[OpenPKG-SA-2004.002] OpenPKG Security Advisory (tcpdump)

From: OpenPKG (openpkg_at_openpkg.org)
Date: 01/16/04

  • Next message: itojun_at_kame.net: "Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon"
    Date: Fri, 16 Jan 2004 14:09:43 +0100
    To: bugtraq@securityfocus.com

    Hash: SHA1


    OpenPKG Security Advisory The OpenPKG Project
    http://www.openpkg.org/security.html http://www.openpkg.org
    openpkg-security@openpkg.org openpkg@openpkg.org
    OpenPKG-SA-2004.002 16-Jan-2004

    Package: tcpdump
    Vulnerability: denial of service
    OpenPKG Specific: no

    Affected Releases: Affected Packages: Corrected Packages:
    OpenPKG CURRENT <= tcpdump-3.8.1-20040108 >= tcpdump-3.8.1-20040116
    OpenPKG 1.3 <= tcpdump-3.7.2-1.3.0 >= tcpdump-3.7.2-1.3.1
    OpenPKG 1.2 <= tcpdump-3.7.1-1.2.1 >= tcpdump-3.7.1-1.2.2

    Dependent Packages: none

      A bunch of vulnerabilities in tcpdump [0] were found and addressed
      in the past. All of them are in the area of packet decoding. Faulty
      decoder functions can result in denial of service attacks through
      infinite loops, memory starvation and application crashes. In the
      worst case arbitrary code execution is possible.

      This OpenPKG update resolves all issues currently known, as shown in
      the following table:

                      tcpdump 371 371 372 381
                      OpenPKG 120 121 130 20020822
                                --- --- --- ---
      CAN-2002-0380 [2] nfs X - - - see past OpenPKG-SA [1]
      CAN-2002-1350 [3] bgp X - - - see past OpenPKG-SA [1]
      CAN-2003-0108 [4] isakmp X - - - see past OpenPKG-SA [1]
                        depth X X X - (*)
      CAN-2003-0989 [5] isakmp X X X - updates CAN-2003-0108-isakmp
      CAN-2003-1029 [6] l2tp X X - -
      CAN-2004-0055 [7] radius X X X X
      CAN-2004-0057 [8] isakmp X X X X

      (*) the vendor code fix for CAN-2003-0108 had two other unrelated code
          changes piggybacked. We removed the cosmetics (constify) and
          extracted an enhancement (depth).

      Please check whether you are affected by running "<prefix>/bin/rpm -q
      tcpdump". If you have the "tcpdump" package installed and its version
      is affected (see above), we recommend that you immediately upgrade it
      (see Solution). [9][10]

      Select the updated source RPM appropriate for your OpenPKG release
      [11][12], fetch it from the OpenPKG FTP service [13][14] or a mirror
      location, verify its integrity [15], build a corresponding binary RPM
      from it [9] and update your OpenPKG installation by applying the
      binary RPM [10]. For the current release OpenPKG 1.3, perform the
      following operations to permanently fix the security problem (for
      other releases adjust accordingly).

      $ ftp ftp.openpkg.org
      ftp> bin
      ftp> cd release/1.3/UPD
      ftp> get tcpdump-3.7.2-1.3.1.src.rpm
      ftp> bye
      $ <prefix>/bin/rpm -v --checksig tcpdump-3.7.2-1.3.1.src.rpm
      $ <prefix>/bin/rpm --rebuild tcpdump-3.7.2-1.3.1.src.rpm
      $ su -
      # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/tcpdump-3.7.2-1.3.1.*.rpm

      [0] http://www.tcpdump.org/
      [1] http://www.openpkg.org/security/OpenPKG-SA-2003.014-tcpdump.html
      [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380
      [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350
      [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108
      [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
      [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1029
      [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
      [8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
      [9] http://www.openpkg.org/tutorial.html#regular-source
      [10] http://www.openpkg.org/tutorial.html#regular-binary
      [11] ftp://ftp.openpkg.org/release/1.2/UPD/tcpdump-3.7.1-1.2.2.src.rpm
      [12] ftp://ftp.openpkg.org/release/1.3/UPD/tcpdump-3.7.2-1.3.1.src.rpm
      [13] ftp://ftp.openpkg.org/release/1.2/UPD/
      [14] ftp://ftp.openpkg.org/release/1.3/UPD/
      [15] http://www.openpkg.org/security.html#signature

    For security reasons, this advisory was digitally signed with the
    OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
    OpenPKG project which you can retrieve from http://pgp.openpkg.org and
    hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
    for details on how to verify the integrity of this advisory.

    Comment: OpenPKG <openpkg@openpkg.org>

    -----END PGP SIGNATURE-----

  • Next message: itojun_at_kame.net: "Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon"

    Relevant Pages