Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [SECURITY] [DSA 255-1] New tcpdump packages fix denial of service vulnerability

[SECURITY] [DSA 255-1] New tcpdump packages fix denial of service vulnerability

by Nikola Strahija on February 28th, 2003 Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.


Debian Security Advisory DSA 255-1 [email protected]
http://www.debian.org/security/ Martin Schulze
February 27th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : tcpdump
Vulnerability : infinite loop
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2003-0108

Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a
powerful tool for network monitoring and data acquisition. An
attacker is able to send a specially crafted network packet which
causes tcpdump to enter an infinite loop.

In addition to the above problem the tcpdump developers discovered a
potential infinite loop when parsing malformed BGP packets. They also
discovered a buffer overflow that can be exploited with certain
malformed NFS packets.

For the stable distribution (woody) these problems have been
fixed in version 3.6.2-2.3.

For the old stable distribution (potato) does not seem to be affected
by this problem.

For the unstable distribution (sid) these problems have been fixed in
version 3.7.1-1.2.

We recommend that you upgrade your tcpdump packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3.dsc
Size/MD5 checksum: 587 7316fea776a03291973de9db5dda34a1
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3.diff.gz
Size/MD5 checksum: 10413 467813aab9a57869160e3082c7a11679
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_alpha.deb
Size/MD5 checksum: 213570 17577dd6cbe33e486dd8b193a3f188b0

ARM architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_arm.deb
Size/MD5 checksum: 179598 005967e88f0895d8f962f07f3db525f7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_i386.deb
Size/MD5 checksum: 169482 2e6aadf125c8e7bbde3d0dd162201480

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_ia64.deb
Size/MD5 checksum: 246744 c42598c647c1380689a7e196a7f685bb

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_hppa.deb
Size/MD5 checksum: 192974 6d2133766c5e3d2dd5d8121a55d57bed

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_m68k.deb
Size/MD5 checksum: 157444 b20c63dca863d7e752eac1ac8089b469

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_mips.deb
Size/MD5 checksum: 188792 07f375adc0a86d704ce12e6f50036fa8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_mipsel.deb
Size/MD5 checksum: 193058 46aa1ad7a702c9214e028c7f1f7bf877

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_powerpc.deb
Size/MD5 checksum: 176780 074f39b9dcc3d4d47f73c8e2052ff91c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_s390.deb
Size/MD5 checksum: 174304 72e42bf4582d67d69b2f6bc84961f7db

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_sparc.deb
Size/MD5 checksum: 179182 e1ebe0dec3667c68f8213827e66826fe


These files will probably be moved into the stable distribution on
its next revision.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »