[RHSA-2007:0368-03] Moderate: tcpdump security and bug fix update

bugzilla at redhat.com bugzilla at redhat.com
Wed Nov 7 16:18:37 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: tcpdump security and bug fix update
Advisory ID:       RHSA-2007:0368-03
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0368.html
Issue date:        2007-11-07
Updated on:        2007-11-07
Product:           Red Hat Enterprise Linux
Keywords:          overflow crash 802.11
CVE Names:         CVE-2007-1218 CVE-2007-3798 
- ---------------------------------------------------------------------

1. Summary:

Updated tcpdump packages that fix a security issue and functionality bugs
are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Tcpdump is a command line tool for monitoring network traffic.

Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11
processing code. If a certain link type was explicitly specified, an
attacker could inject a carefully crafted frame onto the IEEE 802.11
network that could crash a running tcpdump session. (CVE-2007-1218)

An integer overflow flaw was found in tcpdump's BGP processing code. An
attacker could execute arbitrary code with the privilege of the pcap user
by injecting a crafted frame onto the network. (CVE-2007-3798)

In addition, the following bugs have been addressed:

* The arpwatch service initialization script would exit prematurely,
returning an incorrect successful exit status and preventing the status
command from running in case networking is not available.

* Tcpdump would not drop root privileges completely when launched with the
- -C option. This might have been abused by an attacker to gain root
privileges in case a security problem was found in tcpdump. Users of
tcpdump are encouraged to specify meaningful arguments to the -Z option in
case they want tcpdump to write files with privileges other than of the
pcap user.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

232347 - CVE-2007-1218 tcpdump denial of service
237779 - Wrong init script
241677 - tcpdump -Z -C should drop root privileges completely
250275 - CVE-2007-3798 tcpdump BGP integer overflow

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tcpdump-3.9.4-11.el5.src.rpm
2d8a9b6ce960508362a7f9d80633b3da  tcpdump-3.9.4-11.el5.src.rpm

i386:
bf509e032af93a166ee85eb44fb9806c  libpcap-0.9.4-11.el5.i386.rpm
e1366b54fb414744f8066cda26ae1cf4  tcpdump-3.9.4-11.el5.i386.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm

x86_64:
bf509e032af93a166ee85eb44fb9806c  libpcap-0.9.4-11.el5.i386.rpm
5f5a5af8ab76663a97667d1036ec9668  libpcap-0.9.4-11.el5.x86_64.rpm
230e4421c10064f6b30666894151f545  tcpdump-3.9.4-11.el5.x86_64.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm
fe81bedaac8d616dd5174aa36ede5261  tcpdump-debuginfo-3.9.4-11.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tcpdump-3.9.4-11.el5.src.rpm
2d8a9b6ce960508362a7f9d80633b3da  tcpdump-3.9.4-11.el5.src.rpm

i386:
8a2efa5cde05859090d27899455fd8ea  arpwatch-2.1a13-18.el5.i386.rpm
e7fc87898e4d015cd6d9e3db48d9ca9f  libpcap-devel-0.9.4-11.el5.i386.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm

x86_64:
01df957f9cf7cf71afdef3649564dbb1  arpwatch-2.1a13-18.el5.x86_64.rpm
e7fc87898e4d015cd6d9e3db48d9ca9f  libpcap-devel-0.9.4-11.el5.i386.rpm
52d87731d358492ae67ae75ee92794c7  libpcap-devel-0.9.4-11.el5.x86_64.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm
fe81bedaac8d616dd5174aa36ede5261  tcpdump-debuginfo-3.9.4-11.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tcpdump-3.9.4-11.el5.src.rpm
2d8a9b6ce960508362a7f9d80633b3da  tcpdump-3.9.4-11.el5.src.rpm

i386:
8a2efa5cde05859090d27899455fd8ea  arpwatch-2.1a13-18.el5.i386.rpm
bf509e032af93a166ee85eb44fb9806c  libpcap-0.9.4-11.el5.i386.rpm
e7fc87898e4d015cd6d9e3db48d9ca9f  libpcap-devel-0.9.4-11.el5.i386.rpm
e1366b54fb414744f8066cda26ae1cf4  tcpdump-3.9.4-11.el5.i386.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm

ia64:
4afabd661d6cdc60e129cfd97cc40a9d  arpwatch-2.1a13-18.el5.ia64.rpm
f4696ab17886456c3106756ed94158da  libpcap-0.9.4-11.el5.ia64.rpm
ca57b4643c6670b21ad4aa15b277f728  libpcap-devel-0.9.4-11.el5.ia64.rpm
4f844de6d34ff8b4f80c054e78a7088f  tcpdump-3.9.4-11.el5.ia64.rpm
fe0efc47f60a0b7292a7faa11b6bbe84  tcpdump-debuginfo-3.9.4-11.el5.ia64.rpm

ppc:
8f4f509649250ef31e2a75bb5b9ed772  arpwatch-2.1a13-18.el5.ppc.rpm
a98d4e12b603d3dda4de51f887c48218  libpcap-0.9.4-11.el5.ppc.rpm
1a1556ff29bf547645be3bbecfccdf36  libpcap-0.9.4-11.el5.ppc64.rpm
1db21646d5ecea38de52ca5210bca741  libpcap-devel-0.9.4-11.el5.ppc.rpm
24182f64ea6d93b6d7905d39fb5dcc41  libpcap-devel-0.9.4-11.el5.ppc64.rpm
e671300d796e42688d50d074e0c1b5f1  tcpdump-3.9.4-11.el5.ppc.rpm
31c3146286375aa062ac6c08ffd32fee  tcpdump-debuginfo-3.9.4-11.el5.ppc.rpm
a5a7c8f13c8102951334387a4b56ca77  tcpdump-debuginfo-3.9.4-11.el5.ppc64.rpm

s390x:
a1900619ecfb99b2bfb2db7d2b8fda0c  arpwatch-2.1a13-18.el5.s390x.rpm
e65d46956c9aabb2dc4372e89a773095  libpcap-0.9.4-11.el5.s390.rpm
8d248c1c133eef93c00d12e3e4648cc8  libpcap-0.9.4-11.el5.s390x.rpm
13d1f23310369d5702f1208f9c3d38b4  libpcap-devel-0.9.4-11.el5.s390.rpm
d3230eb608c67be9e9090f42b882e6f1  libpcap-devel-0.9.4-11.el5.s390x.rpm
e2c3146e79feeea209f2642aaa34fdb6  tcpdump-3.9.4-11.el5.s390x.rpm
3b16d216d6d5567349710f49fed21387  tcpdump-debuginfo-3.9.4-11.el5.s390.rpm
ce98f450ecdfdc58669ce05741222081  tcpdump-debuginfo-3.9.4-11.el5.s390x.rpm

x86_64:
01df957f9cf7cf71afdef3649564dbb1  arpwatch-2.1a13-18.el5.x86_64.rpm
bf509e032af93a166ee85eb44fb9806c  libpcap-0.9.4-11.el5.i386.rpm
5f5a5af8ab76663a97667d1036ec9668  libpcap-0.9.4-11.el5.x86_64.rpm
e7fc87898e4d015cd6d9e3db48d9ca9f  libpcap-devel-0.9.4-11.el5.i386.rpm
52d87731d358492ae67ae75ee92794c7  libpcap-devel-0.9.4-11.el5.x86_64.rpm
230e4421c10064f6b30666894151f545  tcpdump-3.9.4-11.el5.x86_64.rpm
3a3db9efe4f5ba07d092013a88bf5ae4  tcpdump-debuginfo-3.9.4-11.el5.i386.rpm
fe81bedaac8d616dd5174aa36ede5261  tcpdump-debuginfo-3.9.4-11.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHMeUBXlSAg2UNWIIRAtP5AJ9TbdZGXzZxIGcVNxnj0ZbNz6WcRACgtJ/L
gcpBNPO8jhuHmsSPiAwQkLM=
=Rb2l
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list