• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability

Solution:
Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

Guardian Digital Security has released a security advisory for EnGarde Secure Linux (ESA-20030430-014). The referenced advisory contains information pertaining to obtaining and applying fixes that address this and other issues. Users are advised to upgrade as soon as possible.

Red Hat has released a security advisory (RHSA-2003:032-01) that contains fixes addressing this and other tcpdump issues. Users are advised to upgrade as soon as possible.

OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.

Fixes are available below:


RedHat Fedora Core1

• Fedora arpwatch-2.1a11-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /arpwatch-2.1a11-7.fc1.1.i386.rpm


• Fedora libpcap-0.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /libpcap-0.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /tcpdump-3.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm

Apple Mac OS X 10.2.8

• Apple SecUpd2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120277

Apple Mac OS X Server 10.2.8

• Apple SecUpdSrvr2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120322

Apple Mac OS X 10.3.2

• Apple SecUpd2004-02-23Pan.dmg
  http://www.info.apple.com/kbnum/n120323

Apple Mac OS X Server 10.3.2

• Apple SecUpdSrvr2004-02-23Pan.dmg
  http://www.info.apple.com/kbnum/n120324

SGI ProPack 2.3

• SGI patch10043.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

SGI ProPack 2.4

• SGI patch10044.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz

LBL tcpdump 3.6.2

• Debian tcpdump_3.6.2-2.4_alpha.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_alpha.deb


• Debian tcpdump_3.6.2-2.4_arm.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_arm.deb


• Debian tcpdump_3.6.2-2.4_hppa.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_hppa.deb


• Debian tcpdump_3.6.2-2.4_i386.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_i386.deb


• Debian tcpdump_3.6.2-2.4_ia64.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_ia64.deb


• Debian tcpdump_3.6.2-2.4_m68k.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_m68k.deb


• Debian tcpdump_3.6.2-2.4_mips.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_mips.deb


• Debian tcpdump_3.6.2-2.4_mipsel.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_mipsel.deb


• Debian tcpdump_3.6.2-2.4_powerpc.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_powerpc.deb


• Debian tcpdump_3.6.2-2.4_s390.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_s390.deb


• Debian tcpdump_3.6.2-2.4_sparc.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_sparc.deb


• Debian tcpdump_3.6.2-2.7_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_alpha.deb


• Debian tcpdump_3.6.2-2.7_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_arm.deb


• Debian tcpdump_3.6.2-2.7_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_hppa.deb


• Debian tcpdump_3.6.2-2.7_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_i386.deb


• Debian tcpdump_3.6.2-2.7_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_ia64.deb


• Debian tcpdump_3.6.2-2.7_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_m68k.deb


• Debian tcpdump_3.6.2-2.7_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_mips.deb


• Debian tcpdump_3.6.2-2.7_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_powerpc.deb


• Debian tcpdump_3.6.2-2.7_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_s390.deb


• Debian tcpdump_3.6.2-2.7_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_sparc.deb


• Red Hat arpwatch-2.1a11-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/arpwatch-2.1a11-17.7.1.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/arpwatch-2.1a11-17.7.2.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/arpwatch-2.1a11-17.7.2.2.ia64. rpm


• Red Hat arpwatch-2.1a11-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/arpwatch-2.1a11-17.7.3.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/arpwatch-2.1a11-17.8.0.2.i386. rpm


• Red Hat libpcap-0.6.2-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/libpcap-0.6.2-17.7.1.2.i386.rp m


• Red Hat libpcap-0.6.2-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/libpcap-0.6.2-17.7.2.2.i386.rp m


• Red Hat libpcap-0.6.2-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/libpcap-0.6.2-17.7.2.2.ia64.rp m


• Red Hat libpcap-0.6.2-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/libpcap-0.6.2-17.7.3.2.i386.rp m


• Red Hat libpcap-0.6.2-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/libpcap-0.6.2-17.8.0.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/tcpdump-3.6.3-17.7.1.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/tcpdump-3.6.3-17.7.2.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/tcpdump-3.6.3-17.7.2.2.ia64.rp m


• Red Hat tcpdump-3.6.3-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/tcpdump-3.6.3-17.7.3.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/tcpdump-3.6.3-17.8.0.2.i386.rp m


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/R PMS/tcpdump-3.8.1-1.i386.rpm


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-00 8.0/RPMS/tcpdump-3.8.1-1.i386.rpm