Debian: 'tcpdump' vulnerability
Posted by LinuxSecurity.com Team   
Debian Several buffer overflows were found which allow an attacker to make tcpdump crash.

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org 
http://www.debian.org/security/                         Wichert Akkerman
November 20, 2000
- ------------------------------------------------------------------------


Package: tcpdump
Vulnerability: remote exploit
Debian-specific: no

During internal source code auditing by FreeBSD several buffer overflows
were found which allow an attacker to make tcpdump crash by sending
carefully crafted packets to a network that is being monitored with
tcpdump.

This has been fixed in version 3.4a6-4.2.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
  architectures. 

  Source archives:
    
http://security.debian.org/dists/stable/updates/main/source/tcpdump_3.4a6-4.2.diff.gz
      MD5 checksum: 62a63a125250c0d636a6658910e0955b
    
http://security.debian.org/dists/stable/updates/main/source/tcpdump_3.4a6-4.2.dsc
      MD5 checksum: 733e906052de894eddce7fa27437b1b2
    
http://security.debian.org/dists/stable/updates/main/source/tcpdump_3.4a6.orig.tar.gz
      MD5 checksum: 8133ffe2af22d66c70419f48a42ac675

  Alpha architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-alpha/tcpdump_3.4a6-4.2_alpha.deb
      MD5 checksum: 7f89d984dbe54116c5aa34aae93e5357

  ARM architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-arm/tcpdump_3.4a6-4.2_arm.deb
      MD5 checksum: 69dd2892ef04adf55f74b80828c26f5e

  Intel ia32 architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-i386/tcpdump_3.4a6-4.2_i386.deb
      MD5 checksum: 906068aaeebbcb5f50ea1b2dd1aec4c0

  Motorola 680x0 architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-m68k/tcpdump_3.4a6-4.2_m68k.deb
      MD5 checksum: 17c6feed12c3875d051659526f16393f

  PowerPC architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcpdump_3.4a6-4.2_powerpc.deb
      MD5 checksum: c850bdecfe6aded7728ef4b6d6549d8e

  Sun Sparc architecture:
    
http://security.debian.org/dists/stable/updates/main/binary-sparc/tcpdump_3.4a6-4.2_sparc.deb
      MD5 checksum: b7fbc7275e859c0b0db165349ecafaf0


For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
apt-get: deb  http://security.debian.org/ stable/updates main
dpkg -ftp:ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org