tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
BID:22772
Info
tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22772 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1218 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2007 12:00AM |
| Updated: | Jun 23 2009 05:59PM |
| Credit: | Moritz Jodeit is credited with discovering this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 tcpdump tcpdump 3.9.6 tcpdump tcpdump 3.9.5 tcpdump tcpdump 3.9.4 tcpdump tcpdump 3.9.1 tcpdump tcpdump 3.8.3 tcpdump tcpdump 3.6.2 Redhat Fedora Core6 Redhat Fedora Core5 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Pardus Linux 2007.1 NetBSD NetBSD Current NetBSD NetBSD 4.0 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.4.11 |
| Not Vulnerable: | |
Discussion
tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
Exploit / POC
Solution / Fix
tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
Solution:
The vendor released released a fix in the CVS head and in the 'tcpdump_3_9' branch. Please see the references for more information.
Redhat Fedora Core6
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
tcpdump tcpdump 3.8.3
tcpdump tcpdump 3.9.1
tcpdump tcpdump 3.9.4
tcpdump tcpdump 3.9.5
Solution:
The vendor released released a fix in the CVS head and in the 'tcpdump_3_9' branch. Please see the references for more information.
Redhat Fedora Core6
-
RedHat Fedora arpwatch-2.1a13-15.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora arpwatch-2.1a13-15.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora arpwatch-2.1a13-15.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora arpwatch-2.1a13-17.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora arpwatch-2.1a13-17.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora arpwatch-2.1a13-17.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-0.9.4-10.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-0.9.4-10.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-0.9.4-10.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-0.9.4-4.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora libpcap-0.9.4-4.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora libpcap-0.9.4-4.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora libpcap-devel-0.9.4-10.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-devel-0.9.4-10.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora libpcap-devel-0.9.4-10.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-3.9.4-10.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-3.9.4-10.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-3.9.4-10.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-3.9.4-4.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora tcpdump-3.9.4-4.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora tcpdump-3.9.4-4.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-10.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-10.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-10.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-4.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-4.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora tcpdump-debuginfo-3.9.4-4.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
Apple Mac OS X 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
tcpdump tcpdump 3.8.3
-
Turbolinux tcpdump-3.9.1-2.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/tcpdump-3.9.1-2.x86_64.rpm
tcpdump tcpdump 3.9.1
-
Ubuntu tcpdump_3.9.1-1ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_amd64.deb -
Ubuntu tcpdump_3.9.1-1ubuntu1.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_i386.deb -
Ubuntu tcpdump_3.9.1-1ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_powerpc.deb -
Ubuntu tcpdump_3.9.1-1ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_powerpc.deb -
Ubuntu tcpdump_3.9.1-1ubuntu1.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_sparc.deb -
Ubuntu tcpdump_3.9.1-1ubuntu1.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1u buntu1.1_sparc.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_amd64.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_i386.deb
tcpdump tcpdump 3.9.4
-
Ubuntu tcpdump_3.9.4-2ubuntu0.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_amd64.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_amd64.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_i386.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_i386.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_powerpc.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_powerpc.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_sparc.deb -
Ubuntu tcpdump_3.9.4-2ubuntu0.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2u buntu0.1_sparc.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_amd64.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_amd64.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_i386.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_i386.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_powerpc.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_powerpc.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_sparc.deb -
Ubuntu tcpdump_3.9.4-4ubuntu0.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4u buntu0.1_sparc.deb
tcpdump tcpdump 3.9.5
-
tcpdump print-802_11.c
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r 2=1.43
References
tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability
References:
References:
- tcpdump Homepage (tcpdump)
- RHSA-2007:0368-4 tcpdump security and bug fix update (Red Hat)
- RHSA-2007:0387 Moderate: tcpdump security and bug fix update (Red Hat)