SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tcpdump Vendors:   Tcpdump.org
(Turbolinux Issues Fix) Tcpdump Can Be Crashed By a Remote User Sending a Malicious ISAKMP Packet
SecurityTracker Alert ID:  1008830
SecurityTracker URL:  http://securitytracker.com/id/1008830
CVE Reference:   CVE-2003-0989, CVE-2004-0057   (Links to External Site)
Date:  Jan 23 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.8.1 and prior versions
Description:   Several vulnerabilities were reported in tcpdump in the processing of ISAKMP packets. A remote user can cause tcmpdump to crash or to enter an infinite loop.

It is reported that the rawprint() function in print-isakmp.c fails to validate its input arguments [CVE: CVE-2004-0057]. A remote user can send a specially crafted ISAKMP packet to cause the tcpdump process to crash. Red Hat credits Jonathan Heusser with discovering this flaw. Version 3.8.1 and prior versions are affected.

It is also reported that versions prior to 3.8.1 contain flaws that allow a remote user to force tcpdump to enter an infinite loop [CVE: CVE-2003-0989]. According to Red Hat, George Bakos discovered these flaws.

Impact:   A remote user can cause the tcpdump process to crash or to enter an endless loop.
Solution:   Turbolinux has issued a fix.

<Turbolinux 10 Desktop>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 658d11df7263293b7d766f7ffc866ccc

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
258006 a0594a9d6fbc92401a2dc24376310a2b

<Turbolinux 8 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 c9ce45a6207351c44cc36a67a420369e

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260371 55ea9ee44cfaddffaf00185b3742c22e

<Turbolinux 8 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 23f4f97ca13382a50a7e6ddff74f15d0

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260353 3129568a7958617a3d62c31417e81c86

<Turbolinux 7 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 4b7f12431243188bfc6f5f4f0c4f31bd

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254797 76965cac8c2a72e977b15d4c89b3e70a

<Turbolinux 7 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 3c794815c4ed1d59f9e049f18cb182e3

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254840 fa1749b1872fb1ee4d691fe013901e0d

<Turbolinux Server 6.5>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 9cc994e105372927bb073fc08ec873a5

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 531cfec072bfe787250491d9f40dd26b

<Turbolinux Advanced Server 6>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 fee82ff4bf36960d651662b0eb4df445

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 18b4d244206f975580aec81cd0c29da7

<Turbolinux Server 6.1>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 b77ec7657d1f7023a4c23c4e5e36f9dd

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248953 e2966bbcbd4b1dbca887aefa68bed918

<Turbolinux Workstation 6.0>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 decc8749c84db2f28b5f3029653aa148

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248963 cce7a0508f7741046ec1e1103ef80102

Vendor URL:  cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-isakmp.c (Links to External Site)
Cause:   Boundary error, Input validation error, State error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  Turbolinux 10 Desktop, 8 Server, 8 Workstation, 7 Server, 7 Workstation, Server 6.5, Advanced Server 6, Server 6.1, Workstation 6.0

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2004 Tcpdump Can Be Crashed By a Remote User Sending a Malicious ISAKMP Packet



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 22/Jan/2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 22/Jan/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) lftp-> Buffer overflow
 (2) tcpdump -> Multiple vulnerabilities in tcpdump

===========================================================
* lftp-> Buffer overflow
===========================================================

 More information :
    The lftp is a shell-like command line ftp client.
    A buffer overflow vulnerability was discovered in the lftp FTP client
    when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels"
    command on specially prepared directory. 

 Impact :
    The attacker could execute arbitrary code on the users machine.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u lftp
 [other]
 # zabom update lftp
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 02afd2811a68d6d2aaf35060b3424bde

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/lftp-2.6.11-1.i586.rpm
       992246 44dc20c2e19421872f53d6d662b83036

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 18d409d022849172aa87fe212d079533

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       811850 32310dab35b76e007960a6200dd9bf75

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 e5be1ebe9aa810eecc1ca2a5e8e7eded

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       812242 50b63e5c20288850a03b01ac776382bd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 75ed3f49328c0becd433220bbe61723f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       855835 3fb2038e18b0d625021cc6293afb1111

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 7fbc000da3485af428a3f4e4a49b7a55

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       856189 2ab8dc55cdeb716cc258a827a4cb9956

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 08d35dd856f4fc20d7ab6bceef4078c0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055172 f8e83b25ab05101fd0174c9a9b8cb50a

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 5e42a619b6062c174e090d0e489c1c8f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055177 859b5330881c0cc82a6cc3f9b1dd2a62

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 a49c3938c3e3f092e8f003ab2acb8e46

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055167 9e172eea0c66a78bba547814cdf63e00


 References :

 CVE
   [CAN-2003-0963]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0963


===========================================================
* tcpdump -> Multiple vulnerabilities in tcpdump
===========================================================

 More information :
    Tcpdump is a tool designed to prints out the headers of packets on a network interface.
    The buffer overflow vulnerabilities were discovered in the ISAKMP and RADIUS
    decoding routines of tcpdump.

 Impact :
    Remote attackers could potentially exploit these issues by sending
    carefully-crafted packets to a victim. 

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u tcpdump
 [other]
 # zabom update tcpdump
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 658d11df7263293b7d766f7ffc866ccc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       258006 a0594a9d6fbc92401a2dc24376310a2b

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 c9ce45a6207351c44cc36a67a420369e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260371 55ea9ee44cfaddffaf00185b3742c22e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 23f4f97ca13382a50a7e6ddff74f15d0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260353 3129568a7958617a3d62c31417e81c86

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 4b7f12431243188bfc6f5f4f0c4f31bd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254797 76965cac8c2a72e977b15d4c89b3e70a

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 3c794815c4ed1d59f9e049f18cb182e3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254840 fa1749b1872fb1ee4d691fe013901e0d

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 9cc994e105372927bb073fc08ec873a5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 531cfec072bfe787250491d9f40dd26b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 fee82ff4bf36960d651662b0eb4df445

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 18b4d244206f975580aec81cd0c29da7

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 b77ec7657d1f7023a4c23c4e5e36f9dd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248953 e2966bbcbd4b1dbca887aefa68bed918

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 decc8749c84db2f28b5f3029653aa148

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248963 cce7a0508f7741046ec1e1103ef80102


 References :

 CVE
   [CAN-2003-0989]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
   [CAN-2004-0055]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
   [CAN-2004-0057]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057

 Turbolinux Security Advisory
   [TLSA-2003-14]
   http://www.turbolinux.com/security/TLSA-2003-14.txt


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAD28eK0LzjOqIJMwRAjh9AKCEJybQKDFq++Sfdx3uutXc0ABWggCcD631
u0P8hToeuySCKqtJxYdX0jg=
=zK+N
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC