Scientific Linux Security Update : tcpdump on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE
802.11 processing code. An attacker could inject a carefully crafted
frame onto the IEEE 802.11 network that could crash a running tcpdump
session if a certain link type was explicitly specified.
(CVE-2007-1218)

An integer overflow flaw was found in tcpdump's BGP processing code.
An attacker could execute arbitrary code with the privilege of the
pcap user by injecting a crafted frame onto the network.
(CVE-2007-3798)

In addition, the following bugs have been addressed :

- if called with -C and -W switches, tcpdump would create
the first savefile with the privileges of the user that
executed tcpdump (usually root), rather than with ones
of the pcap user. This could result in the inability to
save the complete traffic log file properly without the
immediate notice of the user running tcpdump.

- the arpwatch service initialization script would exit
prematurely, returning a successful exit status
incorrectly and preventing the status command from
running in case networking is not available.

See also :

http://www.nessus.org/u?e5626042

Solution :

Update the affected arpwatch, libpcap and / or tcpdump packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60310 ()

Bugtraq ID:

CVE ID: CVE-2007-1218
CVE-2007-3798