LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: tcpdump vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Moritz Jodeit discovered that tcpdump had an overflow in the 802.11 packet parser. Remote attackers could send specially crafted packets, crashing tcpdump, possibly leading to a denial of service.
=========================================================== 
Ubuntu Security Notice USN-429-1             March 06, 2007
tcpdump vulnerability
CVE-2007-1218
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  tcpdump                                  3.9.1-1ubuntu1.1

Ubuntu 6.06 LTS:
  tcpdump                                  3.9.4-2ubuntu0.1

Ubuntu 6.10:
  tcpdump                                  3.9.4-4ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Moritz Jodeit discovered that tcpdump had an overflow in the 802.11 
packet parser.  Remote attackers could send specially crafted packets, 
crashing tcpdump, possibly leading to a denial of service.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1.diff.gz
      Size/MD5:    12037 9086124de1072e521624979a49a41749
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1.dsc
      Size/MD5:      672 aa2dbeff2bbc288a8d98bff3d0743d10
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1.orig.tar.gz
      Size/MD5:   662060 5f589a34be42d335176d1b8cfcbd1f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1_amd64.deb
      Size/MD5:   307150 324c0c4ae58717e2e0af4c3e251c72c9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1_i386.deb
      Size/MD5:   284880 05fcf0bd9f44a884cce9576f64593614

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1_powerpc.deb
      Size/MD5:   294816 561ba6b77837204cd6cc9e088b77fccd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ubuntu1.1_sparc.deb
      Size/MD5:   299920 d759b94205402352adb055af34a70ebd

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1.diff.gz
      Size/MD5:    10786 a46a8c2116b0e280127b0f4ca7f85c2b
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1.dsc
      Size/MD5:      685 21536cc080bd4dc72fdb0635349e29cc
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.orig.tar.gz
      Size/MD5:   716862 4b64755bbc8ba1af49c747271a6df5b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1_amd64.deb
      Size/MD5:   312992 92e764c3084d0e9ed236afa956755fef

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1_i386.deb
      Size/MD5:   289554 83a973219fcc4cb4edb27cb1c820666b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1_powerpc.deb
      Size/MD5:   301108 e810b1f74b8e8722cc81aa7bcf0ca64c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.1_sparc.deb
      Size/MD5:   304888 59349548d64f1b8bb8b79018754bdf0d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1.diff.gz
      Size/MD5:    10919 0fbd287a08757cfa3a9c52f12d8147e3
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1.dsc
      Size/MD5:      632 283ba6bae274162eb64aa8039ebd4062
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.orig.tar.gz
      Size/MD5:   716862 4b64755bbc8ba1af49c747271a6df5b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1_amd64.deb
      Size/MD5:   314924 5aa45e116446876b771524b6631ab3a8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1_i386.deb
      Size/MD5:   300618 de0caa6ea55db70547fa1cec2fd0056e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1_powerpc.deb
      Size/MD5:   303532 1c5dd389b720a339df581dd277d63d84

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.1_sparc.deb
      Size/MD5:   308412 9c27ed7d8f42e0790902a985e687e5e1


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Home router security holes to be exposed at Def Con 22 hacker meet up
Edward Snowden Calls on Hackers to Help Whistleblowers Leak More Secrets
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.