
#699</ulink>)
|
|
</para>
|
|
|
|
<para>
|
|
Multiple tap interfaces may cause a crash under FreeBSD.
|
|
(<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=757">Bug
|
|
#757</ulink>)
|
|
</para>
|
|
|
|
<para>
|
|
Ethereal may crash while viewing TCP streams.
|
|
(<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=852">Bug
|
|
#852</ulink>)
|
|
</para>
|
|
|
|
</section>
|
|
|
|
<section id="GettingHelp"><title>Getting Help</title>
|
|
<para>
|
|
Community support is available on the ethereal-users mailing list.
|
|
Subscription information and archives for all of Ethereal's mailing
|
|
lists can be found on <ulink url="http://www.ethereal.com/lists/">the
|
|
web site</ulink>. There is also an <ulink url="irc://irc.freenode.net/ethereal">IRC channel dedicated to Ethereal</ulink>.
|
|
</para>
|
|
<para>
|
|
Commercial support, training, and development services are available
|
|
from <ulink url="http://www.etherealsoft.com/">Ethereal Software</ulink>.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="FAQ"><title>Frequently Asked Questions</title>
|
|
<para>
|
|
A complete FAQ is available on the
|
|
<ulink url="http://www.ethereal.com/faq.html">Ethereal web site</ulink>.
|
|
</para>
|
|
</section>
|
|
|
|
</article>
|