Mandrake Linux Security Advisory : tcpdump (MDKSA-2003:027)
High Nessus Plugin ID 14011
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets.
SolutionUpdate the affected libpcap0, libpcap0-devel and / or tcpdump packages.