Re: TCPDump version in base?

[Giorgos Keramidas]

Please, pretty please, do *NOT* top-post, trim your quotes and keep
the original poster's name when editing the quoted text.

On 2003-03-06 15:49, twig les <[EMAIL PROTECTED]> wrote:
>Andrew McNaughton wrote:
>>On Thu, 6 Mar 2003, twig les wrote:
>>> Hey all, maybe I'm missing something but I can't seem to find
>>> the version of tcpdump that I'm running.  After searching the
>>> massive man page and doing a quick "pkg_info | grep tcpdump" to
>>> make sure no info was available before posting, I don't know if
>>> I'm vulnerable.  Does anyone know how to glean the version
>>> number from tcpdump? [...]
>>>
>>> Tcpdump versions prior to 3.7.2 contain a denial of service in
>>> the decoding of ISAKMP packets. [...]
>>> This vulnerability is confirmed and fixed in version 3.7.2,
>>> available from: http://www.tcpdump.org/
>>
>> Since tcpdump has moved into the freebsd core distribution
>> it's doubtful
>> whether the tcpdump version number as such is all that
>> meaningful anyway.
>
> This is a good point.  Do I have to upgrade?  The team hasn't
> put out an advisory but we actively use a few FreeBSD boxes for
> sniffing so pardon my impatience.

You can always find out the version of the installed tcpdump and
libpcap by running:

% tcpdump -V

The first two lines should tell you what you want to know.

The 3.7.2 fixes were imported to FreeBSD -STABLE on March 3 by Bill
Fenner.  If you CVSup and rebuild your system from sources after that
date you'll be set to go.

- Giorgos


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: TCPDump version in base?

[twig les]

This is a good point.  Do I have to upgrade?  The team hasn't
put out an advisory but we actively use a few FreeBSD boxes for
sniffing so pardon my impatience.

> Since tcpdump has moved into the freebsd core distribution
> it's doubtful
> whether the tcpdump version number as such is all that
> meaningful anyway.
> 
> Andrew
> 
> 
> 
> On Thu, 6 Mar 2003, twig les wrote:
> 
> > Date: Thu, 6 Mar 2003 14:53:41 -0800 (PST)
> > From: twig les <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: TCPDump version in base?
> >
> > Hey all, maybe I'm missing something but I can't seem to
> find
> > the version of tcpdump that I'm running.  After searching
> the
> > massive man page and doing a quick "pkg_info | grep tcpdump"
> to
> > make sure no info was available before posting, I don't know
> if
> > I'm vulnerable.  Does anyone know how to glean the version
> > number from tcpdump?
> >
> > For those who are wondering wth I'm blathering about
> regarding
> > tcpdump's vulnerability, this SANS blurb should clarify:
> >
> >
> > Tcpdump versions prior to 3.7.2 contain a denial of service
> in
> > the
> > decoding of ISAKMP packets. This allows a remote attacker to
> > spoof
> > a malicious UDP packet that, when read by a vulnerable
> tcpdump
> > application, will cause tcpdump to enter an infinite loop.
> >
> > This vulnerability is confirmed and fixed in version 3.7.2,
> > available
> > from:
> > http://www.tcpdump.org/
> >
> >
> > =
> > ---
> > Know yourself and know your enemy and you will never fear
> defeat.
> > ---
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Tax Center - forms, calculators, tips, more
> > http://taxes.yahoo.com/
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-security" in the body of the
> message
> >
> 
>
--
> Andrew McNaughton   In Sydney and looking for
> work
> [EMAIL PROTECTED] 
> http://staff.scoop.co.nz/andrew/cv.doc
> Mobile: +61 422 753 792
> 
> 


=
---
Know yourself and know your enemy and you will never fear defeat. 
---

__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message