Last Updated: 2006-08-24 20:41:55 UTC
by Bojan Zdrnja (Version: 1)
The SCSI, DHCP and SSCOP dissectors are affected. Besides these dissectors, the IPsec ESP preference parser is also affected, when Wireshark is compiled with ESP decryption support (this is probably the case in most installations).
The new version (0.99.3), available at http://www.wireshark.org/download.html, fixes all these vulnerabilities.
If, for some reason, you can't upgrade, some workarounds are available at http://www.wireshark.org/security/wnpa-sec-2006-02.html (the original advisory). Basically, what you can do is turn off dissectors for affected protocols and disable ESP decryption.