drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Längenberechnung in tcpdump
Name: |
Fehlerhafte Längenberechnung in tcpdump
|
|
ID: |
CSSA-2002-050.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Mi, 20. November 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
tcpdump |
|
Originalnachricht |
--tcC6YSqBgqqkz7Sb Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: tcpdump denial-of-service in print-bgp.c Advisory number: CSSA-2002-050.0 Issue date: 2002 November 19 Cross reference: ______________________________________________________________________________
1. Problem Description
There is a miscalculation in the use of the sizeof operator in tcpdump, allowing, at the least, a denial-of-service attack.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1.1 Workstation prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1 Server prior to tcpdump-3.6.2-4.i386.rpm
OpenLinux 3.1 Workstation prior to tcpdump-3.6.2-4.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-050.0/RPMS
4.2 Packages
88099679d803eb7f1583f99ccaa68fed tcpdump-3.6.2-4.i386.rpm
4.3 Installation
rpm -Fvh tcpdump-3.6.2-4.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-050.0/SRPMS
4.5 Source Packages
098cc3870c3f665a0d8ca1ab33bd3aca tcpdump-3.6.2-4.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-050.0/RPMS
5.2 Packages
45db66a34637547e551b5c6617a96146 tcpdump-3.6.2-4.i386.rpm
5.3 Installation
rpm -Fvh tcpdump-3.6.2-4.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
debcc7c371ef1857da6cf5beb2c9fb99 tcpdump-3.6.2-4.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-050.0/RPMS
6.2 Packages
890d010599a09f88ab2264e3c737e8b8 tcpdump-3.6.2-4.i386.rpm
6.3 Installation
rpm -Fvh tcpdump-3.6.2-4.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-050.0/SRPMS
6.5 Source Packages
57282f9d95d4ac217472b37e1e4424ca tcpdump-3.6.2-4.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-050.0/RPMS
7.2 Packages
2e80f4e77cee7899bfbfc7c0552da424 tcpdump-3.6.2-4.i386.rpm
7.3 Installation
rpm -Fvh tcpdump-3.6.2-4.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-050.0/SRPMS
7.5 Source Packages
d16939d580b36f127b12693548f17655 tcpdump-3.6.2-4.src.rpm
8. References
Specific references for this advisory: none
SCO security resources: http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr869390, fz526125, erg712131.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
______________________________________________________________________________
--tcC6YSqBgqqkz7Sb Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj3az3MACgkQbluZssSXDTEaKwCgjMbH5Qod/9oWQJtuik3IOIz9 7akAn0l4C9qRzatPqJW9dRnPlMHsZvr5 =O4ik -----END PGP SIGNATURE-----
--tcC6YSqBgqqkz7Sb--
|
|
|
|