Issued:
2007-11-07
Updated:
2007-11-07

RHSA-2007:0368 - Security Advisory

Synopsis

Moderate: tcpdump security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated tcpdump packages that fix a security issue and functionality bugs
are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Tcpdump is a command line tool for monitoring network traffic.

Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11
processing code. If a certain link type was explicitly specified, an
attacker could inject a carefully crafted frame onto the IEEE 802.11
network that could crash a running tcpdump session. (CVE-2007-1218)

An integer overflow flaw was found in tcpdump's BGP processing code. An
attacker could execute arbitrary code with the privilege of the pcap user
by injecting a crafted frame onto the network. (CVE-2007-3798)

In addition, the following bugs have been addressed:

  • The arpwatch service initialization script would exit prematurely,
    returning an incorrect successful exit status and preventing the status
    command from running in case networking is not available.
  • Tcpdump would not drop root privileges completely when launched with the
  • C option. This might have been abused by an attacker to gain root
    privileges in case a security problem was found in tcpdump. Users of
    tcpdump are encouraged to specify meaningful arguments to the -Z option in
    case they want tcpdump to write files with privileges other than of the
    pcap user.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
x86_64
arpwatch-2.1a13-18.el5.x86_64.rpm SHA-256: 85c4e9cce71427a433abdbb042b143136700fdf6050787abcd2eece6263cccc9
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-0.9.4-11.el5.x86_64.rpm SHA-256: 348d8a6d280fd90dcdb40cba753cd6580a249f029098a7256b58165817fe565f
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
libpcap-devel-0.9.4-11.el5.x86_64.rpm SHA-256: a489a15cf696e33ab1c1df7d6eb6134341d1aec1bacab271e694cd369da8e84b
tcpdump-3.9.4-11.el5.x86_64.rpm SHA-256: 9265ab21a02bb7d25b686ba9463930c1da1ed44b74d08b413bba77b2b38f2951
ia64
arpwatch-2.1a13-18.el5.ia64.rpm SHA-256: af56d77804ea2e8663e6c81f1e024f0089280d718d0c3b484d41147c96d87755
libpcap-0.9.4-11.el5.ia64.rpm SHA-256: 888775fa4c69ebb14fe928f7370cd8a160c947017df7249930e6994dc108f1ae
libpcap-devel-0.9.4-11.el5.ia64.rpm SHA-256: 7760193f38436e0089729a8823bf5db8e44532d6b2a610f60c530c575f812f4f
tcpdump-3.9.4-11.el5.ia64.rpm SHA-256: b44308329b9dc80c416e4497d833a42d6f845ab2a3dac071d2fc4d846162ae5c
i386
arpwatch-2.1a13-18.el5.i386.rpm SHA-256: 0959efb3483909b6683abe687d8d8b9e6576e72cee51e620df398315113ac9e2
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
tcpdump-3.9.4-11.el5.i386.rpm SHA-256: 9db62c27ff671dbfec50a430ae21564a2d92779b6f0a528a9aad983e8352fdf4

Red Hat Enterprise Linux Workstation 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
x86_64
arpwatch-2.1a13-18.el5.x86_64.rpm SHA-256: 85c4e9cce71427a433abdbb042b143136700fdf6050787abcd2eece6263cccc9
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-0.9.4-11.el5.x86_64.rpm SHA-256: 348d8a6d280fd90dcdb40cba753cd6580a249f029098a7256b58165817fe565f
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
libpcap-devel-0.9.4-11.el5.x86_64.rpm SHA-256: a489a15cf696e33ab1c1df7d6eb6134341d1aec1bacab271e694cd369da8e84b
tcpdump-3.9.4-11.el5.x86_64.rpm SHA-256: 9265ab21a02bb7d25b686ba9463930c1da1ed44b74d08b413bba77b2b38f2951
i386
arpwatch-2.1a13-18.el5.i386.rpm SHA-256: 0959efb3483909b6683abe687d8d8b9e6576e72cee51e620df398315113ac9e2
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
tcpdump-3.9.4-11.el5.i386.rpm SHA-256: 9db62c27ff671dbfec50a430ae21564a2d92779b6f0a528a9aad983e8352fdf4

