Search...

[SECURITY] [DSA-206-1] tcpdump BGP decoding error

2002-12-11T00:00:00

ID SECURITYVULNS:DOC:3857
Type securityvulns
Reporter Securityvulns
Modified 2002-12-11T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-206-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman December 10, 2002

Package : tcpdump Problem type : incorrect bounds checking Debian-specific: no

The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.

This has been fixed in version 3.6.2-2.2.

Obtaining updates:

By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file.

With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages at http://www.debian.org/security/

Debian GNU/Linux 3.0 alias woody

Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
  Size/MD5 checksum:     1284 be78c7328fcd439fe7eedf6a54894b28
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
  Size/MD5 checksum:   380635 6bc8da35f9eed4e675bfdf04ce312248
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
  Size/MD5 checksum:     8956 a07ace8578ec5555c87cbfd1faba8ecd

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
  Size/MD5 checksum:   213458 72603d37a351d08dfa7af4ab13e6301f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
  Size/MD5 checksum:   179464 adb31a1747c0df1f1113454afb3a85f8

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
  Size/MD5 checksum:   192892 28680f059cab0987ee313b672aa2edca

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
  Size/MD5 checksum:   169360 f303ec8777785c742a29469e49a9c63a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
  Size/MD5 checksum:   246776 889eb67d84ef3500239a1ad7a721dd9e

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
  Size/MD5 checksum:   157340 69ceb0d17d5e9ffca079b0bd7a18d489

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
  Size/MD5 checksum:   188714 dbbe0d4eec80daa0f74b83c877064b87

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
  Size/MD5 checksum:   176706 5121aa3b8891d1030d1924f1328efcdf

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
  Size/MD5 checksum:   172534 1b2b2834af69c169893b5dee4b21eec3

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
  Size/MD5 checksum:   179076 31a8382615ac8707b9346bfa9b1d615a

Debian Security team <team@security.debian.org> http://www.debian.org/security/ Mailing-List: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE99m2RPLiSUC+jvC0RAgQwAJ9g72gzFPfdTVvTfhyX/5wb3H1fiQCfSZhu /YTIMzeIfa1gS4sshBSjcME= =FK7j -----END PGP SIGNATURE-----

