This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Problem description :
Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE
802.11 processing code. If a certain link type was explicitly
specified, an attacker could inject a carefully crafted frame onto the
IEEE 802.11 network that could crash a running tcpdump session.
An integer overflow flaw was found in tcpdump's BGP processing code.
An attacker could execute arbitrary code with the privilege of the
pcap user by injecting a crafted frame onto the network.
In addition, the following bugs have been addressed :
- The arpwatch service initialization script would exit
prematurely, returning an incorrect successful exit
status and preventing the status command from running in
case networking is not available.
- Tcpdump would not drop root privileges completely when
launched with the
- -C option. This might have been abused by an attacker to
gain root privileges in case a security problem was
found in tcpdump. Users of tcpdump are encouraged to
specify meaningful arguments to the -Z option in case
they want tcpdump to write files with privileges other
than of the pcap user.
See also :
Update the affected arpwatch, libpcap and / or tcpdump packages.
Risk factor :
Medium / CVSS Base Score : 6.8