TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities

Solution:
Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

RedHat has released an advisory RHSA-2004:007-01 to address these issues. Please see the referenced advisory for more information.

OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.

Engarde has released advisory ESA-20040119-002 to address this issue. Affected users are advised to use the Guardian Digital Secure Network to update vulnerable systems.

Turbolinux has released advisory TLSA-2004-3 to address this issue.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.

Fixes are available below:


RedHat tcpdump-3.7.2-1.i386.rpm

Red Hat Fedora Core1

RedHat libpcap-0.7.2-1.i386.rpm

RedHat arpwatch-2.1a11-1.i386.rpm

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.2

Apple Mac OS X Server 10.3.2

SGI ProPack 2.3

SGI ProPack 2.4

LBL tcpdump 3.4

LBL tcpdump 3.6.2

LBL tcpdump 3.7.2


 

Privacy Statement
Copyright 2010, SecurityFocus