|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200404-03] Tcpdump Vulnerabilities in ISAKMP Parsing Vulnerability Scan
Vulnerability Scan Summary Tcpdump Vulnerabilities in ISAKMP Parsing
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200404-03
(Tcpdump Vulnerabilities in ISAKMP Parsing)
There are two specific vulnerabilities in tcpdump, outlined in [ reference
1 ]. In the first scenario, a possible hacker may send a specially-crafted ISAKMP
Delete packet which causes tcpdump to read past the end of its buffer. In
the second scenario, a possible hacker may send an ISAKMP packet with the wrong
payload length, again causing tcpdump to read past the end of a buffer.
Impact
Remote attackers could potentially cause tcpdump to crash or execute
arbitrary code as the 'pcap' user.
Workaround
There is no known workaround at this time. All tcpdump users are encouraged
to upgrade to the latest available version.
References:
http://www.rapid7.com/advisories/R7-0017.html
http://rhn.redhat.com/errata/RHSA-2004-008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0989
Solution:
All tcpdump users should upgrade to the latest available version.
ADDITIONALLY, the net-libs/libpcap package should be upgraded.
# emerge sync
# emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
# emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|