Security Advisory tcpdump security update

Advisory: RHSA-2004:219-07
Type: Security Advisory
Severity: Low
Issued on: 2004-05-26
Last updated on: 2004-05-26
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0183
CVE-2004-0184

Details

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in
ISAKMP parsing.

Tcpdump is a command-line tool for monitoring network traffic.

Tcpdump v3.8.1 and earlier versions contained multiple flaws in the
packet display functions for the ISAKMP protocol. Upon receiving
specially crafted ISAKMP packets, TCPDUMP would try to read beyond
the end of the packet capture buffer and subsequently crash.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
tcpdump-3.7.2-7.E3.2.src.rpm
File outdated by:  RHSA-2005:421		     8245acfffe0d89c4381885f71e0ece3f
 
IA-32:
libpcap-0.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     d463f8099c444830358bf8f6b8f57be3
tcpdump-3.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     1b6524ff06794b8aed95acfea00ebfa7
 
x86_64:
libpcap-0.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     a47644862b993c272d73d5982b6a0f72
tcpdump-3.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     b6694e17a21f612abf6e7d8e94dd50fe
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
tcpdump-3.6.2-12.2.1AS.6.src.rpm     06099571cae2217649509843c705a153
 
IA-32:
arpwatch-2.1a11-12.2.1AS.6.i386.rpm     39785de17ac747a95d75c3856ce10a8f
libpcap-0.6.2-12.2.1AS.6.i386.rpm     2d79602baa89bd6070541e7ac0fb3ea8
tcpdump-3.6.2-12.2.1AS.6.i386.rpm     8c592a8b97f599bf12c7bc0335422107
 
IA-64:
arpwatch-2.1a11-12.2.1AS.6.ia64.rpm     6251264976756412d80f74041e5c277a
libpcap-0.6.2-12.2.1AS.6.ia64.rpm     d86bb232ba584afe8a55f02d7e789d93
tcpdump-3.6.2-12.2.1AS.6.ia64.rpm     2bbc2c761f382bba8d8693b131239541
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
tcpdump-3.7.2-7.E3.2.src.rpm
File outdated by:  RHSA-2005:421		     8245acfffe0d89c4381885f71e0ece3f
 
IA-32:
libpcap-0.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     d463f8099c444830358bf8f6b8f57be3
tcpdump-3.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     1b6524ff06794b8aed95acfea00ebfa7
 
IA-64:
libpcap-0.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     4c6ddd5421cc23a43735e014e54be67e
tcpdump-3.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     34fbc4a48e7f7f3471aa9ed82706e20f
 
PPC:
libpcap-0.7.2-7.E3.2.ppc.rpm
File outdated by:  RHSA-2005:421		     cfb803a434669955505e83d759865c1b
libpcap-0.7.2-7.E3.2.ppc64.rpm
File outdated by:  RHSA-2005:421		     4c931b56f4eedea44f2e01603842bcff
tcpdump-3.7.2-7.E3.2.ppc.rpm
File outdated by:  RHSA-2005:421		     011624c4af4fc835ff0d5c06c729eaa2
tcpdump-3.7.2-7.E3.2.ppc64.rpm     0217bb2ee74895ffb00be005126935e3
 
s390:
libpcap-0.7.2-7.E3.2.s390.rpm
File outdated by:  RHSA-2005:421		     5b0085309d79b6dc81373b1a8d028699
tcpdump-3.7.2-7.E3.2.s390.rpm
File outdated by:  RHSA-2005:421		     cca41d020017136662ac065eb9720987
 
s390x:
libpcap-0.7.2-7.E3.2.s390x.rpm
File outdated by:  RHSA-2005:421		     690139912f28e6c5db35115389bab7fe
tcpdump-3.7.2-7.E3.2.s390x.rpm
File outdated by:  RHSA-2005:421		     0615c37cea73f9f060fa45ae6a32f93e
 
x86_64:
libpcap-0.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     a47644862b993c272d73d5982b6a0f72
tcpdump-3.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     b6694e17a21f612abf6e7d8e94dd50fe
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
tcpdump-3.6.2-12.2.1AS.6.src.rpm     06099571cae2217649509843c705a153
 
IA-32:
arpwatch-2.1a11-12.2.1AS.6.i386.rpm     39785de17ac747a95d75c3856ce10a8f
libpcap-0.6.2-12.2.1AS.6.i386.rpm     2d79602baa89bd6070541e7ac0fb3ea8
tcpdump-3.6.2-12.2.1AS.6.i386.rpm     8c592a8b97f599bf12c7bc0335422107
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
tcpdump-3.7.2-7.E3.2.src.rpm
File outdated by:  RHSA-2005:421		     8245acfffe0d89c4381885f71e0ece3f
 
IA-32:
libpcap-0.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     d463f8099c444830358bf8f6b8f57be3
tcpdump-3.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     1b6524ff06794b8aed95acfea00ebfa7
 
IA-64:
libpcap-0.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     4c6ddd5421cc23a43735e014e54be67e
tcpdump-3.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     34fbc4a48e7f7f3471aa9ed82706e20f
 
x86_64:
libpcap-0.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     a47644862b993c272d73d5982b6a0f72
tcpdump-3.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     b6694e17a21f612abf6e7d8e94dd50fe
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
tcpdump-3.6.2-12.2.1AS.6.src.rpm     06099571cae2217649509843c705a153
 
IA-32:
arpwatch-2.1a11-12.2.1AS.6.i386.rpm     39785de17ac747a95d75c3856ce10a8f
libpcap-0.6.2-12.2.1AS.6.i386.rpm     2d79602baa89bd6070541e7ac0fb3ea8
tcpdump-3.6.2-12.2.1AS.6.i386.rpm     8c592a8b97f599bf12c7bc0335422107
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
tcpdump-3.7.2-7.E3.2.src.rpm
File outdated by:  RHSA-2005:421		     8245acfffe0d89c4381885f71e0ece3f
 
IA-32:
libpcap-0.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     d463f8099c444830358bf8f6b8f57be3
tcpdump-3.7.2-7.E3.2.i386.rpm
File outdated by:  RHSA-2005:421		     1b6524ff06794b8aed95acfea00ebfa7
 
IA-64:
libpcap-0.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     4c6ddd5421cc23a43735e014e54be67e
tcpdump-3.7.2-7.E3.2.ia64.rpm
File outdated by:  RHSA-2005:421		     34fbc4a48e7f7f3471aa9ed82706e20f
 
x86_64:
libpcap-0.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     a47644862b993c272d73d5982b6a0f72
tcpdump-3.7.2-7.E3.2.x86_64.rpm
File outdated by:  RHSA-2005:421		     b6694e17a21f612abf6e7d8e94dd50fe
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
tcpdump-3.6.2-12.2.1AS.6.src.rpm     06099571cae2217649509843c705a153
 
IA-64:
arpwatch-2.1a11-12.2.1AS.6.ia64.rpm     6251264976756412d80f74041e5c277a
libpcap-0.6.2-12.2.1AS.6.ia64.rpm     d86bb232ba584afe8a55f02d7e789d93
tcpdump-3.6.2-12.2.1AS.6.ia64.rpm     2bbc2c761f382bba8d8693b131239541
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

120022 - CAN-2004-0183/0184 tcpdump ISAKMP crash
123030 - CAN-2004-0183/0184 tcpdump ISAKMP crash


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0184
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184
http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525&w=2

Keywords

arpwatch, buffer, libpcap, overflow, tcpdump

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/