Executive Summary
Summary | |
---|---|
Title | tcpdump security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0387 | First vendor Publication | 2007-11-15 |
Vendor | RedHat | Last vendor Modification | 2007-11-15 |
Severity (Vendor) | Moderate | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated tcpdump packages that fix a security issue and functionality bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Tcpdump is a command line tool for monitoring network traffic. Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. An attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session if a certain link type was explicitly specified. (CVE-2007-1218) An integer overflow flaw was found in tcpdump's BGP processing code. An attacker could execute arbitrary code with the privilege of the pcap user by injecting a crafted frame onto the network. (CVE-2007-3798) In addition, the following bugs have been addressed: * if called with -C and -W switches, tcpdump would create the first savefile with the privileges of the user that executed tcpdump (usually root), rather than with ones of the pcap user. This could result in the inability to save the complete traffic log file properly without the immediate notice of the user running tcpdump. * the arpwatch service initialization script would exit prematurely, returning a successful exit status incorrectly and preventing the status command from running in case networking is not available. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 214377 - tcpdump gives 'permission denied' at 2nd file when dumping to >1 file 232519 - CVE-2007-1218 tcpdump denial of service 250275 - CVE-2007-3798 tcpdump BGP integer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0387.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-30 | Hijacking a Privileged Thread of Execution |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-252 | Unchecked Return Value |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20493 | |||
Oval ID: | oval:org.mitre.oval:def:20493 | ||
Title: | DSA-1353-1 tcpdump - integer overflow | ||
Description: | It was discovered that an integer overflow in the BGP dissector of tcpdump, a powerful tool for network monitoring and data acquisition, may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1353-1 CVE-2007-3798 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tcpdump |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22387 | |||
Oval ID: | oval:org.mitre.oval:def:22387 | ||
Title: | ELSA-2007:0368: tcpdump security and bug fix update (Moderate) | ||
Description: | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0368-04 CVE-2007-1218 CVE-2007-3798 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | tcpdump |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9520 | |||
Oval ID: | oval:org.mitre.oval:def:9520 | ||
Title: | Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. | ||
Description: | Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1218 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9771 | |||
Oval ID: | oval:org.mitre.oval:def:9771 | ||
Title: | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||
Description: | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3798 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-10-13 | Name : SLES10: Security update for tcpdump File : nvt/sles10_tcpdump.nasl |
2009-10-10 | Name : SLES9: Security update for tcpdump File : nvt/sles9p5011066.nasl |
2009-04-09 | Name : Mandriva Update for tcpdump MDKSA-2007:148 (tcpdump) File : nvt/gb_mandriva_MDKSA_2007_148.nasl |
2009-04-09 | Name : Mandriva Update for tcpdump MDKSA-2007:056 (tcpdump) File : nvt/gb_mandriva_MDKSA_2007_056.nasl |
2009-03-23 | Name : Ubuntu Update for tcpdump vulnerability USN-492-1 File : nvt/gb_ubuntu_USN_492_1.nasl |
2009-03-23 | Name : Ubuntu Update for tcpdump vulnerability USN-429-1 File : nvt/gb_ubuntu_USN_429_1.nasl |
2009-02-27 | Name : Fedora Update for tcpdump FEDORA-2007-654 File : nvt/gb_fedora_2007_654_tcpdump_fc6.nasl |
2009-02-27 | Name : Fedora Update for tcpdump FEDORA-2007-348 File : nvt/gb_fedora_2007_348_tcpdump_fc5.nasl |
2009-02-27 | Name : Fedora Update for tcpdump FEDORA-2007-347 File : nvt/gb_fedora_2007_347_tcpdump_fc6.nasl |
2009-02-27 | Name : Fedora Update for tcpdump FEDORA-2007-1361 File : nvt/gb_fedora_2007_1361_tcpdump_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-14 (tcpdump) File : nvt/glsa_200707_14.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-07:06.tcpdump.asc) File : nvt/freebsdsa_tcpdump1.nasl |
2008-09-04 | Name : FreeBSD Ports: tcpdump File : nvt/freebsd_tcpdump2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1272-1 (tcpdump) File : nvt/deb_1272_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1353-1 (tcpdump) File : nvt/deb_1353_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-230-01 tcpdump File : nvt/esoft_slk_ssa_2007_230_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38213 | tcpdump print-bgp.c BGP Packet Handling Crafted TLVs Remote Overflow |
32427 | tcpdump 802.11 parse_elements() Function Off-By-One Tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered due to a off-by-one heap overflow in the 'parse_elements()' function. By sending a malformed 802.11 frame, a remote attacker could cause a denial of service resulting in a loss of availability. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0387.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_tcpdump_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071109_tcpdump_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11696.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-155.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tcpdump-4037.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0387.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-492-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-429-1.nasl - Type : ACT_GATHER_INFO |
2007-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0368.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1361.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_tcpdump-4036.nasl - Type : ACT_GATHER_INFO |
2007-08-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-230-01.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1353.nasl - Type : ACT_GATHER_INFO |
2007-08-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-654.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_2dc764fa40c011dcaeac02e0185f8d72.nasl - Type : ACT_GATHER_INFO |
2007-07-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200707-14.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-148.nasl - Type : ACT_GATHER_INFO |
2007-03-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1272.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-348.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-347.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-056.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:42 |
|