Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: [ANNOUNCE] WinPcap 4.1 beta2 has been released

[ANNOUNCE] WinPcap 4.1 beta2 has been released

From: Gianluca Varenni <gianluca.varenni_at_cacetech.com>
Date: Thu, 15 Nov 2007 09:24:22 -0800

As of today, WinPcap 4.1 beta2 is available in the download section of
the WinPcap website, http://www.winpcap.org/install/ .

This new software release includes several improvements and changes to
both the library itself and its developer's pack. First of all, it
fixes a security vulnerability in the kernel driver reported by the
iDefense Labs in the security advisory available at
  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625

It also includes the latest available snapshot of libpcap (1.0
branch).
>From the developer's point of view, this version ships with a cleaned
up update of the developer's pack. Some header files that were wrongly
included in the old developer's pack (including some coming from the
Microsoft platform SDK) have been removed. Other files have been
consolidated or split into internal header files (used for the build
of the binaries) and public header files.
Full details can be found in the change log attached at the end of
this message.

Being a beta release, as usual, we encourage people to test it and
report any anomaly or strange behavior to the WinPcap mailing lists.

In particular, we strongly encourage all the developers to try
compiling all their WinPcap-based applications against the new WinPcap
developer's pack and report any compilation issue to the winpcap-bugs
mailing list (winpcap-bugs<AT>winpcap.org).

Gianluca Varenni
WinPcap Team

Changelog from WinPcap 4.0.1
============================

- Disabled support for monitor mode (also called TME, Table Management
  Extensions) in the driver. This module suffers from several security
  vulnerabilities that could result in BSODs or privilege escalation
  attacks. This fix addresses a security vulnerability reported by the
  iDefense Labs at
  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=625

- Added a small script to integrate the libpcap sources into the
  WinPcap tree automatically.

- Moved the definition of all the I/O control codes to ioctls.h.

- Cleaned up and removed some build scripts for the developer's pack.

- Migrated the driver compilation environment to WDK 6000.

- Enabled PreFAST driver compilation for the x64 build.

- Added some doxygen directives to group the IOCTL codes and JIT
  definitions in proper groups.

- Integrated the IOCTL codes into one single set shared by packet.dll
  and driver.

- Modified the installer to return the win32 error code instead of -1
  in case of failure in the error messages.

- Added some #define directives to selectively disable the TME
  functionality for WAN (i.e. Netmon-assisted) devices.

- Added a VS2005 project to easily edit the files of the driver.

- Removed some useless #include directives in the driver and
  packet.dll.

- Migrated several conditional directives (#ifdef/#endif) to the
  defines of the DDK/WDK e.g. _X86_ and _AMD64_.

- Added a check to warn users that remote-ext.h should not be included
  directly.

- Removed ntddndis.h from the WinPcap sources. It's included into the
  Microsoft Platform SDK.

- Removed devioctl.h from the WinPcap sources. It's included into the
  Microsoft DDK/WDK.
  
- Removed ntddpack.h from the WinPcap sources. It's an old header file
  from the original DDK Packet sample, and it's not used by WinPcap.

- Removed several useless files from the WinPcap developer's pack:
  + all the TME extension header files
  + devioctl.h
  + gnuc.h
  + ntddndis.h
  + ntddpack.h
  + pcap-int.h.

- Bug fixing:
  + Fixed a possible buffer overrun on x64 machines with more that 32
    CPUs/cores.
  + Fixed an implicit cast problem compiling the driver on x64.
  + Fixed a bug in the installer causing a mis-detection of a previous
    WinPcap installation.
  + Fixed two bugs related to memory deallocation in packet.dll. We
    were using free() instead of GlobalFreePtr(), and there was a
    missing check as to when to deallocate a chunk of memory.
  + Added a missing NULL pointer check in pcap_open().
  + Moved a misplaced #ifdef WIN32 in pcap_open().
  + Fixed a bug in the send routine of the driver that could cause a
    crash under low resources conditions.

=========

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  • application/x-pkcs7-signature attachment: smime_p7s
Received on Nov 15 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]