SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Tcpdump Vendors:   Tcpdump.org
(Caldera Issues Fix for OpenLinux) Tcpdump Sniffer Has Buffer Overflow in the Processing of NFS Packets That Allows Remote Users to Crash the Sniffer
SecurityTracker Alert ID:  1004468
SecurityTracker URL:  http://securitytracker.com/id/1004468
CVE Reference:   CVE-2002-0380   (Links to External Site)
Date:  Jun 5 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.6.2 and prior versions; 3.7
Description:   A buffer overflow vulnerability was reported in the tcpdump network sniffer. A remote user can cause the sniffer to crash.

Red Hat reported that a remote user can cause tcpdump to segfault when displaying NFS traffic.

The following steps can be used to demonstrate the flaw:

1. Run tcpdump
2. Cause lots of NFS traffic.
3. Watch tcpdump segfault when trying to display it.
4. Craft exploit.

This issue was reportedly discovered by David Woodhouse of Red Hat.

Impact:   A remote user can cause tcpdump to crash.

At the time of this entry, there was no confirmation of whether or not the buffer overflow could be exploited to execute arbitrary code.

Solution:   The vendor has released a fix for OpenLinux.

For OpenLinux 3.1.1 Server:

Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

Packages:

86ebdc7304a9474350d6347de67cd801 tcpdump-3.6.2-2.i386.rpm

Installation:

rpm -Fvh tcpdump-3.6.2-2.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

Source Packages:

04af4439b8f027dde02b8da4799553ea tcpdump-3.6.2-2.src.rpm


For OpenLinux 3.1.1 Workstation:

Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

Packages:

da485437a978837b8371ee381c548613 tcpdump-3.6.2-2.i386.rpm

Installation:

rpm -Fvh tcpdump-3.6.2-2.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

Source Packages:

e039c224157657ee9071e3546e6e23ca tcpdump-3.6.2-2.src.rpm


For OpenLinux 3.1 Server:

Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

Packages:

2909f321142349e7028c932e90c9890f tcpdump-3.6.2-2.i386.rpm

Installation:

rpm -Fvh tcpdump-3.6.2-2.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

Source Packages:

53a7e1f96bced55a4c4b9a36984be8bd tcpdump-3.6.2-2.src.rpm


For OpenLinux 3.1 Workstation:

Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

Packages:

b41c99ae95269862ee89508c00b84272 tcpdump-3.6.2-2.i386.rpm

Installation:

rpm -Fvh tcpdump-3.6.2-2.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

Source Packages:

11ce6a0534493de576802e68c1841f76 tcpdump-3.6.2-2.src.rpm

Vendor URL:  www.tcpdump.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Server and Workstation 3.1, 3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
May 30 2002 Tcpdump Sniffer Has Buffer Overflow in the Processing of NFS Packets That Allows Remote Users to Crash the Sniffer



 Source Message Contents

Subject:  Security Update: [CSSA-2002-025.0] Linux: tcpdump AFS RPC and NFS packet vulnerabilities


--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com    

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: tcpdump AFS RPC and NFS packet vulnerabilities
Advisory number: 	CSSA-2002-025.0
Issue date: 		2002 June 04
Cross reference:
______________________________________________________________________________


1. Problem Description

	The tcpdump program is vulnerable to several buffer overflows, the
	most serious of which are problems with the decoding of AFS RPC
	packets and the handling of malformed NFS packets. These may allow
	a remote attacker to cause arbitrary instructions to be executed
	with the privileges of the tcpdump process (usually root).


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to tcpdump-3.6.2-2.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to tcpdump-3.6.2-2.i386.rpm

	OpenLinux 3.1 Server		prior to tcpdump-3.6.2-2.i386.rpm

	OpenLinux 3.1 Workstation	prior to tcpdump-3.6.2-2.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	86ebdc7304a9474350d6347de67cd801	tcpdump-3.6.2-2.i386.rpm

	4.3 Installation

	rpm -Fvh tcpdump-3.6.2-2.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	04af4439b8f027dde02b8da4799553ea	tcpdump-3.6.2-2.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

	5.2 Packages

	da485437a978837b8371ee381c548613	tcpdump-3.6.2-2.i386.rpm

	5.3 Installation

	rpm -Fvh tcpdump-3.6.2-2.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

	5.5 Source Packages

	e039c224157657ee9071e3546e6e23ca	tcpdump-3.6.2-2.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	6.2 Packages

	2909f321142349e7028c932e90c9890f	tcpdump-3.6.2-2.i386.rpm

	6.3 Installation

	rpm -Fvh tcpdump-3.6.2-2.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	6.5 Source Packages

	53a7e1f96bced55a4c4b9a36984be8bd	tcpdump-3.6.2-2.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

	7.2 Packages

	b41c99ae95269862ee89508c00b84272	tcpdump-3.6.2-2.i386.rpm

	7.3 Installation

	rpm -Fvh tcpdump-3.6.2-2.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

	7.5 Source Packages

	11ce6a0534493de576802e68c1841f76	tcpdump-3.6.2-2.src.rpm


8. References

	Specific references for this advisory:
		http://www.tcpdump.org/
		http://www.ciac.org/ciac/bulletins/l-015.shtml
		ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr863999, fz520911,
	erg712040.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Nick Cleaton reported the AFS RPC vulnerability. David Woodhouse
	of Red Hat reported the NFS packet vulnerability. The rest of
	the vulnerabilities were discoverd by an internal security
	audit by the FreeBSD team.
______________________________________________________________________________

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjz+ZskACgkQbluZssSXDTHSAgCfbDNMqOetMrgaD0tymVqBdwYX
gJgAoNlEX/rwk23ZKX5hjjm1RmZPbdjJ
=W3K6
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC