LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: tcpdump vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in the BGP dissector of tcpdump. Remote attackers could send specially crafted packets and execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-492-1              July 30, 2007
tcpdump vulnerability
CVE-2007-3798
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tcpdump                                  3.9.4-2ubuntu0.2

Ubuntu 6.10:
  tcpdump                                  3.9.4-4ubuntu0.2

Ubuntu 7.04:
  tcpdump                                  3.9.5-2ubuntu1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the BGP dissector of tcpdump.  Remote
attackers could send specially crafted packets and execute arbitrary
code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2.diff.gz
      Size/MD5:    11829 2c911638159adc11d2ff54f96182de54
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2.dsc
      Size/MD5:      685 a8ab006366dbe0973e06d08bec9ed359
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.orig.tar.gz
      Size/MD5:   716862 4b64755bbc8ba1af49c747271a6df5b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2_amd64.deb
      Size/MD5:   313048 eeb295aada8253ed88675759a5b9fefc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2_i386.deb
      Size/MD5:   289664 ae14411448b3cc4f6aeb99137ab08242

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2_powerpc.deb
      Size/MD5:   301184 227cfb459beba4f873524ff0351994d7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ubuntu0.2_sparc.deb
      Size/MD5:   305034 56c94f1b847c19301e59c0ca09b05373

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2.diff.gz
      Size/MD5:    11966 781a774a620649e0c6a6e208fb98644c
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2.dsc
      Size/MD5:      632 7f81be7f487baa766845a1701d95d797
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.orig.tar.gz
      Size/MD5:   716862 4b64755bbc8ba1af49c747271a6df5b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2_amd64.deb
      Size/MD5:   315162 7b2246a74280ede3bb105aa580cd0866

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2_i386.deb
      Size/MD5:   300680 4125eb94e7ec30f41d03740f0154f504

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2_powerpc.deb
      Size/MD5:   303704 0f1c7c7cc722c6039f8078ea620a75ad

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ubuntu0.2_sparc.deb
      Size/MD5:   308620 7c11b491590794464980b7e4bb801925

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1.diff.gz
      Size/MD5:    11970 c875dadc73193df8f1bba9ebac4a9bcc
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1.dsc
      Size/MD5:      712 037ba4c3cf2113ac1ee02f3008cc4917
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5.orig.tar.gz
      Size/MD5:   712411 2135e7b1f09af0eaf66d2af822bed44a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1_amd64.deb
      Size/MD5:   317680 164f2980e2673cc641661a859c260d98

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1_i386.deb
      Size/MD5:   303426 1f5aaddf44cd3057241f6e2364183ecd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1_powerpc.deb
      Size/MD5:   308756 06ca55a167c3b0caac6add7a8d0b2981

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ubuntu1_sparc.deb
      Size/MD5:   312192 dce58020c8b5a99316e3d1d1fba2923b


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.