diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc | 113 |
1 files changed, 0 insertions, 113 deletions
diff --git a/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc b/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc deleted file mode 100644 index 92c3567d3d..0000000000 --- a/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc +++ /dev/null @@ -1,113 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-07:06.tcpdump Security Advisory - The FreeBSD Project - -Topic: Buffer overflow in tcpdump(1) - -Category: contrib -Module: tcpdump -Announced: 2007-08-01 -Credits: "mu-b" -Affects: All supported versions of FreeBSD -Corrected: 2007-08-01 20:42:48 UTC (RELENG_6, 6.2-STABLE) - 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) - 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) - 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) - 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) -CVE Name: CVE-2007-3798 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -Tcpdump is a commonly used network diagnostic utility which decodes packets -received on the wire into human readable format. - -II. Problem Description - -An un-checked return value in the BGP dissector code can result in an integer -overflow. This value is used in subsequent buffer management operations, -resulting in a stack based buffer overflow under certain circumstances. - -III. Impact - -By crafting malicious BGP packets, an attacker could exploit this vulnerability -to execute code or crash the tcpdump process on the target system. This -code would be executed in the context of the user running tcpdump(1). -It should be noted that tcpdump(1) requires privileges in order to open live -network interfaces. - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the -RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the -correction date. - -2) To patch your present system: - -The following patches have been verified to apply to FreeBSD 5.5, 6.1, -and 6.2 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch -# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/usr.sbin/tcpdump/tcpdump -# make obj && make depend && make && make install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_5 - src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.2 -RELENG_5_5 - src/UPDATING 1.342.2.35.2.15 - src/sys/conf/newvers.sh 1.62.2.21.2.17 - src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.1.2.1 -RELENG_6 - src/contrib/tcpdump/print-bgp.c 1.1.1.8.2.1 -RELENG_6_2 - src/UPDATING 1.416.2.29.2.10 - src/sys/conf/newvers.sh 1.69.2.13.2.10 - src/contrib/tcpdump/print-bgp.c 1.1.1.8.8.1 -RELENG_6_1 - src/UPDATING 1.416.2.22.2.21 - src/sys/conf/newvers.sh 1.69.2.11.2.21 - src/contrib/tcpdump/print-bgp.c 1.1.1.8.6.1 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.7 (FreeBSD) - -iD8DBQFGsPfwFdaIBMps37IRAmK/AJ0adsy8zlOOXaJhJJdcX6A0Uy+bSQCfQYVi -4qk7MNSrKFZotejLEXKMCYI= -=JIZh ------END PGP SIGNATURE----- |