[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] tcpdump vulnerabilities



Topic
=====
DoS attack and possibly remote exploit against tcpdump

Problem Description
===================
Multiple vulnerabilities were discovered in tcpdump, a tool for
inspecting network traffic.  If a vulnerable version of tcpdump
attempted to examine a maliciously constructed packet, a number of
buffer overflows could be exploited to crash tcpdump, or potentially
execute arbitrary code with the privileges of the tcpdump process.

Affected Versions
=================
tcpdump versions 3.8.1 and earlier

Solution
========
Upgrade to a patched version for your distribution

SuSE-8.0
--------
rpm -Fvh tcpdump-3.6.2-330.i386.rpm

SuSE-8.1
--------
rpm -Fvh tcpdump-3.7.1-341.i586.rpm

SuSE-8.2
--------
rpm -Fvh tcpdump-3.7.1-341.i586.rpm

SuSE-9.0
--------
rpm -Fvh tcpdump-3.7.2-72.i586.rpm

RedHat 9
--------
rpm -Fvh tcpdump-3.7.2-7.9.1.i386.rpm \
         libpcap-0.7.2-7.9.1.i386.rpm \
         arpwatch-2.1a11-7.9.1.i386.rpm

RedHat 7.3 (SFU-1.0)
--------------------
(the SFU packages are available from /vol/vol0/distrib/sfu/1.0/RPMS on sphinx
via NFS from within the .sfu.ca domain or from
http://www.sfu.ca/acs/security/linux/7.3/RPMS)

rpm -Fvh tcpdump-3.7.2-7.i386.rpm \
         libpcap-0.7.2-7.i386.rpm \
         arpwatch-2.1a11-18.7.3.i386.rpm

Mandrake 9.1
------------
rpm -Fvh tcpdump-3.7.2-2.1.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh tcpdump-3.7.2-2.1.92mdk.i586.rpm

Debian 3.0 (woody)
------------------
update to tcpdump_3.6.2-2.7_i386.deb