-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: tcpdump/libpcap
Announcement-ID: SuSE-SA:2002:020
Date: Wed May 29 14:00:00 MEST 2002
Affected products: 6.4, 7.0, 7.1, 7.2, 7.3, 8.0,
SuSE Linux Database Server,
SuSE eMail Server III,
SuSE Firewall Adminhost VPN,
SuSE Linux Admin-CD for Firewall,
SuSE Linux Live-CD for Firewall,
SuSE Linux Enterprise Server for S/390,
SuSE Linux Connectivity Server,
SuSE Linux Enterprise Server 7
Vulnerability Type: remote command execution
Severity (1-10): 6
SuSE default package: yes
Other affected systems: All systems with vulnerable tcpdump.
Content of this advisory:
1) security vulnerability resolved: Buffer overflow in tcpdump.
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The tcpdump program may be used to capture and decode network traffic.
Tcpdump decodes certain packets such as AFS requests in a wrong way
resulting in a buffer overflow. Since running tcpdump requires root
privileges this may lead to a root compromise of the system running
tcpdump. We strongly recommend an update for administrators using
tcpdump to monitor their networks since the only safe workaround is to
not use it at all.
Additionally to the fixed tcpdump packages we provide new libpcap
packages. Libpcap on which most network monitoring programs rely also
contained overflows which however are only exploitable by local attackers
if you installed programs using libpcap setuid. This is not found in a
default install.
More information about tcpdump and libpcap may be found at
http://www.tcpdump.org
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
i386 Intel Platform:
SuSE-8.0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-300.i386.rpm
f6b5499e4857575fa162ae24cde181c8
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/tcpdump-3.6.2-300.src.rpm
2dd114976f858d0a66c83f409dbf25a0
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/tcpdump-3.6.2-300.i386.rpm
dc7fba8709f74476ee463e3b7d3d9042
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/tcpdump-3.6.2-300.src.rpm
d2d6a940df5c40e54a6b30e3698458ef
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/tcpdump-3.4a6-376.i386.rpm
601bc08d351e8100767bbfd502efd44b
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/tcpdump-3.4a6-376.src.rpm
af87a4ad56fc853800c6af5982899f18
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/tcpdump-3.4a6-375.i386.rpm
a3251d65bfa05948ce3796ac9e5fdf5b
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/tcpdump-3.4a6-375.src.rpm
84ba69db15e1ff569cf674f7d61428f1
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/tcpdump-3.4a6-374.i386.rpm
63d57b2062a91d5fabeb43a5543d245e
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/tcpdump-3.4a6-374.src.rpm
204195b01bc25f84209029bed0eb00cd
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-372.i386.rpm
ebb48c115355dc4ba1f45b1f8c36f9aa
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tcpdump-3.4a6-372.src.rpm
d2087aea083c4f6b93a518eee00c979e
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/tcpdump-3.6.2-58.sparc.rpm
bb422a4c2d025d3b8a805345a200576a
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/tcpdump-3.6.2-58.src.rpm
e0f85bd701865ca1f3d0923d1b9eb24c
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/tcpdump-3.4a6-318.sparc.rpm
eaf6237823690fe4cb72df39b2b75a5f
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/tcpdump-3.4a6-318.src.rpm
458f7aaa2ed33606007d345d371bf8c4
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-318.sparc.rpm
6137a3ecadd2bfd95b51039fef52187b
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/tcpdump-3.4a6-318.src.rpm
0227535bdc5f7bd6980e77737cc6182c
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/tcpdump-3.4a6-329.alpha.rpm
614dfa16b71456692bc1d92b9db0998b
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/tcpdump-3.4a6-329.src.rpm
e5a05bdbe3d5a29f0840c488e703268b
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/tcpdump-3.4a6-330.alpha.rpm
0f1fbdfdcf8f4e1a90424df1b3ad05bc
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/tcpdump-3.4a6-330.src.rpm
d48289b8926c3fa7602b6ad026ae4130
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-330.alpha.rpm
bf9ef22920ff73802e3b02005476527b
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tcpdump-3.4a6-330.src.rpm
1fa595c3febfc97f45642faffdd1dfb1
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/tcpdump-3.6.2-189.ppc.rpm
303f6a00defddc3b8a3be1ab386021cf
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/tcpdump-3.6.2-189.src.rpm
552355e0f15582d47d64fd3a97542cf3
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/tcpdump-3.4a6-317.ppc.rpm
4dd468ba517be7c7f52a8b2ac7c2beb0
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/tcpdump-3.4a6-317.src.rpm
69be109e360246794c66ed55e199ee95
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-316.ppc.rpm
1b51e5529fa559d8453588f09d9b8585
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/tcpdump-3.4a6-316.src.rpm
20d1da2b898a483df771809747851967
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-315.ppc.rpm
97cd7574108f3fcb9f52a7213d626481
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tcpdump-3.4a6-315.src.rpm
67c63c89e26c2a17df6fef3585f41481
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- Perl-Digest-MD5
The Perl Digest-MD5 module fails to handle utf8 characters properly
and thus calculates wrong hash sums for certain input. New packages
are already available on our ftp servers.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum