Red Hat Bugzilla – Bug 7116
if you have uid 2090 you are a winner if tcpdump is suid root
Last modified: 2008-05-01 11:37:53 EDT
if you have uid 2090 you are a winner if tcpdump is suid root,
and people might do that since is a nice thing to tcpdump the network
w/o being root.
You never read patches you get ?
diff -x rsvpd -x rsvp_print.c --new-file -ur lbl/tcpdump-3.4/tcpdump.c
--- lbl/tcpdump-3.4/tcpdump.c Sun Oct 19 00:50:17 1997
+++ tcpdump-3.4/tcpdump.c Wed Mar 17 20:46:21 1999
@@ -134,6 +176,9 @@
+ if (geteuid() == 0 && getuid() != 2090)
cnt = -1;
device = NULL;
infile = NULL;
ok, it might not been a security bole by itself, but you should still
read you patches you get.
You should consider using www.tcpdump.org instead of old tcpdump 3.4 + random
The 2090 backdoor has been removed in tcpdump-3.4-17.
The tcpdump.org offering doesn't seem quite stable yet, but I'll probably
upgrade to that version when a stable release is available.