-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-14
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 12 Mar 2003
Last revised : 01 Apr 2003
Package : tcpdump
Summry : tcpdump infinite loop
More information :
Vulnerabilites exist in the tcpdump. When parsing malformed ISAKMP, BGP and NFS packets,
it will cause TCPDUMP to enter an infinite look or buffer overflow.
Impact :
This may allow remote attackers to cause a denial of service.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
If you need to confirm the version of current installed
package, please issue rpm command as :
# rpm -qa | grep PACKAGE-NAME
<Turbolinux 8 Server>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 eaa3ef4cd3c38c4ce69f0e18cbf81b8a
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i586.rpm
233086 8ab3677d5241c09953b9068906922ae8
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 536b15d3c9901a87cc6605ccb0066019
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i586.rpm
233060 62d71b2bdb573fbd3b939542f5a4f059
<Turbolinux 7 Server>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 0ee91bd02cc5092590cb049645a3f7ed
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i586.rpm
226875 0ebe2ef0e609c8ac5104b71327ec9248
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 d2c4fafe62345a49cb5c21f6f3788ba9
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i586.rpm
226818 a1346f66773b5b9cbbb90e9b9011e765
<Turbolinux Server 6.5>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 d0de6c6aaff1ae14b4440d232f0fc9f3
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i386.rpm
220695 76a84fc91634949d4f82aab14f6bcd70
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 9f0b05433ce66fe9ec556045dada52db
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i386.rpm
220683 dfeb6db3975b07e02b563836f310e006
<Turbolinux Server 6.1>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 e2d4c21ce155f1f7c4f5eb73385041b1
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i386.rpm
220690 45aa1ec42bc9c90f9f79f23664e90052
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
tcpdump-3.7.2-1.src.rpm
434120 d8b34c9e00463cd977cc36f7cb35bdbb
Binary Packages
Size : MD5
tcpdump-3.7.2-1.i386.rpm
220686 dbc29e7a6b9e2c2fdc976415f6fad1c0
References :
tcpdump.org
http://www.tcpdump.org/tcpdump-changes.txt
CVE
[
CAN-2003-0108]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0108
--------------------------------------------------------------------------
Revision History
12 Mar 2003 Initial release
01 Apr 2003 modifyed file size
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+iVspK0LzjOqIJMwRAqwnAJ4p2vPLGQHrTK5KysuRih3QqUhklACgjXDt
464NLUkuY/zj/0Q4A1DIjn8=
=d6Ec
-----END PGP SIGNATURE-----