Red Hat Enterprise Linux Desktop 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
x86_64
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-0.9.4-11.el5.x86_64.rpm SHA-256: 348d8a6d280fd90dcdb40cba753cd6580a249f029098a7256b58165817fe565f
tcpdump-3.9.4-11.el5.x86_64.rpm SHA-256: 9265ab21a02bb7d25b686ba9463930c1da1ed44b74d08b413bba77b2b38f2951
i386
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
tcpdump-3.9.4-11.el5.i386.rpm SHA-256: 9db62c27ff671dbfec50a430ae21564a2d92779b6f0a528a9aad983e8352fdf4

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
s390x
arpwatch-2.1a13-18.el5.s390x.rpm SHA-256: 32d127dedcad8893baeb6b0265a6f11c5969ffeeb55c381899ef8a496fa5276b
libpcap-0.9.4-11.el5.s390.rpm SHA-256: cb594342bcca06cdcef38f20f6a352f248d63058388e712652f97449cf05069b
libpcap-0.9.4-11.el5.s390x.rpm SHA-256: e2cd1ced0cbba651fbf2a5c2f49fea1f5ab884113129b9330b80e4d5381ba910
libpcap-devel-0.9.4-11.el5.s390.rpm SHA-256: 1bc46c44b6ad3f1b901be26b043d4b688e4e6d6df26ec14e95d8ca9f554e8c74
libpcap-devel-0.9.4-11.el5.s390x.rpm SHA-256: fbf854d6e86d960ec0398956b9fa7980280c9ccc8bb218b6179bf4c0ba15e945
tcpdump-3.9.4-11.el5.s390x.rpm SHA-256: db4ed385f5b45e7016431c8433bc583365844e820e5f0907484182e6b0062094

Red Hat Enterprise Linux for Power, big endian 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
ppc
arpwatch-2.1a13-18.el5.ppc.rpm SHA-256: 397370a35588afbbdcff1aec583489f76a12936ea3640c66f97bcd1b5078a821
libpcap-0.9.4-11.el5.ppc.rpm SHA-256: 4c35412d82972fd7aa63d6dbdd0a145d7d220a8fc9b4cc0689e55eca0cbcde1b
libpcap-0.9.4-11.el5.ppc64.rpm SHA-256: 1b08702429f792cf21b4ee9d034fc5962a46bd638737982f406e80466a650653
libpcap-devel-0.9.4-11.el5.ppc.rpm SHA-256: 6cf5dc55415f94cbee44379d651614abfa244346524019f7d9437d7192a72201
libpcap-devel-0.9.4-11.el5.ppc64.rpm SHA-256: 849845f4b1bbad26d117a440fe722d42f9345f11d63fbaa161f0a56185ba84ee
tcpdump-3.9.4-11.el5.ppc.rpm SHA-256: 0932b2b1208cf594777612d14531c606fbfdab34e53a5f1fe6c17f368bf953c8

Red Hat Enterprise Linux Server from RHUI 5

SRPM
tcpdump-3.9.4-11.el5.src.rpm SHA-256: d39d878475ca3228e7834f19d1ebee4bfd3a5f61e5224f22616f1bc78f50234a
x86_64
arpwatch-2.1a13-18.el5.x86_64.rpm SHA-256: 85c4e9cce71427a433abdbb042b143136700fdf6050787abcd2eece6263cccc9
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-0.9.4-11.el5.x86_64.rpm SHA-256: 348d8a6d280fd90dcdb40cba753cd6580a249f029098a7256b58165817fe565f
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
libpcap-devel-0.9.4-11.el5.x86_64.rpm SHA-256: a489a15cf696e33ab1c1df7d6eb6134341d1aec1bacab271e694cd369da8e84b
tcpdump-3.9.4-11.el5.x86_64.rpm SHA-256: 9265ab21a02bb7d25b686ba9463930c1da1ed44b74d08b413bba77b2b38f2951
i386
arpwatch-2.1a13-18.el5.i386.rpm SHA-256: 0959efb3483909b6683abe687d8d8b9e6576e72cee51e620df398315113ac9e2
libpcap-0.9.4-11.el5.i386.rpm SHA-256: f1ae989b78c414ce6150b0186b0cf60acb84377bd1042137027bdf0da8273957
libpcap-devel-0.9.4-11.el5.i386.rpm SHA-256: a9c0f82b1fb554ad991c3898529e5b564e79cd7d4a6109bea024aaddfba289f0
tcpdump-3.9.4-11.el5.i386.rpm SHA-256: 9db62c27ff671dbfec50a430ae21564a2d92779b6f0a528a9aad983e8352fdf4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.