04.14.22 CVE: CAN-2004-0183 Platform: Cross Platform Title: tcpdump ISAKMP Packet Decoding Vulnerability Description: tcpdump 3.8.2 and previous have been identified as having packet decoding runtime overflow for ISAKMP packets. A hostile remote user could crash a running instance of tcpdump or execute arbitrary code. tcpdump 3.8.3 has been released to correct the problem. Ref: http://www.rapid7.com/advisories/R7-0017.html ------- Additional Comments From jkeating 2004-05-18 18:39:23 ---- Seems that RH never put out an update for this for RHL9. Was one issued for Fedora Legacy? ------- Additional Comments From marcdeslauriers 2004-05-27 14:54:54 ---- Advisories and updates were issued for FC1: http://fedoranews.org/updates/FEDORA-2004-092.shtml ...and RHEL: https://rhn.redhat.com/errata/RHSA-2004-219.html ------- Additional Comments From marcdeslauriers 2004-05-27 16:02:24 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are packages for 9: 9ecef14f1df970a085c9c5e94104fb198e0cd533 arpwatch-2.1a11-7.9.2.legacy.i386.rpm fde35cbf18923460869e139a9d4a4b11b1f5b795 libpcap-0.7.2-7.9.2.legacy.i386.rpm e7ceffa1bf803ed0f39c87ba0d37a97f4966cbc3 tcpdump-3.7.2-7.9.2.legacy.i386.rpm f4a5ca70c2f1f3ee004df19b9fd82669cee3d5ef tcpdump-3.7.2-7.9.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/arpwatch-2.1a11-7.9.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/libpcap-0.7.2-7.9.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/tcpdump-3.7.2-7.9.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/tcpdump-3.7.2-7.9.2.legacy.src.rpm Here are packages for 8.0: f55679028e5f7ce0c2f7898e85cefc0df122777b arpwatch-2.1a11-17.8.0.6.legacy.i386.rpm c6f21f58d91aff19f7759af8a64eae18abcc20c2 libpcap-0.6.2-17.8.0.6.legacy.i386.rpm 6c2c16709e9172af493856e07fdabcfa84e22e86 tcpdump-3.6.3-17.8.0.6.legacy.i386.rpm 397f2b324f0f0352910bb1606a2f72830b7e09a4 tcpdump-3.6.3-17.8.0.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/8.0/arpwatch-2.1a11-17.8.0.6.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/8.0/libpcap-0.6.2-17.8.0.6.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/8.0/tcpdump-3.6.3-17.8.0.6.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/8.0/tcpdump-3.6.3-17.8.0.6.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAtp2ZLMAs/0C4zNoRAkrKAJwItrTkjuVK+eJDX742A9bvcLUWhACbBnDE rhdym303OV6JOsgMhnKR69Q= =6jm4 -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-05-29 15:47:40 ---- I've made 7.3 packages too. As soon as my website comes back up, I'll post them here. ------- Additional Comments From marcdeslauriers 2004-05-31 16:24:00 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are packages for 7.3: 248f5fc66612c281c7676e40215aec5b394ca761 arpwatch-2.1a11-17.7.3.5.legacy.i386.rpm 400f5fcfcd0ef2705f71ad0d7c4ecf205567f451 libpcap-0.6.2-17.7.3.5.legacy.i386.rpm b83bf3acbf6734dc8cf1013770c39f82bf0445ef tcpdump-3.6.3-17.7.3.5.legacy.i386.rpm d224edbf3765897bf248ee7b07292604ff25e0f7 tcpdump-3.6.3-17.7.3.5.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/arpwatch-2.1a11-17.7.3.5.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/libpcap-0.6.2-17.7.3.5.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/tcpdump-3.6.3-17.7.3.5.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/tcpdump-3.6.3-17.7.3.5.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAu+izLMAs/0C4zNoRArB/AKCCVZjM9cOUeaZAIpkHWVcN3RmGqACeLX61 B+gy2tvw6aeBExqEpCw9j4k= =siJO -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-06-02 15:06:32 ---- *** Bug 1627 has been marked as a duplicate of this bug. *** ------- Additional Comments From jonny.strom 2004-06-05 03:19:26 ---- I did a QA of the rh 9 pacakges: SHA1 is ok. Installs ok. I did a functionally testing and tcpdump works as expected. I wote for publish. ------- Additional Comments From marcdeslauriers 2004-06-08 02:09:29 ---- *** Bug 1728 has been marked as a duplicate of this bug. *** ------- Additional Comments From jkeating 2004-06-10 18:47:28 ---- Pushed to updates-testing http://download.fedoralegacy.org/redhat/ 3c236622c2f0815b257eb6df89470875844ab051 7.3/updates-testing/SRPMS/tcpdump-3.6.3-17.7.3.6.legacy.src.rpm 1d7866f944b95a9350098803c1be9a9439ef9de1 7.3/updates-testing/i386/arpwatch-2.1a11-17.7.3.6.legacy.i386.rpm 827884c667461dcd1624b666d29d83e50e4611cc 7.3/updates-testing/i386/libpcap-0.6.2-17.7.3.6.legacy.i386.rpm 2e77a8344ce68a80fe484fae4e9e371b92dc25c2 7.3/updates-testing/i386/tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm 2a63dfe8422c135d41ec0655d1957b2ac6e348a2 9/updates-testing/SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.rpm e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa 9/updates-testing/i386/arpwatch-2.1a11-7.9.3.legacy.i386.rpm 3e7aad82c73a3250828b05e1308eb63a43c0d35e 9/updates-testing/i386/libpcap-0.7.2-7.9.3.legacy.i386.rpm 39b28a5fc7bda074426736cfdbc6a2186979daa2 9/updates-testing/i386/tcpdump-3.7.2-7.9.3.legacy.i386.rpm ------- Additional Comments From jpdalbec 2004-07-09 04:47:19 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY RH 7.3 65993a7f1975a0bcf8b25c85aa86e02de5c2ec24 arpwatch-2.1a11-17.7.1.2.i386.rpm a410c821a4d0f8c8c2ed787cc05a118af73f2bd2 libpcap-0.6.2-11.7.1.0.i386.rpm d8e3c6b922b7fb055829153c574f498da42023b1 tcpdump-3.6.3-17.7.1.3.i386.rpm I've installed these packages on 4 production (mostly e-mail) servers. Tcpdump seems to capture production traffic (POP, IMAP, SMTP, HTTP, NFS) just fine. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA7q/QJL4A+ldA7asRAhKLAKCXR2v7qY//2305Ag4HjQ1nd7+srgCgkuVG 2DPxmceTqyOpmHAWe6/eanc= =MDsW -----END PGP SIGNATURE----- ------- Additional Comments From simon 2004-09-08 02:22:16 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY 1d7866f944b95a9350098803c1be9a9439ef9de1 7.3/updates-testing/i386/arpwatch-2.1a11-17.7.3.6.legacy.i386.rpm 827884c667461dcd1624b666d29d83e50e4611cc 7.3/updates-testing/i386/libpcap-0.6.2-17.7.3.6.legacy.i386.rpm 2e77a8344ce68a80fe484fae4e9e371b92dc25c2 7.3/updates-testing/i386/tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm Packages tested on 7.3 and appear to work fine. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBPvkQMLOCzgCQslsRAjLkAJ402qJktnAcjJEoCXGmayOrQPqAZQCcDKcG NGyN2Hz7pFp6FQO4opVpD6Q= =C8tm -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-09-08 13:17:52 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa i386/arpwatch-2.1a11-7.9.3.legacy.i386 .rpm 39b28a5fc7bda074426736cfdbc6a2186979daa2 i386/tcpdump-3.7.2-7.9.3.legacy.i386.r pm 3e7aad82c73a3250828b05e1308eb63a43c0d35e i386/libpcap-0.7.2-7.9.3.legacy.i386.r pm 2a63dfe8422c135d41ec0655d1957b2ac6e348a2 SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.r pm for RH9: - - installs - - runs (for lipcap, ethereal runs) - - builds from source ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFBP5LkYzuFKFF44qURAveTAJY9AO5PK0BoedphlZmIBOJMJh+IAKDHF0I4 CU0KcQ7vXFD0stC5BnCqwA== =apJZ -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-09-08 13:18:48 ---- Grr. Second try. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa i386/arpwatch-2.1a11-7.9.3.legacy.i386.rpm 39b28a5fc7bda074426736cfdbc6a2186979daa2 i386/tcpdump-3.7.2-7.9.3.legacy.i386.rpm 3e7aad82c73a3250828b05e1308eb63a43c0d35e i386/libpcap-0.7.2-7.9.3.legacy.i386.rpm 2a63dfe8422c135d41ec0655d1957b2ac6e348a2 SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.rpm for RH9: - - installs - - runs (for lipcap, ethereal runs) - - builds from source ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFBP5LkYzuFKFF44qURAveTAJY9AO5PK0BoedphlZmIBOJMJh+IAKDHF0I4 CU0KcQ7vXFD0stC5BnCqwA== =apJZ -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-09-27 15:01:27 ---- http://www-astro.physics.ox.ac.uk/~dom/legacy/advisories/1468-tcpdump-draft.txt ------- Bug moved to this database by dkl 2005-03-30 18:24 ------- This bug previously known as bug 1468 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1468 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.