SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tcpdump Vendors:   Tcpdump.org
(Turbolinux Issues Fix) tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process
SecurityTracker Alert ID:  1008831
SecurityTracker URL:  http://securitytracker.com/id/1008831
CVE Reference:   CVE-2004-0055   (Links to External Site)
Date:  Jan 23 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.8.1
Description:   A vulnerability was reported in tcpdump in the processing of RADIUS packets. A remote user can cause the target tcpdump process to crash.

Jonathan Heusser reported that there is a flaw in 'print-radius.c' in the print_attr_string() function, where the 'length' and 'data' parameters are not properly validated. The report also indicates that there is a flaw in the radius_attr_print() function, where an upper limit for the 'rad_attr->len' is not defined.

A remote user can send a specially crafted RADIUS packet to cause the target process to crash.

Impact:   A remote user can crash the tcpdump process.
Solution:   Turbolinux has issued a fix.

<Turbolinux 10 Desktop>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 658d11df7263293b7d766f7ffc866ccc

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
258006 a0594a9d6fbc92401a2dc24376310a2b

<Turbolinux 8 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 c9ce45a6207351c44cc36a67a420369e

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260371 55ea9ee44cfaddffaf00185b3742c22e

<Turbolinux 8 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 23f4f97ca13382a50a7e6ddff74f15d0

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260353 3129568a7958617a3d62c31417e81c86

<Turbolinux 7 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 4b7f12431243188bfc6f5f4f0c4f31bd

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254797 76965cac8c2a72e977b15d4c89b3e70a

<Turbolinux 7 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 3c794815c4ed1d59f9e049f18cb182e3

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254840 fa1749b1872fb1ee4d691fe013901e0d

<Turbolinux Server 6.5>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 9cc994e105372927bb073fc08ec873a5

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 531cfec072bfe787250491d9f40dd26b

<Turbolinux Advanced Server 6>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 fee82ff4bf36960d651662b0eb4df445

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 18b4d244206f975580aec81cd0c29da7

<Turbolinux Server 6.1>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 b77ec7657d1f7023a4c23c4e5e36f9dd

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248953 e2966bbcbd4b1dbca887aefa68bed918

<Turbolinux Workstation 6.0>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 decc8749c84db2f28b5f3029653aa148

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248963 cce7a0508f7741046ec1e1103ef80102

Vendor URL:  www.tcpdump.org/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  Turbolinux 10 Desktop, 8 Server, 8 Workstation, 7 Server, 7 Workstation, Server 6.5, Advanced Server 6, Server 6.1, Workstation 6.0

Message History:   This archive entry is a follow-up to the message listed below.
Jan 16 2004 tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 22/Jan/2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 22/Jan/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) lftp-> Buffer overflow
 (2) tcpdump -> Multiple vulnerabilities in tcpdump

===========================================================
* lftp-> Buffer overflow
===========================================================

 More information :
    The lftp is a shell-like command line ftp client.
    A buffer overflow vulnerability was discovered in the lftp FTP client
    when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels"
    command on specially prepared directory. 

 Impact :
    The attacker could execute arbitrary code on the users machine.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u lftp
 [other]
 # zabom update lftp
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 02afd2811a68d6d2aaf35060b3424bde

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/lftp-2.6.11-1.i586.rpm
       992246 44dc20c2e19421872f53d6d662b83036

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 18d409d022849172aa87fe212d079533

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       811850 32310dab35b76e007960a6200dd9bf75

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 e5be1ebe9aa810eecc1ca2a5e8e7eded

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       812242 50b63e5c20288850a03b01ac776382bd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 75ed3f49328c0becd433220bbe61723f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       855835 3fb2038e18b0d625021cc6293afb1111

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 7fbc000da3485af428a3f4e4a49b7a55

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       856189 2ab8dc55cdeb716cc258a827a4cb9956

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 08d35dd856f4fc20d7ab6bceef4078c0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055172 f8e83b25ab05101fd0174c9a9b8cb50a

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 5e42a619b6062c174e090d0e489c1c8f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055177 859b5330881c0cc82a6cc3f9b1dd2a62

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 a49c3938c3e3f092e8f003ab2acb8e46

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055167 9e172eea0c66a78bba547814cdf63e00


 References :

 CVE
   [CAN-2003-0963]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0963


===========================================================
* tcpdump -> Multiple vulnerabilities in tcpdump
===========================================================

 More information :
    Tcpdump is a tool designed to prints out the headers of packets on a network interface.
    The buffer overflow vulnerabilities were discovered in the ISAKMP and RADIUS
    decoding routines of tcpdump.

 Impact :
    Remote attackers could potentially exploit these issues by sending
    carefully-crafted packets to a victim. 

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u tcpdump
 [other]
 # zabom update tcpdump
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 658d11df7263293b7d766f7ffc866ccc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       258006 a0594a9d6fbc92401a2dc24376310a2b

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 c9ce45a6207351c44cc36a67a420369e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260371 55ea9ee44cfaddffaf00185b3742c22e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 23f4f97ca13382a50a7e6ddff74f15d0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260353 3129568a7958617a3d62c31417e81c86

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 4b7f12431243188bfc6f5f4f0c4f31bd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254797 76965cac8c2a72e977b15d4c89b3e70a

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 3c794815c4ed1d59f9e049f18cb182e3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254840 fa1749b1872fb1ee4d691fe013901e0d

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 9cc994e105372927bb073fc08ec873a5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 531cfec072bfe787250491d9f40dd26b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 fee82ff4bf36960d651662b0eb4df445

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 18b4d244206f975580aec81cd0c29da7

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 b77ec7657d1f7023a4c23c4e5e36f9dd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248953 e2966bbcbd4b1dbca887aefa68bed918

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 decc8749c84db2f28b5f3029653aa148

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248963 cce7a0508f7741046ec1e1103ef80102


 References :

 CVE
   [CAN-2003-0989]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
   [CAN-2004-0055]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
   [CAN-2004-0057]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057

 Turbolinux Security Advisory
   [TLSA-2003-14]
   http://www.turbolinux.com/security/TLSA-2003-14.txt


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAD28eK0LzjOqIJMwRAjh9AKCEJybQKDFq++Sfdx3uutXc0ABWggCcD631
u0P8hToeuySCKqtJxYdX0jg=
=zK+N
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC