Package name tcpdump Date January 26th, 2004 Advisory ID MDKSA-2004:008 Affected versions 9.1, 9.2, MNF8.2, CS2.1

Problem Description

A number of vulnerabilities were discovered in tcpdump versions prior
to 3.8.1 that, if fed a maliciously crafted packet, could be exploited
to crash tcpdump or potentially execute arbitrary code with the
privileges of the user running tcpdump. These vulnerabilities include:

An infinite loop and memory consumption processing L2TP packets
(CAN-2003-1029).

Infinite loops in processing ISAKMP packets (CAN-2003-0989,
CAN-2004-0057).

A segmentation fault caused by a RADIUS attribute with a large length
value (CAN-2004-0055).

The updated packages are patched to correct these problem.

Updated Packages

Mandrakelinux 9.1

 aa337b3beb1371a5ceace20db36c5dfa  9.1/RPMS/tcpdump-3.7.2-2.1.91mdk.i586.rpm
99e8f3cb2c6cc748ca8c8d24ab555029  9.1/SRPMS/tcpdump-3.7.2-2.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 df878fa0b993bcc53cb852a4b3a6b0bb  ppc/9.1/RPMS/tcpdump-3.7.2-2.1.91mdk.ppc.rpm
99e8f3cb2c6cc748ca8c8d24ab555029  ppc/9.1/SRPMS/tcpdump-3.7.2-2.1.91mdk.src.rpm

Mandrakelinux 9.2

 595518640b2291ce10e26b943debf84b  9.2/RPMS/tcpdump-3.7.2-2.1.92mdk.i586.rpm
8e3520db919980c762c7acce742f9831  9.2/SRPMS/tcpdump-3.7.2-2.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64

 efd0e0b8f9796b3ba98d3da63d5b38c2  amd64/9.2/RPMS/tcpdump-3.7.2-2.1.92mdk.amd64.rpm
8e3520db919980c762c7acce742f9831  amd64/9.2/SRPMS/tcpdump-3.7.2-2.1.92mdk.src.rpm

Multi Network Firewall 8.2

 3eaac937cfc3d2390a2eda8dd431fc56  mnf8.2/RPMS/tcpdump-3.7.2-2.1.M82mdk.i586.rpm
a33365b5a8d47668764615ec6713869f  mnf8.2/SRPMS/tcpdump-3.7.2-2.1.M82mdk.src.rpm

Corporate Server 2.1

 c9c3cb66d49d3c61c09db1df364309aa  corporate/2.1/RPMS/tcpdump-3.7.2-2.1.C21mdk.i586.rpm
a0731e1d0f8bb67e27796486ee0ac6de  corporate/2.1/SRPMS/tcpdump-3.7.2-2.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 3eba37e4c75f54916c3c15b126710c43  x86_64/corporate/2.1/RPMS/tcpdump-3.7.2-2.1.C21mdk.x86_64.rpm
a0731e1d0f8bb67e27796486ee0ac6de  x86_64/corporate/2.1/SRPMS/tcpdump-3.7.2-2.1.C21mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm
		

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.