mhc/tcpdump Updates for Debian
Posted on: 02/28/2003 10:21 PM
Two security patches for Debian GNU/Linux has been released:DSA-255-1 tcpdump -- infinite loop
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.
For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.
For the old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.Read moreDSA-256-1 mhc -- insecure temporary file
It has been discovered that adb2mhc from the mhc-utils package. The default temporary directory uses a predictable name. This adds a vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.Read more
For the stable distribution (woody) this problem has been fixed in version 0.25+20010625-7.1.
For the old stable distribution (potato) does not contain mhc packages.
For the unstable distribution (sid) this problem has been fixed in version 0.25+20030224-1.