Skip to navigation

Security Advisory tcpdump security update

Advisory: RHSA-2003:033-07
Type: Security Advisory
Severity: Moderate
Issued on: 2003-02-26
Last updated on: 2003-02-25
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2002-1350
CVE-2003-0093

Details

Updated tcpdump, libpcap, and arpwatch packages are available to fix an
incorrect bounds check when decoding BGP packets and a possible denial of
service.

Tcpdump is a command-line tool for monitoring network traffic.

The BGP decoding routines in tcpdump before version 3.6.2 used incorrect
bounds checking when copying data, which allows remote attackers to cause a
denial of service and possibly execute arbitrary code (as the 'pcap' user).

If a UDP packet from a radius port contains 0 at the second byte tcpdump
gets stuck in a loop that generating an infinite stream of "#0#0#0#0#0".
This could be used as a denial of service.

Users of tcpdump are advised to upgrade to these errata packages which
contain patches to correct thes issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
tcpdump-3.6.2-12.2.1AS.1.src.rpm
File outdated by:  RHSA-2004:219
    MD5: 93bf6bb54bb2269401fb46768e29fed1
 
IA-32:
arpwatch-2.1a11-12.2.1AS.1.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: ac5dce8bfbf5e6d92304667f5dbc0db6
libpcap-0.6.2-12.2.1AS.1.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: b07eb6a11fa54688bbf4c4515169809f
tcpdump-3.6.2-12.2.1AS.1.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: f01c5b5b5ff50b60008401c63fcabc97
 
IA-64:
arpwatch-2.1a11-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: c85cf3b2c78d3684465cb452b2b42330
libpcap-0.6.2-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 0d335ca0336dfa61da0b5650680d6665
tcpdump-3.6.2-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 221b1f8e5c2139cd434d2e735e12e4a6
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
tcpdump-3.6.2-12.2.1AS.1.src.rpm
File outdated by:  RHSA-2004:219
    MD5: 93bf6bb54bb2269401fb46768e29fed1
 
IA-64:
arpwatch-2.1a11-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: c85cf3b2c78d3684465cb452b2b42330
libpcap-0.6.2-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 0d335ca0336dfa61da0b5650680d6665
tcpdump-3.6.2-12.2.1AS.1.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 221b1f8e5c2139cd434d2e735e12e4a6
 

Bugs fixed (see bugzilla for more information)

81585 - tcpdump can crash a machine when it sees certain udp packets
82995 - tcpdump problem with bgp decoding


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/