[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] tcpdump vulnerabilities
- To: linux-security@sfu.ca
- Subject: [linux-security] tcpdump vulnerabilities
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 29 Jan 2004 19:00:05 -0800
- User-Agent: Mutt/1.4.1i
Topic
=====
DoS attack and possibly remote exploit against tcpdump
Problem Description
===================
Multiple vulnerabilities were discovered in tcpdump, a tool for
inspecting network traffic. If a vulnerable version of tcpdump
attempted to examine a maliciously constructed packet, a number of
buffer overflows could be exploited to crash tcpdump, or potentially
execute arbitrary code with the privileges of the tcpdump process.
Affected Versions
=================
tcpdump versions 3.8.1 and earlier
Solution
========
Upgrade to a patched version for your distribution
SuSE-8.0
--------
rpm -Fvh tcpdump-3.6.2-330.i386.rpm
SuSE-8.1
--------
rpm -Fvh tcpdump-3.7.1-341.i586.rpm
SuSE-8.2
--------
rpm -Fvh tcpdump-3.7.1-341.i586.rpm
SuSE-9.0
--------
rpm -Fvh tcpdump-3.7.2-72.i586.rpm
RedHat 9
--------
rpm -Fvh tcpdump-3.7.2-7.9.1.i386.rpm \
libpcap-0.7.2-7.9.1.i386.rpm \
arpwatch-2.1a11-7.9.1.i386.rpm
RedHat 7.3 (SFU-1.0)
--------------------
(the SFU packages are available from /vol/vol0/distrib/sfu/1.0/RPMS on sphinx
via NFS from within the .sfu.ca domain or from
http://www.sfu.ca/acs/security/linux/7.3/RPMS)
rpm -Fvh tcpdump-3.7.2-7.i386.rpm \
libpcap-0.7.2-7.i386.rpm \
arpwatch-2.1a11-18.7.3.i386.rpm
Mandrake 9.1
------------
rpm -Fvh tcpdump-3.7.2-2.1.91mdk.i586.rpm
Mandrake 9.2
------------
rpm -Fvh tcpdump-3.7.2-2.1.92mdk.i586.rpm
Debian 3.0 (woody)
------------------
update to tcpdump_3.6.2-2.7_i386.deb