To: bugtraqat_private announceat_private security-alertsat_private ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: tcpdump AFS RPC and NFS packet vulnerabilities Advisory number: CSSA-2002-025.0 Issue date: 2002 June 04 Cross reference: ______________________________________________________________________________ 1. Problem Description The tcpdump program is vulnerable to several buffer overflows, the most serious of which are problems with the decoding of AFS RPC packets and the handling of malformed NFS packets. These may allow a remote attacker to cause arbitrary instructions to be executed with the privileges of the tcpdump process (usually root). 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to tcpdump-3.6.2-2.i386.rpm OpenLinux 3.1.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm OpenLinux 3.1 Server prior to tcpdump-3.6.2-2.i386.rpm OpenLinux 3.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages 86ebdc7304a9474350d6347de67cd801 tcpdump-3.6.2-2.i386.rpm 4.3 Installation rpm -Fvh tcpdump-3.6.2-2.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages 04af4439b8f027dde02b8da4799553ea tcpdump-3.6.2-2.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS 5.2 Packages da485437a978837b8371ee381c548613 tcpdump-3.6.2-2.i386.rpm 5.3 Installation rpm -Fvh tcpdump-3.6.2-2.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 5.5 Source Packages e039c224157657ee9071e3546e6e23ca tcpdump-3.6.2-2.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 6.2 Packages 2909f321142349e7028c932e90c9890f tcpdump-3.6.2-2.i386.rpm 6.3 Installation rpm -Fvh tcpdump-3.6.2-2.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 6.5 Source Packages 53a7e1f96bced55a4c4b9a36984be8bd tcpdump-3.6.2-2.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 7.2 Packages b41c99ae95269862ee89508c00b84272 tcpdump-3.6.2-2.i386.rpm 7.3 Installation rpm -Fvh tcpdump-3.6.2-2.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 7.5 Source Packages 11ce6a0534493de576802e68c1841f76 tcpdump-3.6.2-2.src.rpm 8. References Specific references for this advisory: http://www.tcpdump.org/ http://www.ciac.org/ciac/bulletins/l-015.shtml ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Caldera security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr863999, fz520911, erg712040. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements Nick Cleaton reported the AFS RPC vulnerability. David Woodhouse of Red Hat reported the NFS packet vulnerability. The rest of the vulnerabilities were discoverd by an internal security audit by the FreeBSD team. ______________________________________________________________________________
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 13:20:43 PDT