aru Posted January 27, 2004 Report Share Posted January 27, 2004 MandrakeSoft Security Advisory MDKSA-2004:008 : tcpdump January 26th, 2004 Updated tcpdump packages fix several vulnerabilities A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include: An infinite loop and memory consumption processing L2TP packets (CAN-2003-1029). Infinite loops in processing ISAKMP packets (CAN-2003-0989, CAN-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CAN-2004-0055). The updated packages are patched to correct these problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Multi Network Firewall 8.2 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-1029 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0055 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0057 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts