TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability

Solution:
Gentoo Linux has released an advisory (GLSA 200404-03) and updates to address this issue. Gentoo advises users to upgrade to the latest available version, it is advised that the net-libs/libpcap package should also be upgraded. This can be accomplished by issuing the following series of commands:
#emerge sync
#emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
#emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"

Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

SuSE has released an advisory SuSE-SA:2004:002 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:007 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:008 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA-425-1 to address this issue. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.


Redhat Fedora Core1

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.2

Apple Mac OS X Server 10.3.2

SGI ProPack 2.3

SGI ProPack 2.4

LBL tcpdump 3.6.2

LBL tcpdump 3.7.1

LBL tcpdump 3.7.2


 

Privacy Statement
Copyright 2010, SecurityFocus