OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 04-Mar-2003 11:05:34
Branch: HEAD Handle: 2003030410053300
Modified files:
openpkg-web/security OpenPKG-SA-2003.014-tcpdump.txt
Log:
work off tcpdump SA
Summary:
Revision Changes Path
1.3 +28 -39 openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.014-tcpdump.txt
--- openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt 28 Feb 2003 13:54:50
-0000 1.2
+++ openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt 4 Mar 2003 10:05:33
-0000 1.3
@@ -3,11 +3,11 @@
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
-OpenPKG-SA-2003.014 28-Feb-2003
+OpenPKG-SA-2003.014 04-Mar-2003
________________________________________________________________________
Package: tcpdump
-Vulnerability: denial of service
+Vulnerability: denial of service and buffer overflow
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
@@ -18,43 +18,31 @@
Dependent Packages: none
Description:
- Andrew Griffiths discovered a vulnerability in tcpdump which could
- result in a denial of service attack due to an endless loop consuming
- CPU resources. The Common Vulnerabilities and Exposures (CVE) project
- assigned the id CAN-2003-0108 [0] to the problem.
-
- The isakmp_sub_print function in tcpdump [1] contains a loop construct
- that allows remote attackers to cause a denial of service via a certain
- malformed ISAKMP packet to UDP port 500. This causes tcpdump to enter
- an infinite loop potentially disabling the machine. To regain normal
- functionality once again, the affected application must be restarted.
+ Andrew Griffiths and iDEFENSE Labs discovered [1] a vulnerability in
+ tcpdump [0] which could result in a Denial of Service attack due to
+ an endless loop consuming CPU resources when parsing malformed ISAKMP
+ packets sent to UDP port 500. The Common Vulnerabilities and Exposures
+ (CVE) project assigned the id CAN-2003-0108 [2] to the problem.
+
+ Similarily, another Denial of Service attack is possible because
+ tcpdump enters also an endless loop consuming CPU resources when
+ parsing malformed BGP packets. Finally, a buffer overflow occurred
+ when parsing malformed NFS packets.
Please check whether you are affected by running "<prefix>/bin/rpm -q
tcpdump". If you have the "tcpdump" package installed and its version
is affected (see above), we recommend that you immediately upgrade it
(see Solution) and it's dependent packages (see above), if any, too.
- [2][3]
-
-Workaround:
- An ad hoc work around that can be implemented is to simply filter out
- parsing of packets destined to TCP or UDP port 500. This will prevent
- a malformed packet from affected a vulnerable version of tcpdump. The
- addition of the following boolean string can be used to accomplish
- this task:
-
- [and] dst port not 500
-
- Where the [and] is optional depending on whether or not additional
- boolean expressions are provided.
+ [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
- [4][5], fetch it from the OpenPKG FTP service [6][7] or a mirror
- location, verify its integrity [8], build a corresponding binary RPM
- from it [2] and update your OpenPKG installation by applying the binary
- RPM [3]. For the current release OpenPKG 1.2, perform the following
- operations to permanently fix the security problem (for other releases
- adjust accordingly).
+ [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror
+ location, verify its integrity [9], build a corresponding binary RPM
+ from it [3] and update your OpenPKG installation by applying the
+ binary RPM [4]. For the current release OpenPKG 1.2, perform the
+ following operations to permanently fix the security problem (for
+ other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
@@ -69,14 +57,15 @@
References:
[0] http://www.tcpdump.org/
- [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108
- [2] http://www.openpkg.org/tutorial.html#regular-source
- [3] http://www.openpkg.org/tutorial.html#regular-binary
- [4] ftp://ftp.openpkg.org/release/1.1/UPD/tcpdump-3.7.1-1.1.1.src.rpm
- [5] ftp://ftp.openpkg.org/release/1.2/UPD/tcpdump-3.7.1-1.2.1.src.rpm
- [6] ftp://ftp.openpkg.org/release/1.1/UPD/
- [7] ftp://ftp.openpkg.org/release/1.2/UPD/
- [8] http://www.openpkg.org/security.html#signature
+ [1] http://www.idefense.com/advisory/02.27.03.txt
+ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108
+ [3] http://www.openpkg.org/tutorial.html#regular-source
+ [4] http://www.openpkg.org/tutorial.html#regular-binary
+ [5] ftp://ftp.openpkg.org/release/1.1/UPD/tcpdump-3.7.1-1.1.1.src.rpm
+ [6] ftp://ftp.openpkg.org/release/1.2/UPD/tcpdump-3.7.1-1.2.1.src.rpm
+ [7] ftp://ftp.openpkg.org/release/1.1/UPD/
+ [8] ftp://ftp.openpkg.org/release/1.2/UPD/
+ [9] http://www.openpkg.org/security.html#signature
________________________________________________________________________
For security reasons, this advisory was digitally signed with
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
