Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-141-1] tcpdump vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-141-1] tcpdump vulnerability
Date: Tue, 21 Jun 2005 15:47:57 +0200 
===========================================================
Ubuntu Security Notice USN-141-1              June 21, 2005
tcpdump vulnerability
CAN-2005-1267
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

tcpdump

The problem can be corrected by upgrading the affected package to
version 3.8.3-3ubuntu0.3 (for Ubuntu 4.10), or 3.8.3-3ubuntu0.4 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that certain invalid BGP packets triggered an
infinite loop in tcpdump, which caused tcpdump to stop working. This
could be abused by a remote attacker to bypass tcpdump analysis of
network traffic.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3.diff.gz
      Size/MD5:    10896 4702377c3189048522d6c001c9bc6f20
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3.dsc
      Size/MD5:      672 59625b40bdce1e52cdef6f04845f9af2
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
      Size/MD5:   567116 30645001f4b97019677cad88d3811904

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_amd64.deb
      Size/MD5:   255700 0cd4c99be36a5cb2cb90397ae61678fe

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_i386.deb
      Size/MD5:   234606 d4d65d97e0bc543f163fd3d69dc5f9bb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_powerpc.deb
      Size/MD5:   245540 7f674bb7675833678023d791a3b5cecb

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4.diff.gz
      Size/MD5:    10932 426d64f415eb78d225f952126d37d149
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4.dsc
      Size/MD5:      672 106d0e1f304bfac046cb5ee92178d03c
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
      Size/MD5:   567116 30645001f4b97019677cad88d3811904

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_amd64.deb
      Size/MD5:   255684 1b772031ea02ddc34540d57c2e887fad

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_i386.deb
      Size/MD5:   234620 1e9c285b47b0639cfa32085665b430aa

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_powerpc.deb
      Size/MD5:   245566 537c353da73354ba16cef78f2d77e5e9

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-141-1] tcpdump vulnerability, Martin Pitt <=
Previous by Date:  Re: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter, class
Next by Date:  [Full-disclosure] [USN-142-1] sudo vulnerability, Martin Pitt
Previous by Thread:  [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter, RaMatkal
Next by Thread:  [Full-disclosure] [USN-142-1] sudo vulnerability, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]