Debian: tcpdump incorrect bounds checking vulnerability

    Date 11 Dec 2002
    3338
    Posted By LinuxSecurity Advisories
    The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-206-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                         Wichert Akkerman
    December 10, 2002
    ------------------------------------------------------------------------
    
    
    Package        : tcpdump
    Problem type   : incorrect bounds checking
    Debian-specific: no
    
    The BGP decoding routines for tcpdump used incorrect bounds checking
    when copying data. This could be abused by introducing malicious traffic
    on a sniffed network for a denial of service attack against tcpdump,
    or possibly even remote code execution.
    
    This has been fixed in version 3.6.2-2.2.
    
    
    ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  https://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security webpages
    at  https://www.debian.org/security/
    
    ------------------------------------------------------------------------
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc.
    
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
          Size/MD5 checksum:     1284 be78c7328fcd439fe7eedf6a54894b28
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
          Size/MD5 checksum:   380635 6bc8da35f9eed4e675bfdf04ce312248
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
          Size/MD5 checksum:     8956 a07ace8578ec5555c87cbfd1faba8ecd
    
      alpha architecture (DEC Alpha)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
          Size/MD5 checksum:   213458 72603d37a351d08dfa7af4ab13e6301f
    
      arm architecture (ARM)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
          Size/MD5 checksum:   179464 adb31a1747c0df1f1113454afb3a85f8
    
      hppa architecture (HP PA RISC)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
          Size/MD5 checksum:   192892 28680f059cab0987ee313b672aa2edca
    
      i386 architecture (Intel ia32)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
          Size/MD5 checksum:   169360 f303ec8777785c742a29469e49a9c63a
    
      ia64 architecture (Intel ia64)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
          Size/MD5 checksum:   246776 889eb67d84ef3500239a1ad7a721dd9e
    
      m68k architecture (Motorola Mc680x0)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
          Size/MD5 checksum:   157340 69ceb0d17d5e9ffca079b0bd7a18d489
    
      mips architecture (MIPS (Big Endian))
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
          Size/MD5 checksum:   188714 dbbe0d4eec80daa0f74b83c877064b87
    
      powerpc architecture (PowerPC)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
          Size/MD5 checksum:   176706 5121aa3b8891d1030d1924f1328efcdf
    
      s390 architecture (IBM S/390)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
          Size/MD5 checksum:   172534 1b2b2834af69c169893b5dee4b21eec3
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         https://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
          Size/MD5 checksum:   179076 31a8382615ac8707b9346bfa9b1d615a
    
    --
    ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    https://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"23","type":"x","order":"1","pct":95.83,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":4.17,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.