tcpdump -- denial of service

2004-04-06T00:00:00
ID DSA-478
Type debian
Reporter Debian
Modified 2004-04-06T00:00:00

Description

tcpdump, a tool for network monitoring and data acquisition, was found to contain two vulnerabilities whereby tcpdump could be caused to crash through attempts to read from invalid memory locations. This bug is triggered by certain invalid ISAKMP packets.

For the current stable distribution (woody) these problems have been fixed in version 3.6.2-2.8.

For the unstable distribution (sid), these problems have been fixed in version 3.7.2-4.

We recommend that you update your tcpdump package.