OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 16-Jan-2004 13:37:40
Branch: HEAD Handle: 2004011612373603
Added files:
openpkg-src/tcpdump tcpdump.patch
Modified files:
openpkg-src/tcpdump tcpdump.spec
openpkg-web news.txt
Log:
SA-2004.002-tcpdump; CAN-2004-0055, CAN-2004-0057
Summary:
Revision Changes Path
1.4 +91 -0 openpkg-src/tcpdump/tcpdump.patch
1.34 +3 -1 openpkg-src/tcpdump/tcpdump.spec
1.8096 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/tcpdump/tcpdump.patch
============================================================================
$ cvs diff -u -r0 -r1.4 tcpdump.patch
--- /dev/null 2004-01-16 13:37:39.000000000 +0100
+++ tcpdump.patch 2004-01-16 13:37:39.000000000 +0100
@@ -0,0 +1,91 @@
+
+ tcpdump patch patrix; [EMAIL PROTECTED]
+
+ tcpdump 371 371 372 381
+ OpenPKG 120 121 130 20020822
+ --- --- --- ---
+ CAN-2002-0380 nfs y n n n see past OpenPKG-SA-2003.014-tcpdump
+ CAN-2002-1350 bgp y n n n see past OpenPKG-SA-2003.014-tcpdump
+ CAN-2003-0108 isakmp y n n n see past OpenPKG-SA-2003.014-tcpdump
+ depth y y y n (*)
+ CAN-2003-0989 isakmp y y y n updates CAN-2003-0108-isakmp
+ CAN-2003-1029 l2tp y y n n
+ CAN-2004-0055 radius y y y y
+ CAN-2004-0057 isakmp y y y y
+
+ (*) the vendor code fix for CAN-2003-0108 had two other unrelated code
+ changes piggybacked. We removed the cosmetics (constify) and
+ extracted an enhancement (depth).
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 (radius)
+ The print_attr_string function in print-radius.c for tcpdump 3.8.1
+ and earlier allows remote attackers to cause a denial of service
+ (segmentation fault) via a RADIUS attribute with a large length
+ value.
+
+Index: print-radius.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-radius.c,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -d -u -d -r1.23 -r1.24
+--- print-radius.c.CAN-2004-0055 15 Dec 2003 13:52:15 -0000 1.23
++++ print-radius.c 7 Jan 2004 08:00:52 -0000 1.24
+@@ -476,7 +476,7 @@
+ break;
+ }
+
+- for (i=0; i < length ; i++, data++)
++ for (i=0; *data && i < length ; i++, data++)
+ printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
+
+ return;
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 (isakmp)
+ The rawprint function in the ISAKMP decoding routines
+ (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote
+ attackers to cause a denial of service (segmentation fault) via
+ malformed ISAKMP packets that cause invalid "len" or "loc" values to
+ be used in a loop, a different vulnerability than CAN-2003-0989.
+
+Index: print-isakmp.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-isakmp.c,v
+retrieving revision 1.41
+retrieving revision 1.42
+diff -u -d -u -d -r1.41 -r1.42
+--- print-isakmp.c.CAN-2004-0057 20 Dec 2003 10:03:19 -0000 1.41
++++ print-isakmp.c 7 Jan 2004 08:00:51 -0000 1.42
+@@ -327,9 +327,13 @@
+ static u_char *p;
+ size_t i;
+
++ TCHECK2(*loc, len);
++
+ p = (u_char *)loc;
+ for (i = 0; i < len; i++)
+ printf("%02x", p[i] & 0xff);
++trunc:
++ return;
+ }
+
+ struct attrmap {
+@@ -1111,6 +1115,8 @@
+ cp = (const u_char *)ext;
+
+ while (np) {
++ TCHECK2(*ext, sizeof(e));
++
+ safememcpy(&e, ext, sizeof(e));
+
+ if (ep < (u_char *)ext + ntohs(e.len)) {
+@@ -1136,6 +1142,8 @@
+ ext = (struct isakmp_gen *)cp;
+ }
+ return cp;
++trunc:
++ return NULL;
+ }
+
+ static char *
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tcpdump/tcpdump.spec
============================================================================
$ cvs diff -u -r1.33 -r1.34 tcpdump.spec
--- openpkg-src/tcpdump/tcpdump.spec 8 Jan 2004 20:48:40 -0000 1.33
+++ openpkg-src/tcpdump/tcpdump.spec 16 Jan 2004 12:37:39 -0000 1.34
@@ -33,10 +33,11 @@
Group: Network
License: GPL
Version: 3.8.1
-Release: 20040108
+Release: 20040116
# list of sources
Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
+Patch0: tcpdump.patch
# build information
Prefix: %{l_prefix}
@@ -55,6 +56,7 @@
%prep
%setup -q
+ %patch -p0
%{l_shtool} subst -e 's;des_;DES_;g' configure
%build
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.8095 -r1.8096 news.txt
--- openpkg-web/news.txt 16 Jan 2004 11:57:05 -0000 1.8095
+++ openpkg-web/news.txt 16 Jan 2004 12:37:36 -0000 1.8096
@@ -1,3 +1,4 @@
+16-Jan-2004: Upgraded package: P<tcpdump-3.8.1-20040116>
16-Jan-2004: Upgraded package: P<squid-2.5.4-20040116>
16-Jan-2004: Upgraded package: P<spamassassin-2.61-20040116>
16-Jan-2004: Upgraded package: P<shiela-1.0.4-20040116>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
