Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-200404-03.xml
blob: e432882108eebf2e0c9dc187077064517f59f09d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-03">
  <title>Tcpdump Vulnerabilities in ISAKMP Parsing</title>
  <synopsis>
    There are multiple vulnerabilities in tcpdump and libpcap related to
    parsing of ISAKMP packets.
  </synopsis>
  <product type="ebuild">tcpdump</product>
  <announced>2004-03-31</announced>
  <revised count="01">2004-03-31</revised>
  <bug>38206</bug>
  <bug>46258</bug>
  <access>remote</access>
  <affected>
    <package name="net-analyzer/tcpdump" auto="yes" arch="*">
      <unaffected range="ge">3.8.3-r1</unaffected>
      <vulnerable range="le">3.8.1</vulnerable>
    </package>
    <package name="net-libs/libpcap" auto="yes" arch="*">
      <unaffected range="ge">0.8.3-r1</unaffected>
      <vulnerable range="le">0.8.1-r1</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    Tcpdump is a program for monitoring IP network traffic. Libpcap is a
    supporting library which is responsibile for capturing packets off a network
    interface.
    </p>
  </background>
  <description>
    <p>
    There are two specific vulnerabilities in tcpdump, outlined in [ reference
    1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP
    Delete packet which causes tcpdump to read past the end of its buffer. In
    the second scenario, an attacker may send an ISAKMP packet with the wrong
    payload length, again causing tcpdump to read past the end of a buffer.
    </p>
  </description>
  <impact type="high">
    <p>
    Remote attackers could potentially cause tcpdump to crash or execute
    arbitrary code as the 'pcap' user.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time. All tcpdump users are encouraged
    to upgrade to the latest available version.
    </p>
  </workaround>
  <resolution>
    <p>
    All tcpdump users should upgrade to the latest available version.
    ADDITIONALLY, the net-libs/libpcap package should be upgraded.
    </p>
    <code>
    # emerge sync

    # emerge -pv "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"
    # emerge "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"</code>
  </resolution>
  <references>
    <uri link="https://www.rapid7.com/advisories/R7-0017.html">Rapid7 Advisory</uri>
    <uri link="https://rhn.redhat.com/errata/RHSA-2004-008.html">Red Hat Security Advisory</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989">CVE Advisory</uri>
  </references>
</glsa>