Full Disclosure mailing list archives
Re: Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c
From: Silvio Cesare <silvio () big net au>
Date: Wed, 20 Nov 2002 16:30:23 +1100
Also, one quick addition to this; this problem effects all tcpdump, and is not OpenLinux (or even Linux) specific. It is recommended that ALL distro's upgrade their packages to the latest, which has long resolved the specific problem this advisory is reporting. Anyway.. nice advisory ;-) -- Silvio On Tue, Nov 19, 2002 at 03:55:31PM -0800, security () caldera com wrote:
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure
() lists netsys com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: tcpdump denial-of-service in print-bgp.c
Advisory number: CSSA-2002-050.0
Issue date: 2002 November 19
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a miscalculation in the use of the sizeof operator in
tcpdump, allowing, at the least, a denial-of-service attack.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1.1 Workstation prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1 Server prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1 Workstation prior to tcpdump-3.6.2-4.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
-- Silvio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c security (Nov 19)
- Re: Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c Silvio Cesare (Nov 20)
