AusCERT - ESB-2002.685 -- Debian Security Advisory DSA-206-1 -- tcpdump BGP decoding error

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2002.685 -- Debian Security Advisory DSA-206-1 -- tcpdump BGP decoding error
Date: 11 December 2002

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.685 -- Debian Security Advisory DSA-206-1
                        tcpdump BGP decoding error
                             11 December 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                tcpdump
Vendor:                 Debian
Operating System:       Debian GNU/Linux 3.0
Impact:                 Denial of Service
                        Execute Arbitrary Code/Commands
                        Root Compromise
Access Required:        Remote

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-206-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
December 10, 2002
- - ------------------------------------------------------------------------


Package        : tcpdump
Problem type   : incorrect bounds checking
Debian-specific: no

The BGP decoding routines for tcpdump used incorrect bounds checking
when copying data. This could be abused by introducing malicious traffic
on a sniffed network for a denial of service attack against tcpdump,
or possibly even remote code execution.

This has been fixed in version 3.6.2-2.2.


- - ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at http://www.debian.org/security/

- - ------------------------------------------------------------------------


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc.


  Source archives:

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
      Size/MD5 checksum:     1284 be78c7328fcd439fe7eedf6a54894b28
    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
      Size/MD5 checksum:   380635 6bc8da35f9eed4e675bfdf04ce312248
    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
      Size/MD5 checksum:     8956 a07ace8578ec5555c87cbfd1faba8ecd

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
      Size/MD5 checksum:   213458 72603d37a351d08dfa7af4ab13e6301f

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
      Size/MD5 checksum:   179464 adb31a1747c0df1f1113454afb3a85f8

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
      Size/MD5 checksum:   192892 28680f059cab0987ee313b672aa2edca

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
      Size/MD5 checksum:   169360 f303ec8777785c742a29469e49a9c63a

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
      Size/MD5 checksum:   246776 889eb67d84ef3500239a1ad7a721dd9e

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
      Size/MD5 checksum:   157340 69ceb0d17d5e9ffca079b0bd7a18d489

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
      Size/MD5 checksum:   188714 dbbe0d4eec80daa0f74b83c877064b87

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
      Size/MD5 checksum:   176706 5121aa3b8891d1030d1924f1328efcdf

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
      Size/MD5 checksum:   172534 1b2b2834af69c169893b5dee4b21eec3

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
      Size/MD5 checksum:   179076 31a8382615ac8707b9346bfa9b1d615a

- - -- 
- - ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE99m2RPLiSUC+jvC0RAgQwAJ9g72gzFPfdTVvTfhyX/5wb3H1fiQCfSZhu
/YTIMzeIfa1gS4sshBSjcME=
=FK7j
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author\'s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBPfcpxSh9+71yA2DNAQHEcwP/QN2LO7heyyHZL+3iNmthjT6juYKmdkZ9
9x6vx9vTN0D6AjzpAjc5/UtJr6LWCH1fcJo7a494uIXm3yZ7FbHtOg1CrZuaUOiy
SRKHzgLR7X/cmLIz/6UiM+5jtoL9ry7CT6ukyHoecv4m35jkErMIJZtTf9zQG29o
J5kRRJ4zQ5o=
=4p92
-----END PGP SIGNATURE-----