OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 04-Mar-2003 11:34:10
Branch: HEAD Handle: 2003030410340900
Modified files:
openpkg-web/security OpenPKG-SA-2003.014-tcpdump.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.4 +23 -13 openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt
============================================================================
$ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2003.014-tcpdump.txt
--- openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt 4 Mar 2003 10:05:33
-0000 1.3
+++ openpkg-web/security/OpenPKG-SA-2003.014-tcpdump.txt 4 Mar 2003 10:34:09
-0000 1.4
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -7,7 +10,7 @@
________________________________________________________________________
Package: tcpdump
-Vulnerability: denial of service and buffer overflow
+Vulnerability: denial of service
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
@@ -19,21 +22,21 @@
Description:
Andrew Griffiths and iDEFENSE Labs discovered [1] a vulnerability in
- tcpdump [0] which could result in a Denial of Service attack due to
- an endless loop consuming CPU resources when parsing malformed ISAKMP
- packets sent to UDP port 500. The Common Vulnerabilities and Exposures
- (CVE) project assigned the id CAN-2003-0108 [2] to the problem.
+ tcpdump [0] which can result in a Denial of Service (DoS) attack due
+ to an endless processing loop consuming CPU resources when parsing
+ malformed ISAKMP packets (UDP, port 500). The Common Vulnerabilities
+ and Exposures (CVE) project assigned the id CAN-2003-0108 [2] to the
+ problem.
- Similarily, another Denial of Service attack is possible because
- tcpdump enters also an endless loop consuming CPU resources when
- parsing malformed BGP packets. Finally, a buffer overflow occurred
- when parsing malformed NFS packets.
+ Similarily, another DoS attack is possible because tcpdump enters
+ also an endless processing loop consuming CPU resources when parsing
+ malformed BGP packets (TCP, port 179). Finally, a buffer overflow is
+ possible when parsing malformed NFS packets (UDP, port 2049).
Please check whether you are affected by running "<prefix>/bin/rpm -q
- tcpdump". If you have the "tcpdump" package installed and its version
- is affected (see above), we recommend that you immediately upgrade it
- (see Solution) and it's dependent packages (see above), if any, too.
- [3][4]
+ tcpdump". If you have the "tcpdump" package installed and its version is
+ affected (see above), we recommend that you immediately upgrade it (see
+ Solution) and it's dependent packages (see above), if any, too. [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ -77,3 +80,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+ZIEOgHWT4GPEy58RArsmAKCJSLg7vWFHOJFsXG/Xq/wbtSazNgCgq8zg
+MOen3HEaFOKBcfB471+2kJk=
+=NyPy
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
