Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2002-025.0] Linux: tcpdump AFS RPC and NFS packet vulnerabilities

From: security () caldera com
Date: Wed, 5 Jun 2002 12:30:17 -0700
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com    

______________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: tcpdump AFS RPC and NFS packet vulnerabilities
Advisory number:        CSSA-2002-025.0
Issue date:             2002 June 04
Cross reference:
______________________________________________________________________________


1. Problem Description

        The tcpdump program is vulnerable to several buffer overflows, the
        most serious of which are problems with the decoding of AFS RPC
        packets and the handling of malformed NFS packets. These may allow
        a remote attacker to cause arbitrary instructions to be executed
        with the privileges of the tcpdump process (usually root).


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to tcpdump-3.6.2-2.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to tcpdump-3.6.2-2.i386.rpm

        OpenLinux 3.1 Server            prior to tcpdump-3.6.2-2.i386.rpm

        OpenLinux 3.1 Workstation       prior to tcpdump-3.6.2-2.i386.rpm


3. Solution

        The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

        4.2 Packages

        86ebdc7304a9474350d6347de67cd801        tcpdump-3.6.2-2.i386.rpm

        4.3 Installation

        rpm -Fvh tcpdump-3.6.2-2.i386.rpm

        4.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

        4.5 Source Packages

        04af4439b8f027dde02b8da4799553ea        tcpdump-3.6.2-2.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

        5.2 Packages

        da485437a978837b8371ee381c548613        tcpdump-3.6.2-2.i386.rpm

        5.3 Installation

        rpm -Fvh tcpdump-3.6.2-2.i386.rpm

        5.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

        5.5 Source Packages

        e039c224157657ee9071e3546e6e23ca        tcpdump-3.6.2-2.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

        6.2 Packages

        2909f321142349e7028c932e90c9890f        tcpdump-3.6.2-2.i386.rpm

        6.3 Installation

        rpm -Fvh tcpdump-3.6.2-2.i386.rpm

        6.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

        6.5 Source Packages

        53a7e1f96bced55a4c4b9a36984be8bd        tcpdump-3.6.2-2.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

        7.2 Packages

        b41c99ae95269862ee89508c00b84272        tcpdump-3.6.2-2.i386.rpm

        7.3 Installation

        rpm -Fvh tcpdump-3.6.2-2.i386.rpm

        7.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

        7.5 Source Packages

        11ce6a0534493de576802e68c1841f76        tcpdump-3.6.2-2.src.rpm


8. References

        Specific references for this advisory:
                http://www.tcpdump.org/
                http://www.ciac.org/ciac/bulletins/l-015.shtml
                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc

        Caldera security resources:
                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr863999, fz520911,
        erg712040.


9. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


10. Acknowledgements

        Nick Cleaton reported the AFS RPC vulnerability. David Woodhouse
        of Red Hat reported the NFS packet vulnerability. The rest of
        the vulnerabilities were discoverd by an internal security
        audit by the FreeBSD team.
______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: