tcpdump AFS ACL Packet Buffer Overflow Vulnerability
BID:1870
Info
tcpdump AFS ACL Packet Buffer Overflow Vulnerability
| Bugtraq ID: | 1870 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2000 12:00AM |
| Updated: | Oct 31 2000 12:00AM |
| Credit: | First published in FreeBSD Advisory FreeBSD-SA-00:61posted to Bugtraq on Oct 31, 2000. |
| Vulnerable: |
LBL tcpdump 3.5 alpha LBL tcpdump 3.5 LBL tcpdump 3.4 a6 LBL tcpdump 3.4 |
| Not Vulnerable: | |
Exploit / POC
tcpdump AFS ACL Packet Buffer Overflow Vulnerability
Zhodiac <[email protected]> has made this exploit available:
Zhodiac <[email protected]> has made this exploit available:
Solution / Fix
tcpdump AFS ACL Packet Buffer Overflow Vulnerability
Solution:
Debian has provided several patches. See the advisory for more information on installation.
The FreeBSD advisory regarding this vulnerability (FreeBSD-SA-00:61) offered the following possible solutions:
1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
3.5.1-STABLE after the respective correction dates.
2a) FreeBSD 3.x systems prior to the correction date
Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc
# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install
2b) FreeBSD 4.x systems prior to the correction date
Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install
LBL tcpdump 3.4 a6
LBL tcpdump 3.4
LBL tcpdump 3.5
Solution:
Debian has provided several patches. See the advisory for more information on installation.
The FreeBSD advisory regarding this vulnerability (FreeBSD-SA-00:61) offered the following possible solutions:
1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
3.5.1-STABLE after the respective correction dates.
2a) FreeBSD 3.x systems prior to the correction date
Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc
# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install
2b) FreeBSD 4.x systems prior to the correction date
Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install
LBL tcpdump 3.4 a6
-
S.u.S.E. 6.0 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 6.0 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 6.1 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 6.1 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 6.2 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/6.2/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 6.2 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 6.3 Alpha libpcapn-0.4a6-280
ftp://ftp.suse.com/pub/suse/axp/update/6.3/d1/libpcapn-0.4a6-280.alpha .rpm -
S.u.S.E. 6.3 Alpha tcpdump-3.4a6-281
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/tcpdump-3.4a6-281.alpha. rpm -
S.u.S.E. 6.3 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 6.3 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 6.4 Alpha libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libpcapn-0.4a6-279.alpha .rpm -
S.u.S.E. 6.4 Alpha tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-280.alpha. rpm -
S.u.S.E. 6.4 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 6.4 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 6.4 ppc libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/d1/libpcapn-0.4a6-279.ppc.r pm -
S.u.S.E. 6.4 ppc tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-280.ppc.rp m -
S.u.S.E. 7.0 i386 libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libpcapn-0.4a6-279.i386 .rpm -
S.u.S.E. 7.0 i386 tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/tcpdump-3.4a6-280.i386. rpm -
S.u.S.E. 7.0 ppc libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/libpcapn-0.4a6-279.ppc.r pm -
S.u.S.E. 7.0 ppc tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-280.ppc.rp m -
S.u.S.E. 7.0 Sparc libpcapn-0.4a6-279
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libpcapn-0.4a6-279.spa rc.rpm -
S.u.S.E. 7.0 Sparc tcpdump-3.4a6-280
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-280.spar c.rpm -
S.u.S.E. tcpdump-3.4a6-315.ppc.rpm
S.u.S.E. Linux 6.4 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-315.ppc.rp m -
S.u.S.E. tcpdump-3.4a6-315.src.rpm
S.u.S.E. Linux 6.4 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tcpdump-3.4a6-315.src.r pm -
S.u.S.E. tcpdump-3.4a6-316.ppc.rpm
S.u.S.E. Linux 7.0 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-316.ppc.rp m -
S.u.S.E. tcpdump-3.4a6-316.src.rpm
S.u.S.E. Linux 7.0 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/tcpdump-3.4a6-316.src.r pm -
S.u.S.E. tcpdump-3.4a6-317.ppc.rpm
S.u.S.E. Linux 7.1 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/tcpdump-3.4a6-317.ppc.rp m -
S.u.S.E. tcpdump-3.4a6-317.src.rpm
S.u.S.E. Linux 7.1 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/tcpdump-3.4a6-317.src.r pm -
S.u.S.E. tcpdump-3.4a6-318.sparc.rpm
S.u.S.E. Linux 7.0 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-318.spar c.rpm -
S.u.S.E. tcpdump-3.4a6-318.sparc.rpm
S.u.S.E. Linux 7.1 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/tcpdump-3.4a6-318.spar c.rpm -
S.u.S.E. tcpdump-3.4a6-318.src.rpm
S.u.S.E. Linux 7.0 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/tcpdump-3.4a6-318.src .rpm -
S.u.S.E. tcpdump-3.4a6-318.src.rpm
S.u.S.E. Linux 7.1 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/tcpdump-3.4a6-318.src .rpm -
S.u.S.E. tcpdump-3.4a6-329.alpha.rpm
S.u.S.E. Linux 7.1 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/tcpdump-3.4a6-329.alpha. rpm -
S.u.S.E. tcpdump-3.4a6-329.src.rpm
S.u.S.E. Linux 7.1 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/tcpdump-3.4a6-329.src.r pm -
S.u.S.E. tcpdump-3.4a6-330.alpha.rpm
S.u.S.E. Linux 6.4 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-330.alpha. rpm -
S.u.S.E. tcpdump-3.4a6-330.alpha.rpm
S.u.S.E. Linux 7.0 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/tcpdump-3.4a6-330.alpha. rpm -
S.u.S.E. tcpdump-3.4a6-330.src.rpm
S.u.S.E. Linux 6.4 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tcpdump-3.4a6-330.src.r pm -
S.u.S.E. tcpdump-3.4a6-330.src.rpm
S.u.S.E. Linux 7.0 Alpha.
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/tcpdump-3.4a6-330.src.r pm -
S.u.S.E. tcpdump-3.4a6-372.i386.rpm
S.u.S.E. Linux 6.4 i386.
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-372.i386. rpm -
S.u.S.E. tcpdump-3.4a6-372.src.rpm
S.u.S.E. Linux 6.4 i386.
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tcpdump-3.4a6-372.src. rpm -
S.u.S.E. tcpdump-3.4a6-374.src.rpm
S.u.S.E. Linux 7.0 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/tcpdump-3.4a6-374.src. rpm -
S.u.S.E. tcpdump-3.4a6-375.i386.rpm
S.u.S.E. Linux 7.1 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/tcpdump-3.4a6-375.i386. rpm -
S.u.S.E. tcpdump-3.4a6-375.src.rpm
S.u.S.E. Linux 7.1 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/tcpdump-3.4a6-375.src. rpm -
S.u.S.E. tcpdump-3.4a6-376.i386.rpm
S.u.S.E. Linux 7.2 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/tcpdump-3.4a6-376.i386. rpm -
S.u.S.E. tcpdump-3.4a6-376.src.rpm
S.u.S.E. Linux 7.2 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/tcpdump-3.4a6-376.src. rpm -
S.u.S.E. tcpdump-3.6.2-58.sparc.rpm
S.u.S.E. Linux 7.3 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/tcpdump-3.6.2-58.sparc .rpm -
S.u.S.E. tcpdump-3.6.2-58.src.rpm
S.u.S.E. Linux 7.3 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/tcpdump-3.6.2-58.src. rpm
LBL tcpdump 3.4
-
Debian tcpdump 3.4a6-4.2 alpha
http://security.debian.org/dists/stable/updates/main/binary-alpha/tcpd ump_3.4a6-4.2_alpha.deb -
Debian tcpdump 3.4a6-4.2 ARM
http://security.debian.org/dists/stable/updates/main/binary-arm/tcpdum p_3.4a6-4.2_arm.deb -
Debian tcpdump 3.4a6-4.2 Intel
http://security.debian.org/dists/stable/updates/main/binary-i386/tcpdu mp_3.4a6-4.2_i386.deb -
Debian tcpdump 3.4a6-4.2 M68k
http://security.debian.org/dists/stable/updates/main/binary-m68k/tcpdu mp_3.4a6-4.2_m68k.deb -
Debian tcpdump 3.4a6-4.2 PPC
http://security.debian.org/dists/stable/updates/main/binary-powerpc/tc pdump_3.4a6-4.2_powerpc.deb -
Debian tcpdump 3.4a6-4.2 Sparc
http://security.debian.org/dists/stable/updates/main/binary-sparc/tcpd ump_3.4a6-4.2_sparc.deb -
Mandrake 1.0.1 i586 tcpdump-3.6.2-1.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /tcpdump-3.6.2-1.2mdk.i586.rpm -
Mandrake 7.1 i586 tcpdump-3.6.2-1.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/t cpdump-3.6.2-1.2mdk.i586.rpm -
Mandrake 7.2 i586 tcpdump-3.6.2-1.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/t cpdump-3.6.2-1.1mdk.i586.rpm -
Mandrake 8.0 i586 tcpdump-3.6.2-1.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/8.0/RPMS/t cpdump-3.6.2-1.1mdk.i586.rpm -
Mandrake snf7.2 i586 tcpdump-3.6.2-1.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/snf7.2/RPM S/tcpdump-3.6.2-1.1mdk.i586.rpm
LBL tcpdump 3.5
-
S.u.S.E. tcpdump-3.6.2-189.ppc.rpm
S.u.S.E. Linux 7.3 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/tcpdump-3.6.2-189.ppc.rp m -
S.u.S.E. tcpdump-3.6.2-189.src.rpm
S.u.S.E. Linux 7.3 PPC.
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/tcpdump-3.6.2-189.src.r pm -
S.u.S.E. tcpdump-3.6.2-300.i386.rpm
S.u.S.E. Linux 7.3 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/tcpdump-3.6.2-300.i386. rpm -
S.u.S.E. tcpdump-3.6.2-300.i386.rpm
S.u.S.E. Linux 8.0 i386.
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-300.i386. rpm -
S.u.S.E. tcpdump-3.6.2-300.src.rpm
S.u.S.E. Linux 7.3 i386.
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/tcpdump-3.6.2-300.src. rpm -
S.u.S.E. tcpdump-3.6.2-300.src.rpm
S.u.S.E. Linux 8.0 i386.
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/tcpdump-3.6.2-300.src. rpm -
S.u.S.E. tcpdump-3.6.2-58.sparc.rpm
S.u.S.E. Linux 7.3 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/tcpdump-3.6.2-58.sparc .rpm -
S.u.S.E. tcpdump-3.6.2-58.src.rpm
S.u.S.E. Linux 7.3 Sparc.
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/tcpdump-3.6.2-58.src. rpm