Skip to navigation

Security Advisory tcpdump security update

Advisory: RHSA-2004:008-09
Type: Security Advisory
Severity: Moderate
Issued on: 2004-01-16
Last updated on: 2004-01-16
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2003-0989
CVE-2004-0055
CVE-2004-0057

Details

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in
ISAKMP and RADIUS parsing.

[Updated 15 Jan 2004]
Updated the text description to better describe the vulnerabilities found
by Jonathan Heusser and give them CVE names.

Tcpdump is a command-line tool for monitoring network traffic.

George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.

Jonathan Heusser discovered an additional flaw in the ISAKMP decoding
routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to
this issue.

Jonathan Heusser discovered a flaw in the print_attr_string function in the
RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0055 to this issue.

Remote attackers could potentially exploit these issues by sending
carefully-crafted packets to a victim. If the victim uses tcpdump, these
pakets could result in a denial of service, or possibly execute arbitrary
code as the 'pcap' user.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
 
IA-32:
arpwatch-2.1a11-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: aa7c761f81b35f62204947ad35761691
libpcap-0.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 9a45470790c7fbaf62e65caebfbcc4bf
tcpdump-3.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 73e41413141a6e3de200cfda3a8f62a9
 
IA-64:
arpwatch-2.1a11-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: e5f0e5fe662547e8b56bdb170dd9c5f7
libpcap-0.6.2-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: ed7c329320fb9c5322a3c29b964e5829
tcpdump-3.6.2-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 7e42cfabcc19ef88e26c52015a2bb2af
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
 
IA-32:
libpcap-0.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 81ce9b57c74f0eb00a591e663df9aca0
tcpdump-3.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 0c243bf9453c7264272ad4b6797bef11
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
 
IA-32:
arpwatch-2.1a11-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: aa7c761f81b35f62204947ad35761691
libpcap-0.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 9a45470790c7fbaf62e65caebfbcc4bf
tcpdump-3.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 73e41413141a6e3de200cfda3a8f62a9
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
 
IA-32:
libpcap-0.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 81ce9b57c74f0eb00a591e663df9aca0
tcpdump-3.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 0c243bf9453c7264272ad4b6797bef11
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
 
IA-32:
arpwatch-2.1a11-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: aa7c761f81b35f62204947ad35761691
libpcap-0.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 9a45470790c7fbaf62e65caebfbcc4bf
tcpdump-3.6.2-12.2.1AS.5.i386.rpm
File outdated by:  RHSA-2004:219
    MD5: 73e41413141a6e3de200cfda3a8f62a9
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
tcpdump-3.7.2-7.E3.1.src.rpm
File outdated by:  RHSA-2005:421
    MD5: b696a326fd27432b35b87827573c4a17
 
IA-32:
libpcap-0.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 81ce9b57c74f0eb00a591e663df9aca0
tcpdump-3.7.2-7.E3.1.i386.rpm
File outdated by:  RHSA-2005:421
    MD5: 0c243bf9453c7264272ad4b6797bef11
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
tcpdump-3.6.2-12.2.1AS.5.src.rpm
File outdated by:  RHSA-2004:219
    MD5: f8514b2194a97486f13edd26e9bb2295
 
IA-64:
arpwatch-2.1a11-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: e5f0e5fe662547e8b56bdb170dd9c5f7
libpcap-0.6.2-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: ed7c329320fb9c5322a3c29b964e5829
tcpdump-3.6.2-12.2.1AS.5.ia64.rpm
File outdated by:  RHSA-2004:219
    MD5: 7e42cfabcc19ef88e26c52015a2bb2af
 

Bugs fixed (see bugzilla for more information)

113008 - CAN-2003-0989 tcpdump parsing overflow
113366 - CAN-2004-0055 CAN-2004-0057 Two issues found in tpcdump


References


Keywords

arpwatch, buffer, overflow, tcpdump


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/