Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-151.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : tcpdump (RHSA-2003:151)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Updated tcpdump packages that fix an infinite loop vulnerability and drop privileges on startup are now available.

Tcpdump is a command-line tool for monitoring network traffic.

A vulnerability exists in tcpdump before 3.7.2 and is related to an inability to handle unknown RADIUS attributes properly. This vulnerability allows remote attackers to cause a denial of service (infinite loop).

The Red Hat tcpdump packages advertise that, by default, tcpdump will drop privileges to user ‘pcap’. Due to a compilation error this did not happen, and tcpdump would run as root unless the ‘-U’ flag was specified.

Users of tcpdump are advised to upgrade to these errata packages, which contain a patch correcting the RADIUS issue and are compiled so that by default tcpdump will drop privileges to the ‘pcap’ user.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:151. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12392);
  script_version("1.28");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0145", "CVE-2003-0194");
  script_xref(name:"RHSA", value:"2003:151");

  script_name(english:"RHEL 2.1 : tcpdump (RHSA-2003:151)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated tcpdump packages that fix an infinite loop vulnerability and
drop privileges on startup are now available.

Tcpdump is a command-line tool for monitoring network traffic.

A vulnerability exists in tcpdump before 3.7.2 and is related to an
inability to handle unknown RADIUS attributes properly. This
vulnerability allows remote attackers to cause a denial of service
(infinite loop).

The Red Hat tcpdump packages advertise that, by default, tcpdump will
drop privileges to user 'pcap'. Due to a compilation error this did
not happen, and tcpdump would run as root unless the '-U' flag was
specified.

Users of tcpdump are advised to upgrade to these errata packages,
which contain a patch correcting the RADIUS issue and are compiled so
that by default tcpdump will drop privileges to the 'pcap' user."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0145"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0194"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.tcpdump.org/tcpdump-changes.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:151"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected arpwatch, libpcap and / or tcpdump packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arpwatch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpcap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tcpdump");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:151";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arpwatch-2.1a11-12.2.1AS.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpcap-0.6.2-12.2.1AS.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tcpdump-3.6.2-12.2.1AS.4")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arpwatch / libpcap / tcpdump");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxarpwatchp-cpe:/a:redhat:enterprise_linux:arpwatch
redhatenterprise_linuxlibpcapp-cpe:/a:redhat:enterprise_linux:libpcap
redhatenterprise_linuxtcpdumpp-cpe:/a:redhat:enterprise_linux:tcpdump
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

redhat 1
debiancve 2
cve 2
nessus 2
osv 1
redhat
redhat
(RHSA-2003:151) tcpdump security update
2003-06-09 00:00:00
debiancve
debiancve
CVE-2003-0194
2003-06-09 04:00:00
CVE-2003-0145
2003-03-31 05:00:00
cve
cve
CVE-2003-0194
2003-06-09 04:00:00
CVE-2003-0145
2003-03-31 05:00:00
nessus
nessus
Debian DSA-261-1 : tcpdump - infinite loop
2004-09-29 00:00:00
Mandrake Linux Security Advisory : tcpdump (MDKSA-2003:027)
2004-07-31 00:00:00
osv
osv
tcpdump - infinite loop
2003-03-14 00:00:00
JSON
Related for REDHAT-RHSA-2003-151.NASL
redhat1debiancve2cve2nessus2osv1