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:3857", "bulletinFamily": "software", "title": "[SECURITY] [DSA-206-1] tcpdump BGP decoding error", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-206-1 security@debian.org\r\nhttp://www.debian.org/security/ Wichert Akkerman\r\nDecember 10, 2002\r\n- ------------------------------------------------------------------------\r\n\r\n\r\nPackage : tcpdump\r\nProblem type : incorrect bounds checking\r\nDebian-specific: no\r\n\r\nThe BGP decoding routines for tcpdump used incorrect bounds checking\r\nwhen copying data. This could be abused by introducing malicious traffic\r\non a sniffed network for a denial of service attack against tcpdump,\r\nor possibly even remote code execution.\r\n\r\nThis has been fixed in version 3.6.2-2.2.\r\n\r\n\r\n- ------------------------------------------------------------------------\r\n\r\nObtaining updates:\r\n\r\n By hand:\r\n wget URL\r\n will fetch the file for you.\r\n dpkg -i FILENAME.deb\r\n will install the fetched file.\r\n\r\n With apt:\r\n deb http://security.debian.org/ stable/updates main\r\n added to /etc/apt/sources.list will provide security updates\r\n\r\nAdditional information can be found on the Debian security webpages\r\nat http://www.debian.org/security/\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,\r\n powerpc, s390 and sparc.\r\n\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc\r\n Size/MD5 checksum: 1284 be78c7328fcd439fe7eedf6a54894b28\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz\r\n Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz\r\n Size/MD5 checksum: 8956 a07ace8578ec5555c87cbfd1faba8ecd\r\n\r\n alpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb\r\n Size/MD5 checksum: 213458 72603d37a351d08dfa7af4ab13e6301f\r\n\r\n arm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb\r\n Size/MD5 checksum: 179464 adb31a1747c0df1f1113454afb3a85f8\r\n\r\n hppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb\r\n Size/MD5 checksum: 192892 28680f059cab0987ee313b672aa2edca\r\n\r\n i386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb\r\n Size/MD5 checksum: 169360 f303ec8777785c742a29469e49a9c63a\r\n\r\n ia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb\r\n Size/MD5 checksum: 246776 889eb67d84ef3500239a1ad7a721dd9e\r\n\r\n m68k architecture (Motorola Mc680x0)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb\r\n Size/MD5 checksum: 157340 69ceb0d17d5e9ffca079b0bd7a18d489\r\n\r\n mips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb\r\n Size/MD5 checksum: 188714 dbbe0d4eec80daa0f74b83c877064b87\r\n\r\n powerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb\r\n Size/MD5 checksum: 176706 5121aa3b8891d1030d1924f1328efcdf\r\n\r\n s390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb\r\n Size/MD5 checksum: 172534 1b2b2834af69c169893b5dee4b21eec3\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb\r\n Size/MD5 checksum: 179076 31a8382615ac8707b9346bfa9b1d615a\r\n\r\n- -- \r\n- ----------------------------------------------------------------------------\r\nDebian Security team <team@security.debian.org>\r\nhttp://www.debian.org/security/\r\nMailing-List: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.1 (GNU/Linux)\r\n\r\niD8DBQE99m2RPLiSUC+jvC0RAgQwAJ9g72gzFPfdTVvTfhyX/5wb3H1fiQCfSZhu\r\n/YTIMzeIfa1gS4sshBSjcME=\r\n=FK7j\r\n-----END PGP SIGNATURE-----\r\n", "published": "2002-12-11T00:00:00", "modified": "2002-12-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3857", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:06", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 3.0, "vector": "NONE", "modified": "2018-08-31T11:10:06", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:06", "rev": 2}, "vulnersScore": 3.0}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **196[.]196.160.223** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 57858: (First IP 196.196.160.0, Last IP 196.196.160.255).\nASN Name \"AS57858\" and Organisation \"\".\nASN hosts 6848 domains.\nGEO IP information: City \"Rome\", Country \"Italy\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:279184A8-3857-3CA4-9454-30E0C53C9B36", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 196.196.160.223", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **redbookmagherblog[.]eu** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:989AC203-9D28-3857-9D98-79025180D06A", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: redbookmagherblog.eu", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **naturaweek[.]com.br** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:5F30D080-E9AC-3857-B781-0DE6A21D6134", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: naturaweek.com.br", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **vacancy-travel[.]co.uk** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:3B4F7621-3CE4-3857-824B-464C29DF717F", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: vacancy-travel.co.uk", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **smartsolutionmail[.]technology** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 23[.]202.231.167,23.217.138.108\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:457472DA-519E-3857-8F29-05560A164C53", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: smartsolutionmail.technology", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **xn--d1acuidk[.]xn--p1ai** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:5D3820F3-1BED-3857-8822-CFAC1D2B1446", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: xn--d1acuidk.xn--p1ai", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **180[.]149.126.36** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-05-06T03:00:00, Last seen: 2021-02-21T03:00:00.\n IOC tags: **generic**.\nASN 45204: (First IP 180.149.98.0, Last IP 180.149.127.255).\nASN Name \"GEMNETMN\" and Organisation \"GEMNET LLC\".\nASN hosts 22 domains.\nGEO IP information: City \"\", Country \"Mongolia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-05-06T00:00:00", "id": "RST:3DDE1339-DCF6-3857-B7FF-90839C2B0A20", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 180.149.126.36", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **193[.]218.118.95** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **9**.\n First seen: 2020-11-10T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 207656: (First IP 193.218.118.0, Last IP 193.218.119.255).\nASN Name \"EPINATURA\" and Organisation \"\".\nASN hosts 16 domains.\nGEO IP information: City \"Kyiv\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-10T00:00:00", "id": "RST:DD056844-7EEA-3857-82B5-DF5615879277", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 193.218.118.95", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **194[.]15.36.10** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-07-25T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **generic**.\nASN 24961: (First IP 194.15.36.0, Last IP 194.15.36.255).\nASN Name \"MYLOCAS\" and Organisation \"\".\nASN hosts 191703 domains.\nGEO IP information: City \"\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-25T00:00:00", "id": "RST:5C8BE8AE-3773-3857-ABF2-B94F7C85629D", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 194.15.36.10", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **191[.]253.50.134** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **46**.\n First seen: 2021-02-25T03:00:00, Last seen: 2021-02-27T03:00:00.\n IOC tags: **shellprobe**.\nASN 263525: (First IP 191.253.48.0, Last IP 191.253.52.255).\nASN Name \"\" and Organisation \"Dispor de Telecomunicaes Ltda\".\nASN hosts 3 domains.\nGEO IP information: City \"So Paulo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-25T00:00:00", "id": "RST:1C1D0524-7F88-3857-BA78-5C89358B2F60", "href": "", "published": "2021-02-28T00:00:00", "title": "RST Threat feed. IOC: 191.253.50.134", "type": "rst", "cvss": {}}]}