• info
• discussion
• exploit
• solution
• references

TCPDump BGP Decoding Routines Denial Of Service Vulnerability

Solution:
Reportedly, the vendor has addressed this vulnerability in the CVS-current release of tcpdump. This is not confirmed.

Please see the referenced vendor advisories for information on obtaining and applying fixes.


Red Hat Fedora Core1

• Fedora arpwatch-2.1a11-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /arpwatch-2.1a11-7.fc1.1.i386.rpm


• Fedora libpcap-0.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /libpcap-0.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /tcpdump-3.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm

IPCop IPCop 1.4.1

• IPCop IPCop 1.4.6
  http://ipcop.org/modules.php?op=modload&name=Downloads&file=index&req= viewdownload&cid=3&orderby=dateD

Apple Mac OS X 10.2.8

• Apple SecUpd2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120277

Apple Mac OS X Server 10.2.8

• Apple SecUpdSrvr2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120322

Apple Mac OS X Server 10.3.2

• Apple SecUpdSrvr2004-02-23Pan.dmg
  http://www.info.apple.com/kbnum/n120324

SGI ProPack 2.3

• SGI patch10043.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

LBL tcpdump 3.6.2

• Debian tcpdump_3.6.2-2.4_mipsel.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_mipsel.deb


• Debian tcpdump_3.6.2-2.7_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_alpha.deb


• Debian tcpdump_3.6.2-2.7_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_arm.deb


• Debian tcpdump_3.6.2-2.7_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_hppa.deb


• Debian tcpdump_3.6.2-2.7_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_i386.deb


• Debian tcpdump_3.6.2-2.7_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_ia64.deb


• Debian tcpdump_3.6.2-2.7_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_m68k.deb


• Debian tcpdump_3.6.2-2.7_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_mips.deb


• Debian tcpdump_3.6.2-2.7_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_powerpc.deb


• Debian tcpdump_3.6.2-2.7_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_s390.deb


• Debian tcpdump_3.6.2-2.7_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_sparc.deb


• Debian tcpdump_3.6.2-2.9_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_alpha.deb


• Debian tcpdump_3.6.2-2.9_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_arm.deb


• Debian tcpdump_3.6.2-2.9_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_hppa.deb


• Debian tcpdump_3.6.2-2.9_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_i386.deb


• Debian tcpdump_3.6.2-2.9_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_ia64.deb


• Debian tcpdump_3.6.2-2.9_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_m68k.deb


• Debian tcpdump_3.6.2-2.9_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_mips.deb


• Debian tcpdump_3.6.2-2.9_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_mipsel.deb


• Debian tcpdump_3.6.2-2.9_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_powerpc.deb


• Debian tcpdump_3.6.2-2.9_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_s390.deb


• Debian tcpdump_3.6.2-2.9_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .9_sparc.deb


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/R PMS/tcpdump-3.8.1-1.i386.rpm


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-00 8.0/RPMS/tcpdump-3.8.1-1.i386.rpm

LBL tcpdump 3.7.1

• Conectiva tcpdump-3.7.1-351.i586.rpm
  ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/tcpdump-3.7.1-351.i586 .rpm

LBL tcpdump 3.7.2

• Mandrake tcpdump-3.7.2-2.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.M82mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2
  http://www.mandrakesecure.net/en/ftp.php


• RedHat arpwatch-2.1a11-7.9.4.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11 -7.9.4.legacy.i386.rpm


• RedHat arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11 -8.fc1.3.legacy.i386.rpm


• RedHat tcpdump-3.7.2-7.9.4.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7 .9.4.legacy.i386.rpm


• RedHat tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8 .fc1.3.legacy.i386.rpm

LBL tcpdump 3.8.3

• Ubuntu tcpdump_3.8.3-3ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_amd64.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_i386.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_powerpc.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_amd64.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_i386.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_powerpc.deb

FreeBSD FreeBSD 5.3

• FreeBSD tcpdump.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch

FreeBSD FreeBSD 5.4 -RELENG

• FreeBSD tcpdump.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch

SCO Open Server 6.0

• SCO VOL.000.000 for SCOSA-2005.61
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.61

SCO Unixware 7.1.4

• SCO p532314.image
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60

S.u.S.E. Linux Personal 9.0

• S.u.S.E. tcpdump-3.7.2-72.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tcpdump-3.7.2-72. i586.rpm