LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: June 14th, 2013
Linux Security Week: June 4th, 2013
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: tcpdump incorrect bounds checking vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution. 

------------------------------------------------------------------------
Debian Security Advisory DSA-206-1                   security@debian.org 
http://www.debian.org/security/                         Wichert Akkerman
December 10, 2002
------------------------------------------------------------------------


Package        : tcpdump
Problem type   : incorrect bounds checking
Debian-specific: no

The BGP decoding routines for tcpdump used incorrect bounds checking
when copying data. This could be abused by introducing malicious traffic
on a sniffed network for a denial of service attack against tcpdump,
or possibly even remote code execution.

This has been fixed in version 3.6.2-2.2.


------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  http://www.debian.org/security/

------------------------------------------------------------------------


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc.


  Source archives:

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
      Size/MD5 checksum:     1284 be78c7328fcd439fe7eedf6a54894b28
     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
      Size/MD5 checksum:   380635 6bc8da35f9eed4e675bfdf04ce312248
     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
      Size/MD5 checksum:     8956 a07ace8578ec5555c87cbfd1faba8ecd

  alpha architecture (DEC Alpha)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
      Size/MD5 checksum:   213458 72603d37a351d08dfa7af4ab13e6301f

  arm architecture (ARM)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
      Size/MD5 checksum:   179464 adb31a1747c0df1f1113454afb3a85f8

  hppa architecture (HP PA RISC)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
      Size/MD5 checksum:   192892 28680f059cab0987ee313b672aa2edca

  i386 architecture (Intel ia32)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
      Size/MD5 checksum:   169360 f303ec8777785c742a29469e49a9c63a

  ia64 architecture (Intel ia64)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
      Size/MD5 checksum:   246776 889eb67d84ef3500239a1ad7a721dd9e

  m68k architecture (Motorola Mc680x0)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
      Size/MD5 checksum:   157340 69ceb0d17d5e9ffca079b0bd7a18d489

  mips architecture (MIPS (Big Endian))

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
      Size/MD5 checksum:   188714 dbbe0d4eec80daa0f74b83c877064b87

  powerpc architecture (PowerPC)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
      Size/MD5 checksum:   176706 5121aa3b8891d1030d1924f1328efcdf

  s390 architecture (IBM S/390)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
      Size/MD5 checksum:   172534 1b2b2834af69c169893b5dee4b21eec3

  sparc architecture (Sun SPARC/UltraSPARC)

     http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
      Size/MD5 checksum:   179076 31a8382615ac8707b9346bfa9b1d615a

--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 
Latest Features
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
Yesterday's Edition
Can You Completely Secure Linux?
LulzSec Hacker Ryan Cleary To Be Released
Blowback from the NSA Surveillance
Our Top-Secret Message to NSA Whistleblower Edward Snowden
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2013 Guardian Digital, Inc. All rights reserved.