[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] tcpdump buffer overflow

Topic
=====
tcpdump, libpcap, and arpwatch contain a buffer overflow when
handling NFS packets

Problem Description
===================
tcpdump is a command-line tool for monitoring network traffic.  Versions of
tcpdump up to and including 3.6.2 have a buffer overflow that can be
triggered when tracing the network by a bad NFS packet.
It is unclear at this point whether this bug is exploitable.

Affected Systems
================
tcpdump with versions <= 3.6.2
I do not know whether version 3.7.1 is affected.

Solution
========
upgrade to patched version for your distribution

RedHat 6.x
----------
rpm -Fvh tcpdump-3.6.2-11.6.2.0.i386.rpm \
         libpcap-0.6.2-11.6.2.0.i386.rpm \
         arpwatch-2.1a11-11.6.2.0.i386.rpm

RedHat 7.0
----------
rpm -Fvh tcpdump-3.6.2-11.7.0.0.i386.rpm \
         libpcap-0.6.2-11.7.0.0.i386.rpm \
         arpwatch-2.1a11-11.7.0.0.i386.rpm

RedHat 7.1
----------
rpm -Fvh tcpdump-3.6.2-11.7.1.0.i386.rpm \
         libpcap-0.6.2-11.7.1.0.i386.rpm \
         arpwatch-2.1a11-11.7.1.0.i386.rpm

RedHat 7.2
----------
rpm -Fvh tcpdump-3.6.2-11.7.2.0.i386.rpm \
         libpcap-0.6.2-11.7.2.0.i386.rpm \
         arpwatch-2.1a11-11.7.2.0.i386.rpm

RedHat 7.3
----------
not vulnerable
(tcpdump-3.6.2-12.i386.rpm already contains the fix)

Mandrake 7.x
------------
rpm -Fvh tcpdump-3.6.2-2.2mdk.i586.rpm \
         libpcap-0.6.2-3.2mdk.i586.rpm \
         libpcap-devel-0.6.2-3.2mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh tcpdump-3.6.2-2.1mdk.i586.rpm \
         libpcap0-0.6.2-3.1mdk.i586.rpm \
         libpcap0-devel-0.6.2-3.1mdk.i586.rpm

Mandrake 8.1, 8.2
-----------------
rpm -Fvh tcpdump-3.6.2-2.1mdk.i586.rpm