Hi Peter,
W dniu 2017-08-28 18:50, Peter Wu napisał(a):
This can especially problematic for services like Cloudshark and
Webshark (by Jakub). The former is not yet affected since it does not
use 2.4 code (yet?) but the latter seems theoretically vulnerable as it
has a setconf API function (I was not able to get it to work though as
setconf changes are not visible in dumpconf).
dumpconf now support dumping value of snort.binary
(https://code.wireshark.org/review/23268/),
and sharkd setconf requested is blocked from webshark API
(https://bitbucket.org/jwzawadzki/webshark/commits/2687eec6b0413462e072a660af96896ee7cd6c33).
Thanks,
Jakub.
