SuseSUSE-SA:2000:46remote denial of service in tcpdump
EPSS
Percentile
87.2%
tcpdump is a widespread network/packet analysis tool, also known as a packet sniffer, used in unix/unix-like environment. Several overflowable buffers have been found in SuSE’s version of tcpdump that could allow a remote attacker to crash the local tcpdump process. Since tcpdump may be used in combination with intrusion detection systems, a crashed tcpdump process may disable the network monitoring system as a whole. The FreeBSD team who found these vulnerabilities also reported that tcpdump’s portion of code that can decode AFS ACL (AFS=Andrew File System, a network filesystem, ACL=Access Control List) packets is vulnerable to a (remotely exploitable) buffer overrun attack that could allow a remote attacker to execute arbitrary commands as root since the tcpdump program usually requires root privileges to gain access to the raw network socket. The versions of tcpdump as shipped with SuSE distributions do not contain the AFS packet decoding capability and are therefore not vulnerable to this second form of attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.0 | sparc | tcpdump | < 3.4a6-280 | tcpdump-3.4a6-280.sparc.rpm |
| openSUSE | 7.0 | i386 | tcpdump | < 3.4a6-280 | tcpdump-3.4a6-280.i386.rpm |
| openSUSE | 6.4 | alpha | libpcapn | < 0.4a6-279 | libpcapn-0.4a6-279.alpha.rpm |
| openSUSE | 6.3 | alpha | tcpdump | < 3.4a6-281 | tcpdump-3.4a6-281.alpha.rpm |
| openSUSE | 6.1 | i386 | libpcapn | < 0.4a6-279 | libpcapn-0.4a6-279.i386.rpm |
| openSUSE | 6.4 | i386 | libpcapn | < 0.4a6-279 | libpcapn-0.4a6-279.i386.rpm |
| openSUSE | 6.4 | i386 | tcpdump | < 3.4a6-280 | tcpdump-3.4a6-280.i386.rpm |
| openSUSE | 6.2 | i386 | tcpdump | < 3.4a6-280 | tcpdump-3.4a6-280.i386.rpm |
| openSUSE | 6.3 | i386 | libpcapn | < 0.4a6-279 | libpcapn-0.4a6-279.i386.rpm |
| openSUSE | 6.3 | alpha | libpcapn | < 0.4a6-280 | libpcapn-0.4a6-280.alpha.rpm |
Related
