Hi Peter, W dniu 2017-08-28 18:50, Peter Wu napisaĆ(a):
This can especially problematic for services like Cloudshark and Webshark (by Jakub). The former is not yet affected since it does not use 2.4 code (yet?) but the latter seems theoretically vulnerable as it has a setconf API function (I was not able to get it to work though as setconf changes are not visible in dumpconf).
dumpconf now support dumping value of snort.binary (https://code.wireshark.org/review/23268/), and sharkd setconf requested is blocked from webshark API (https://bitbucket.org/jwzawadzki/webshark/commits/2687eec6b0413462e072a660af96896ee7cd6c33).
Thanks, Jakub. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
