21270 – tcpdump

Bug 21270 - tcpdump

Summary: tcpdump

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-05-19 14:38 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-05-22 16:30 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-05-19 14:38:58 UTC

[RHSA-2003:174-01] Updated tcpdump packages fix privilege dropping error 
 
From:  
bugzilla@redhat.com 
 
 
To:  
redhat-watch-list@redhat.com 
 
 
Date:  
Thursday 10.03.00 
 
 
--------------------------------------------------------------------- 
                   Red Hat Security Advisory 
 
Synopsis:          Updated tcpdump packages fix privilege dropping error 
Advisory ID:       RHSA-2003:174-01 
Issue date:        2003-05-15 
Updated on:        2003-05-15 
Product:           Red Hat Linux 
Keywords:          tcpdump 
Cross references:   
Obsoletes:         RHSA-2003:032- 
CVE Names:         CAN-2003-0194 
--------------------------------------------------------------------- 
 
1. Topic: 
 
Updated tcpdump packages that correctly drop privileges on startup are now 
available. 
 
2. Relevant releases/architectures: 
 
Red Hat Linux 7.1 - i386 
Red Hat Linux 7.2 - i386, ia64 
Red Hat Linux 7.3 - i386 
Red Hat Linux 8.0 - i386 
Red Hat Linux 9 - i386 
 
3. Problem description: 
 
Tcpdump is a command-line tool for monitoring network traffic.  
 
The Red Hat tcpdump packages advertise that by default tcpdump will drop 
permissions to user 'pcap'.  Due to a compilation error this did not 
happen, and tcpdump would run as root unless the '-U' flag was specified. 
 
Users of tcpdump are advised to upgrade to these errata packages, which 
contain are compiled so that by default tcpdump will drop privileges to the 
'pcap' user. 
 
4. Solution: 
 
Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 
 
Please note that this update is available via Red Hat Network.  To use Red 
Hat Network, launch the Red Hat Update Agent with the following command: 
 
up2date 
 
This will start an interactive process that will result in the appropriate 
RPMs being upgraded on your system. 
 
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 
 
88881 - CAN-2003-0145 RADUIS tcpdump vulnerability 
90208 - CAN-2003-0194 tcpdump didn't drop root to pcap user like promised 
 
6. RPMs required: 
 
Red Hat Linux 7.1: 
 
SRPMS: 
ftp://updates.redhat.com/7.1/en/os/SRPMS/tcpdump-3.6.3-17.7.1.3.src.rpm 
 
i386: 
ftp://updates.redhat.com/7.1/en/os/i386/tcpdump-3.6.3-17.7.1.3.i386.rpm 
 
Red Hat Linux 7.2: 
 
SRPMS: 
ftp://updates.redhat.com/7.2/en/os/SRPMS/tcpdump-3.6.3-17.7.2.3.src.rpm 
 
i386: 
ftp://updates.redhat.com/7.2/en/os/i386/tcpdump-3.6.3-17.7.2.3.i386.rpm 
 
ia64: 
ftp://updates.redhat.com/7.2/en/os/ia64/tcpdump-3.6.3-17.7.2.3.ia64.rpm 
 
Red Hat Linux 7.3: 
 
SRPMS: 
ftp://updates.redhat.com/7.3/en/os/SRPMS/tcpdump-3.6.3-17.7.3.3.src.rpm 
 
i386: 
ftp://updates.redhat.com/7.3/en/os/i386/tcpdump-3.6.3-17.7.3.3.i386.rpm 
 
Red Hat Linux 8.0: 
 
SRPMS: 
ftp://updates.redhat.com/8.0/en/os/SRPMS/tcpdump-3.6.3-17.8.0.3.src.rpm 
 
i386: 
ftp://updates.redhat.com/8.0/en/os/i386/tcpdump-3.6.3-17.8.0.3.i386.rpm 
 
Red Hat Linux 9: 
 
SRPMS: 
ftp://updates.redhat.com/9/en/os/SRPMS/tcpdump-3.7.2-1.9.1.src.rpm 
 
i386: 
ftp://updates.redhat.com/9/en/os/i386/tcpdump-3.7.2-1.9.1.i386.rpm 
 
 
 
7. Verification: 
 
MD5 sum                          Package Name 
-------------------------------------------------------------------------- 
fac820eb58d79fc58d30bff1fd11f33d 7.1/en/os/SRPMS/tcpdump-3.6.3-17.7.1.3.src.rpm 
3eadddac8cdf6ae0b14e8016f651e1f0 7.1/en/os/i386/tcpdump-3.6.3-17.7.1.3.i386.rpm 
5f5c14bd0dfdaa5b0d5dbc0fb70da395 7.2/en/os/SRPMS/tcpdump-3.6.3-17.7.2.3.src.rpm 
c48e86db37c7f767ec8931ebb54fc0ae 7.2/en/os/i386/tcpdump-3.6.3-17.7.2.3.i386.rpm 
39da71bfef8520c979db8cf21c4f6781 7.2/en/os/ia64/tcpdump-3.6.3-17.7.2.3.ia64.rpm 
f9de6824ac351207bd105978eefed89d 7.3/en/os/SRPMS/tcpdump-3.6.3-17.7.3.3.src.rpm 
8d54631bf99d61090f0752f29ef51f8f 7.3/en/os/i386/tcpdump-3.6.3-17.7.3.3.i386.rpm 
67a36a50ec50a8aa2d32b2462fae653d 8.0/en/os/SRPMS/tcpdump-3.6.3-17.8.0.3.src.rpm 
afba9bea894090b9c179979403347629 8.0/en/os/i386/tcpdump-3.6.3-17.8.0.3.i386.rpm 
1b1b577c9ebfe84f735a6498140e1e7f 9/en/os/SRPMS/tcpdump-3.7.2-1.9.1.src.rpm 
6cff8bf6b2425c361eec70ba3017d82b 9/en/os/i386/tcpdump-3.7.2-1.9.1.i386.rpm 
 
 
These packages are GPG signed by Red Hat for security.  Our key is 
available at http://www.redhat.com/solutions/security/news/publickey/ 
 
You can verify each package with the following command: 
     
    rpm --checksig -v <filename> 
 
If you only wish to verify that each package has not been corrupted or 
tampered with, examine only the md5sum with the following command: 
     
    md5sum <filename> 
 
 
8. References: 
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0194 
 
9. Contact: 
 
The Red Hat security contact is <security@redhat.com>.  More contact 
details at http://www.redhat.com/solutions/security/news/contact/ 
 
Copyright 2003 Red Hat, Inc.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-05-22 16:30:59 UTC

Redhat only