lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20021120053023.GA1535@localhost.localdomain>
From: silvio at big.net.au (Silvio Cesare)
Subject: Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c

Also, one quick addition to this; this problem effects all tcpdump, and is not
OpenLinux (or even Linux) specific.

It is recommended that ALL distro's upgrade their packages to the latest,
which has long resolved the specific problem this advisory is
reporting.

Anyway.. nice advisory ;-)

--
Silvio

On Tue, Nov 19, 2002 at 03:55:31PM -0800, security@...dera.com wrote:
> To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com
> 
> ______________________________________________________________________________
> 
> 			SCO Security Advisory
> 
> Subject:		Linux: tcpdump denial-of-service in print-bgp.c 
> Advisory number: 	CSSA-2002-050.0
> Issue date: 		2002 November 19
> Cross reference:
> ______________________________________________________________________________
> 
> 
> 1. Problem Description
> 
> 	There is a miscalculation in the use of the sizeof operator in
> 	tcpdump, allowing, at the least, a denial-of-service attack.
> 
> 
> 2. Vulnerable Supported Versions
> 
> 	System				Package
> 	----------------------------------------------------------------------
> 
> 	OpenLinux 3.1.1 Server		prior to tcpdump-3.6.2-4.i386.rpm
> 
> 	OpenLinux 3.1.1 Workstation	prior to tcpdump-3.6.2-4.i386.rpm
> 
> 	OpenLinux 3.1 Server		prior to tcpdump-3.6.2-4.i386.rpm
> 
> 	OpenLinux 3.1 Workstation	prior to tcpdump-3.6.2-4.i386.rpm
> 
> 
> 3. Solution
> 
> 	The proper solution is to install the latest packages. Many
> 	customers find it easier to use the Caldera System Updater, called
> 	cupdate (or kcupdate under the KDE environment), to update these
> 	packages rather than downloading and installing them by hand.

--
Silvio

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