from securityfocus.com: tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Intermediate System to Intermediate System (ISIS) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging. tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue. Reproducible: Always Steps to Reproduce: I suspect that it's a duplicate of http://www.securityfocus.com/bid/13391/info/ but I'm not sure (maybe bug #13391's solution depends on this bug's solution). Anyway, an exploit for this specific security bug is available: http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump-isis-dos.c
More info: RSVP: http://www.securityfocus.com/bid/13390 LDP: http://www.securityfocus.com/bid/13389 BGP: http://www.securityfocus.com/bid/13380 Vulns: http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump+ethr-rsvp-dos.c http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump-ldp-dos.c http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump-bgp-dos.c
Correction: when I wrote "#13391", I was refering to securityfocus' number ofcourse. Gentoo's bug number about that issue is 90539 ( http://bugs.gentoo.org/show_bug.cgi?id=90539 ). Sorry.
Patches are showing up in their CVS, see for example : http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-ldp.c Given the scope of this (denying service to a packet logger), probably better to wait for their release.
It seems that Fedora released some updates that fix these problems. You might want to check http://secunia.com/advisories/15237/ Or in http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ check: 4b740bfe93581978552145842e23898d SRPMS/tcpdump-3.8.2-8.FC3.src.rpm 380ab25ad5a4908c2b8bf8461c29317a x86_64/tcpdump-3.8.2-8.FC3.x86_64.rpm e25dadaa9ab7e602ab6c9b4aee51b536 x86_64/libpcap-0.8.3-8.FC3.x86_64.rpm f0bcba7f52b8a0c10a5b11488313cb3e x86_64/arpwatch-2.1a13-8.FC3.x86_64.rpm 0f7d020a9e50561b9fbb41ccc135ab24 x86_64/debug/tcpdump-debuginfo-3.8.2-8.FC3.x86_64.rpm a50375f8e7edf7a88dea70dcb5df98c4 x86_64/libpcap-0.8.3-8.FC3.i386.rpm 031f3ec5c206b4616f2b30f4949ad345 i386/tcpdump-3.8.2-8.FC3.i386.rpm a50375f8e7edf7a88dea70dcb5df98c4 i386/libpcap-0.8.3-8.FC3.i386.rpm 7fcb261a49f062939946d84a7816b864 i386/arpwatch-2.1a13-8.FC3.i386.rpm c5006240d5c4c6e4f9c892c882a1ca7b i386/debug/tcpdump-debuginfo-3.8.2-8.FC3.i386.rpm
Ubuntu also released their fix. Netmon please provide an updated ebuild.
Created attachment 58223 [details, diff] tcpdump-3.8.3-gentoo.patch This patch is based off Debian's 50_misc_dos.dpatch. http://packages.qa.debian.org/t/tcpdump.html
Marcelo/netmon please commit an updated ebuild. Security can handle stable marking if necessary.
tcpdump-3.8.3-r2.ebuild in CVS, ready for keywording
x86 and ppc stable.
amd64 happy
sparc stable.
Stable on hppa.
ppc64 is stable
Stable on alpha + ia64.
GLSA 200505-06 mips, arm please remember to mark stable to benefit from the GLSA.
Later version already stable on mips.
